Edit tour

Windows Analysis Report
Untitled.eml

Overview

General Information

Sample name:	Untitled.eml
Analysis ID:	1510265
MD5:	b4c065f9992451d485a2689d671eccf2
SHA1:	f6d5deb107b9b7e9335d6535afd0a830163c29c8
SHA256:	1e1b973ca4e3ccda4f8d60852bdf774cbbfbceb0650ae3d2896a9254055a287e
Infos:

Detection

EvilProxy, HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Found malware configuration

Yara detected Evil Proxy Phishing kit

Yara detected HtmlPhish10

AI detected landing page (webpage, office document or email)

HTML page contains obfuscated javascript

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Phishing site or detected (based on various text indicators)

Suspicious MSG / EML detected (based on various text indicators)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Untitled.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6968 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C70CF28A-9FFD-4674-BA1A-06616D91DCB5" "89CCB6DE-E5DC-4D3D-B18A-CF50B3408BE8" "6976" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 3860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1860,i,18360248455873420918,7162207882499195062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

Threatname: Evil Proxy

{"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "", "urlx": "script.php", "lmode": "b"}

Yara Signatures

HTML

Source	Rule	Description	Author
63.85.id.script.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
71.93.i.script.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
70.92..script.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
63.5.pages.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
71.9.pages.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
63.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
71.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
63.6.pages.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
71.10.pages.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
63.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
71.10.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 6 entries

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6976, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Found malware configuration

Source: 63.85.id.script.csv

Malware Configuration Extractor: Evil Proxy {"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "", "urlx": "script.php", "lmode": "b"}

Phishing

AI detected phishing page

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	LLM: Score: 10 Reasons: The domain 'n2ns99.store' does not match the legitimate domain associated with Microsoft, and the subdomain 'hie4bqxikx' is randomly generated, indicating a high likelihood of a phishing site. DOM: 63.6.pages.csv
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	LLM: Score: 10 Reasons: The domain 'n2ns99.store' does not match the brand's official domain'microsoft.com'. The subdomain 'hie4bqxikx' is randomly generated and does not resemble any legitimate subdomain associated with Microsoft. The webpage's design and content are typical for a login page, but the URL and domain name suggest a phishing attempt or a fake login page. DOM: 71.9.pages.csv

Yara detected Evil Proxy Phishing kit

Source: Yara match	File source: 63.85.id.script.csv, type: HTML
Source: Yara match	File source: 71.93.i.script.csv, type: HTML
Source: Yara match	File source: 70.92..script.csv, type: HTML
Source: Yara match	File source: 63.5.pages.csv, type: HTML
Source: Yara match	File source: 71.9.pages.csv, type: HTML
Source: Yara match	File source: 63.6.pages.csv, type: HTML
Source: Yara match	File source: 71.10.pages.csv, type: HTML

Yara detected HtmlPhish10

Source: Yara match	File source: 63.5.pages.csv, type: HTML
Source: Yara match	File source: 71.9.pages.csv, type: HTML
Source: Yara match	File source: 63.6.pages.csv, type: HTML
Source: Yara match	File source: 71.10.pages.csv, type: HTML

HTML page contains obfuscated javascript

Source: https://hie4bqxikx.n2ns99.store/

HTTP Parser: var _0x17d0bb=_0x4400;function _0x4400(_0x33d568,_0x56aee1){var _0x28f930=_0x1e42();return _0x4

Phishing site detected (based on favicon image match)

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	Matcher: Template: microsoft matched with high similarity
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	Matcher: Template: microsoft matched
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	Matcher: Template: microsoft matched
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	Matcher: Template: microsoft matched
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.2

OCR Text: Download Sart Details My files Sterling Staffing Services, lnc c Activity Name Modified Modified By File size Sharing Guest Sernces ACCESS HERE TO REVIEW DOCUMENT.url 4 hours ago 56 bytes Shared

Suspicious MSG / EML detected (based on various text indicators)

Source: MSG / EML

OCR Text: This email originated outside of ASF/VCF CAUTION - EXTERNAL SENDER: ShareFile Attachments Expires September 7, 2025 Payment Advice Note From 09/11/24.pdf 4 MB VIEW SHARED DOCUMENT Kathy Moore uses ShareFile to share documents securely.l www.sterlin cols.com Sterling Staffing -Scrbiccs,

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Number of links: 0
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: Number of links: 0

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Title: 4E0YS1J0DDOO5BZFVZQX does not match URL
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: Title: 4E0YS1J0DDOO5BZFVZQX does not match URL

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Invalid link: Terms of use
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Invalid link: Terms of use
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: Invalid link: Privacy & cookies
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: Invalid link: Terms of use
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: Invalid link: Privacy & cookies

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: No <meta name="author".. found
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: No <meta name="author".. found
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: No <meta name="author".. found

Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	HTTP Parser: No <meta name="copyright".. found
Source: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49793 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:63367 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49926 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 13.107.136.10 13.107.136.10
Source: Joe Sandbox View	IP Address: 52.98.171.242 52.98.171.242
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gcCGHLE9ofX+PuM&MD=GceYxE7n HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_api/v2.1/graphql HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gcCGHLE9ofX+PuM&MD=GceYxE7n HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&TryNewExperienceSingle=TRUE HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ampsalon-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hie4bqxikx.n2ns99.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1
Source: global traffic	HTTP traffic detected: GET /m/9281dd0567d70f5aa562b0b45ccbdcb3.htm HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hie4bqxikx.n2ns99.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/cxx/AM3I9JXXS5AGK9MADE82K0ITI HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/sm/5LV7I36WP8Z00Z0H6B0UDQ1C6 HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/jx/UZ0SYTTR5JYTU14LPTZQ1A3OG HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/mlg.svg?M7I9QGGIQFLY6XC67QJTI6RDV HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/aty/FDLMJEPQ9UEWST9RLSMBHXOO6 HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/ecpt/0VISGKPVSYLFDQEU057ATPWHU HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/bxg/93L2L8XDRVX06KIQ5ZM1GZ44M HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/jx/UZ0SYTTR5JYTU14LPTZQ1A3OG HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/mlg.svg?M7I9QGGIQFLY6XC67QJTI6RDV HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://hie4bqxikx.n2ns99.storeSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hie4bqxikx.n2ns99.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/ecpt/0VISGKPVSYLFDQEU057ATPWHU HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/aty/FDLMJEPQ9UEWST9RLSMBHXOO6 HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/ic/BT44YHRE7AY8W6RYRZORUU4DU HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/script.php HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/ic/BT44YHRE7AY8W6RYRZORUU4DU HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /personal/guestservices_amomentspeace_com/_layouts/15/AccessDenied.aspx?correlation=2f944fa1%2Db019%2D0000%2D2bbc%2Dd3815ae37d20 HTTP/1.1Host: ampsalon-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkwZjZGcFBPRWNJSVh1NzRnd2xxdXRVazdibi9xN3ZZWjZCQVhqekZ0OVI4bkVSNXI1WGtjajBWUHQ2TGxxamFudlRlNmFTNjNIS1crRE9HWEgrVG83RVFmUnQxdTZNdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6f24742e4c17099c0bf3c84209f2165f HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ampsalon-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ampsalon-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?dbd09cf82f977c05f2fc13abeaec31b5 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ampsalon-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ampsalon-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6f24742e4c17099c0bf3c84209f2165f HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?dbd09cf82f977c05f2fc13abeaec31b5 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m/script.php HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
Source: global traffic	HTTP traffic detected: GET /m/script.php HTTP/1.1Host: hie4bqxikx.n2ns99.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm

Source: global traffic	DNS traffic detected: DNS query: ampsalon-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: hie4bqxikx.n2ns99.store
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: 6bfacd71a66bb0707070c71378f18542.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com

Source: chromecache_337.11.dr, chromecache_277.11.dr, chromecache_393.11.dr, chromecache_323.11.dr, chromecache_379.11.dr, chromecache_301.11.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_420.11.dr, chromecache_252.11.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_301.11.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Untitled.eml	String found in binary or memory: http://www.sterlingcols.com/
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_335.11.dr	String found in binary or memory: https://acctcdn.msauth.net/images/clear1x1.png
Source: Untitled.eml	String found in binary or memory: https://ampsalon-my.sharepoint.com/:f:/g/=
Source: ~WRS{E3495601-4D87-47E4-A164-D8AD5F937784}.tmp.1.dr	String found in binary or memory: https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMy
Source: Untitled.eml	String found in binary or memory: https://ampsalon-my.sharepoint.com/:f:=
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: chromecache_380.11.dr, chromecache_414.11.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_380.11.dr, chromecache_414.11.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_380.11.dr, chromecache_414.11.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_361.11.dr, chromecache_351.11.dr, chromecache_353.11.dr, chromecache_373.11.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_308.11.dr, chromecache_389.11.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: ~WRS{E3495601-4D87-47E4-A164-D8AD5F937784}.tmp.1.dr	String found in binary or memory: https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sterlingcols.com%2F&data=05%7C0
Source: chromecache_361.11.dr, chromecache_351.11.dr, chromecache_353.11.dr, chromecache_373.11.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_409.11.dr, chromecache_417.11.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_409.11.dr, chromecache_417.11.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_349.11.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_373.11.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://res-1-sdf.cdn.office.net
Source: chromecache_351.11.dr, chromecache_349.11.dr, chromecache_373.11.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_385.11.dr, chromecache_262.11.dr, chromecache_273.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-23.009/
Source: chromecache_262.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-23.009/spserviceworker.js
Source: chromecache_385.11.dr, chromecache_273.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-23.009/spwebworker.js
Source: chromecache_262.11.dr, chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-30.008/
Source: chromecache_262.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-30.008/stsserviceworkerprefetch/stsservicew
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-519bad2b
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-923e3d9a
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-3c64dae3
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-58e89b1d
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-87c310c7
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-848c845f
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-aa551099
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-b1569464
Source: chromecache_349.11.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-31d1b813
Source: chromecache_349.11.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-08-30.008/
Source: chromecache_349.11.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_349.11.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_349.11.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_344.11.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_351.11.dr, chromecache_373.11.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_265.11.dr, chromecache_278.11.dr, chromecache_304.11.dr, chromecache_399.11.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_349.11.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_349.11.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63372
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63369
Source: unknown	Network traffic detected: HTTP traffic on port 63372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 63370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 63371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49793 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.winEML@23/298@50/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240912T1233170831-6976.etl

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Untitled.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C70CF28A-9FFD-4674-BA1A-06616D91DCB5" "89CCB6DE-E5DC-4D3D-B18A-CF50B3408BE8" "6976" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1860,i,18360248455873420918,7162207882499195062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C70CF28A-9FFD-4674-BA1A-06616D91DCB5" "89CCB6DE-E5DC-4D3D-B18A-CF50B3408BE8" "6976" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1860,i,18360248455873420918,7162207882499195062,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'VIEW SHARED DOCUMENT' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'view shared document'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: chromecache_398.11.dr, chromecache_435.11.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_398.11.dr, chromecache_435.11.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	13 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe
https://getbootstrap.com/)	0%	URL Reputation	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/:f:/g/=	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/sm/5LV7I36WP8Z00Z0H6B0UDQ1C6	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula	0%	Avira URL Cloud	safe
https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_api/v2.1/graphql	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/bxg/93L2L8XDRVX06KIQ5ZM1GZ44M	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/graphs/contributors)	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/:f:=	0%	Avira URL Cloud	safe
https://northcentralus1-medias.svc.ms	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo	0%	Avira URL Cloud	safe
https://onedrive.live.com/?gologin=1	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2	0%	Avira URL Cloud	safe
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sterlingcols.com%2F&data=05%7C0	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/jx/UZ0SYTTR5JYTU14LPTZQ1A3OG	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/CSPReporting.aspx	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2	0%	Avira URL Cloud	safe
https://1drv.com/	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/mxl/mlg.svg?M7I9QGGIQFLY6XC67QJTI6RDV	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff	0%	Avira URL Cloud	safe
https://substrate.office.com	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold	0%	Avira URL Cloud	safe
https://tr-ooc-acdc.office.com/apc/trans.gif?dbd09cf82f977c05f2fc13abeaec31b5	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMy	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/AccessDenied.aspx?correlation=2f944fa1%2Db019%2D0000%2D2bbc%2Dd3815ae37d20	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2	0%	Avira URL Cloud	safe
https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive	0%	Avira URL Cloud	safe
https://onedrive.dev.cloud.microsoft	0%	Avira URL Cloud	safe
https://shellppe.msocdn.com	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/aty/FDLMJEPQ9UEWST9RLSMBHXOO6	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh	0%	Avira URL Cloud	safe
https://microsoft.spfx3rdparty.com	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/mxl/sig_op.svg	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/ic/BT44YHRE7AY8W6RYRZORUU4DU	0%	Avira URL Cloud	safe
https://tr-ooc-acdc.office.com/apc/trans.gif?6f24742e4c17099c0bf3c84209f2165f	0%	Avira URL Cloud	safe
https://reactjs.org/link/react-polyfills	0%	Avira URL Cloud	safe
https://onedrive.cloud.microsoft	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d	0%	Avira URL Cloud	safe
https://api.ipify.org/?format=json	0%	Avira URL Cloud	safe
https://shellprod.msocdn.com	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/ecpt/0VISGKPVSYLFDQEU057ATPWHU	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo	0%	Avira URL Cloud	safe
https://centralus1-mediad.svc.ms	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2	0%	Avira URL Cloud	safe
https://ampsalon-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	0%	Avira URL Cloud	safe
https://portal.office.com/	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/main/LICENSE)	0%	Avira URL Cloud	safe
https://clients.config.office.net/user/v1.0/web/policies	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff	0%	Avira URL Cloud	safe
https://hie4bqxikx.n2ns99.store/m/script.php	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff	0%	Avira URL Cloud	safe
http://fb.me/use-check-prop-types	0%	Avira URL Cloud	safe
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof	0%	Avira URL Cloud	safe
http://www.sterlingcols.com/	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2	0%	Avira URL Cloud	safe
https://livefilestore.com/	0%	Avira URL Cloud	safe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff	0%	Avira URL Cloud	safe
http://www.contoso.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
hie4bqxikx.n2ns99.store	209.74.66.140	true	false	unknown
www.google.com	216.58.212.132	true	false	unknown
api.ipify.org	172.67.74.152	true	false	unknown
HHN-efz.ms-acdc.office.com	52.98.171.242	true	false	unknown
FRA-efz.ms-acdc.office.com	52.98.179.178	true	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown
r4.res.office365.com	unknown	unknown	false	unknown
ampsalon-my.sharepoint.com	unknown	unknown	false	unknown
6bfacd71a66bb0707070c71378f18542.fp.measure.office.com	unknown	unknown	false	unknown
m365cdn.nel.measure.office.net	unknown	unknown	false	unknown
spo.nel.measure.office.net	unknown	unknown	false	unknown
upload.fp.measure.office.com	unknown	unknown	false	unknown
config.fp.measure.office.com	unknown	unknown	false	unknown
tr-ooc-acdc.office.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hie4bqxikx.n2ns99.store/m/sm/5LV7I36WP8Z00Z0H6B0UDQ1C6	true	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_api/v2.1/graphql	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm	true		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/bxg/93L2L8XDRVX06KIQ5ZM1GZ44M	true	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/jx/UZ0SYTTR5JYTU14LPTZQ1A3OG	true	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/	true		unknown
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/CSPReporting.aspx	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/mxl/mlg.svg?M7I9QGGIQFLY6XC67QJTI6RDV	true	Avira URL Cloud: safe	unknown
https://tr-ooc-acdc.office.com/apc/trans.gif?dbd09cf82f977c05f2fc13abeaec31b5	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/AccessDenied.aspx?correlation=2f944fa1%2Db019%2D0000%2D2bbc%2Dd3815ae37d20	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/9281dd0567d70f5aa562b0b45ccbdcb3.htm#	true		unknown
https://hie4bqxikx.n2ns99.store/m/aty/FDLMJEPQ9UEWST9RLSMBHXOO6	true	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://hie4bqxikx.n2ns99.store/m/mxl/sig_op.svg	true	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/ic/BT44YHRE7AY8W6RYRZORUU4DU	true	Avira URL Cloud: safe	unknown
https://tr-ooc-acdc.office.com/apc/trans.gif?6f24742e4c17099c0bf3c84209f2165f	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/ecpt/0VISGKPVSYLFDQEU057ATPWHU	true	Avira URL Cloud: safe	unknown
https://api.ipify.org/?format=json	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://hie4bqxikx.n2ns99.store/m/script.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/:f:/g/=	Untitled.eml	false	Avira URL Cloud: safe	unknown
https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48	chromecache_265.11.dr, chromecache_278.11.dr, chromecache_304.11.dr, chromecache_399.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/:f:=	Untitled.eml	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_301.11.dr	false	URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_380.11.dr, chromecache_414.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://northcentralus1-medias.svc.ms	chromecache_361.11.dr, chromecache_351.11.dr, chromecache_353.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/?gologin=1	chromecache_349.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sterlingcols.com%2F&data=05%7C0	~WRS{E3495601-4D87-47E4-A164-D8AD5F937784}.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://1drv.com/	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://substrate.office.com	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMy	~WRS{E3495601-4D87-47E4-A164-D8AD5F937784}.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.dev.cloud.microsoft	chromecache_409.11.dr, chromecache_417.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive	chromecache_349.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://shellppe.msocdn.com	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://microsoft.spfx3rdparty.com	chromecache_308.11.dr, chromecache_389.11.dr	false	Avira URL Cloud: safe	unknown
https://reactjs.org/link/react-polyfills	chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.cloud.microsoft	chromecache_409.11.dr, chromecache_417.11.dr	false	Avira URL Cloud: safe	unknown
https://shellprod.msocdn.com	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://centralus1-mediad.svc.ms	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://portal.office.com/	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_380.11.dr, chromecache_414.11.dr	false	Avira URL Cloud: safe	unknown
https://clients.config.office.net/user/v1.0/web/policies	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_380.11.dr, chromecache_414.11.dr	false	URL Reputation: safe	unknown
http://fb.me/use-check-prop-types	chromecache_337.11.dr, chromecache_277.11.dr, chromecache_393.11.dr, chromecache_323.11.dr, chromecache_379.11.dr, chromecache_301.11.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js	chromecache_349.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
http://www.sterlingcols.com/	Untitled.eml	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://livefilestore.com/	chromecache_351.11.dr, chromecache_373.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof	chromecache_344.11.dr	false	Avira URL Cloud: safe	unknown
http://www.contoso.com	chromecache_420.11.dr, chromecache_252.11.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.98.179.178	FRA-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.98.171.242	HHN-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
209.74.66.140	hie4bqxikx.n2ns99.store	United States	31744	MULTIBAND-NEWHOPEUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1510265
Start date and time:	2024-09-12 18:32:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Untitled.eml
Detection:	MAL
Classification:	mal100.phis.winEML@23/298@50/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.111.231.25, 52.111.231.26, 52.111.231.23, 52.111.231.24, 142.250.186.131, 172.217.18.14, 142.250.110.84, 34.104.35.123, 13.69.109.130, 23.57.23.230, 23.38.98.84, 23.38.98.96, 23.38.98.104, 2.16.241.15, 2.16.241.17, 20.189.173.11, 20.189.173.13, 20.189.173.16, 52.182.143.214, 13.89.179.8, 20.42.65.88, 104.18.186.31, 104.18.187.31, 172.217.16.131, 142.250.186.67, 51.132.193.105, 13.107.6.163, 172.217.16.202, 142.250.184.234, 172.217.16.138, 142.250.186.106, 142.250.185.106, 142.250.186.138, 142.250.186.74, 142.250.184.202, 142.250.185.202, 142.250.185.234, 142.250.186.170, 142.250.181.234, 142.250.185.170, 142.250.74.202, 142.250.185.138, 142.250.186.42, 142.250.184.227, 2.19.126.143, 2.19.126.146, 2.16.164.19, 2.16.164.49, 2.16.238.149, 2.16.238.152, 52.98.224.178, 52.98.229.2, 52.98.234.242, 52.98.226.242, 52.98.227.162, 52.97.233.50, 52.98.227.178, 52.98.228.18, 40.99.155.50, 52.97.201.18, 40.101.138.18, 40.99.220.130, 40.101.137.98, 40.101.137.50,
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, c02-weu-02-pp1.prd.bmc.teams.microsoft.com, clientservices.googleapis.com, res-1.cdn.office.net, browser.events.data.trafficmanager.net, cdg-mvp.trafficmanager.net, mobile.events.data.microsoft.com, clients2.google.com, onedscolprdcus16.centralus.cloudapp.azure.com, onedscolprdwus10.westus.cloudapp.azure.com, c01-neu-02-pp1.prd.bmc.teams.microsoft.com, shell.cdn.office.net, update.googleapis.com, www.gstatic.com, ecs.office.com, e40491.dscg.akamaiedge.net, fs.microsoft.com, pp1.prd.bmc.teams.microsoft.com, content-autofill.googleapis.com, cosmic-westeurope-ns-178319ed56c2.trafficmanager.net, pp1.prd.bmc.trafficmanager.net, e19254.dscg.akamaiedge.net, s-0005-office.config.skype.com, shell.cdn.office.net-c.edgekey.net.globalredir.akadns.net, nleditor.osi.office.net, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, onedscolprdwus12.westus.cloudapp.azure.com, onedscolprduks05.uksouth.cloudapp.azure.com, s-0005.s-msedge.net, ecs.off
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Untitled.eml

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
52.98.179.178	https://b00gjbzv.r.us-west-2.awstrack.me/L0/https:%2F%2Fwww.tiktok.com%2F%2F%2F%2F%2Flink%2Fv2%3Faid=1988%26lang=enpihd7s%26scene=bio_url%26target=google.com.%2F%2F%2F%2Famp%2Fs%2Fkarlandrade.com%2Fdayo%2Fapmvx%2F%5B$%E3%80%82%2Fa2FtYWwuY2hhb3VuaS1iZW5hYmRhbGxhaEBvdHRhd2EuY2E=/1/01010191d83030e0-aa44e6dc-4f95-4bca-9218-00962e0085b0-000000/IkggeFigBnAl5Bd98KeRPZVdH10=391	Get hash	malicious	HTMLPhisher	Browse
	https://burtpro-my.sharepoint.com/:f:/g/personal/bensmall_burtprocess_com/EjQqDBTPgTNIiAkareSOQFsBzQwuEIsE-StghZpYw03_2g?e=c16mWb	Get hash	malicious	HTMLPhisher	Browse
	My Info Tech Partner Executed Agreement Docs#186231(Revised).pdf	Get hash	malicious	HTMLPhisher	Browse
13.107.136.10	http://algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-Fw	Get hash	malicious	Unknown	Browse	algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-Fw
	http://bombeirosamora-my.sharepoint.com/:o:/g/personal/geral_comando_bombeirosamora_pt/EqT53jeWO6ZGkv1O_1FowosB2CSGfrKDmTZiEPPt31Ds7g	Get hash	malicious	HTMLPhisher	Browse	bombeirosamora-my.sharepoint.com/:o:/g/personal/geral_comando_bombeirosamora_pt/EqT53jeWO6ZGkv1O_1FowosB2CSGfrKDmTZiEPPt31Ds7g
	http://midlandlangarsevasociety-my.sharepoint.com/:w:/g/personal/sharon_bharaj_mlss_org_uk/EWiGFFYhPhtPjz5jsZdcRooBPGLh-q5SsgwgIhmP7JCmAg	Get hash	malicious	HTMLPhisher	Browse	midlandlangarsevasociety-my.sharepoint.com/:w:/g/personal/sharon_bharaj_mlss_org_uk/EWiGFFYhPhtPjz5jsZdcRooBPGLh-q5SsgwgIhmP7JCmAg
239.255.255.250	https://drive.google.com/file/d/1hLMDa8ExxGe0PYtL7YM5OZBLtBMMvZFb/view?usp=sharing	Get hash	malicious	Unknown	Browse
	FirstfedwebInv27-1486.html	Get hash	malicious	BlackHacker JS Obfuscator	Browse
	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse
	vm AUDIO_QzOXYQIfIQZ VOICE September 11th, 2024 attachment.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	http://www.nanpfund.com/	Get hash	malicious	Unknown	Browse
	https://ar4download.com/	Get hash	malicious	Unknown	Browse
	http://vis.newtelevision2dot0.site:25461/get.php?username=dD73CmcEPA&password=JKQWtzC0Yf&type=m3u&output=mpegts	Get hash	malicious	Unknown	Browse
	https://sesworld.com.au:443/it/mount/	Get hash	malicious	Unknown	Browse
	https://www.bdorgacare.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VlhaMk1rbz0mdWlkPVVTRVIwMjA5MjAyNFUwMzA5MDIyMg==	Get hash	malicious	Unknown	Browse
52.98.171.242	https://linestar-my.sharepoint.com/:f:/g/personal/crystal_linestar_ca/EgH5VvMfUqxCqthSlNI4dqsBrhZRILeELmLLYOjYesvYkg?e=AAEzrH&xsdata=MDV8MDJ8amFzb25zQHJvd21hcmsuY29tfGYyMzYyMTUzODQzNTRmMDQ4YTZlMDhkYzlhOThmYzRifGU3ODFmNDMxYjI1YTRhZDQ4MDYzYzQ2MGZhMGYwNTkyfDB8MHw2Mzg1NTUyMjkxNDY4MDA5NDN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=eHJQM1U2eTh2K29qQjIyQmFFMWRLUFN5Tm5kdHdhRTRKVDA0Nmo1dnYrST0%3d	Get hash	malicious	HTMLPhisher	Browse
	https://60787e6d.2d6833402ad75639fa4e0298.workers.dev/?email=kristine.sorensen@redwirespace.com	Get hash	malicious	HTMLPhisher	Browse
	https://www.dalmex.ru/bitrix/rk.php?id=19&event1=banner&event2=click&event3=1+%2F+%5B19%5D+%5Bindex_banner1%5D+%C1%E0%ED%ED%E5%F0+%ED%E0+%E3%EB%E0%E2%ED%EE%E9+%F1%F2%F0%E0%ED%E8%F6%E5+1&goto=https://marcus1644.hocoos.com/	Get hash	malicious	HTMLPhisher	Browse
	https://preview.webflow.com/preview/secure-document-59ad7d?utm_medium=preview_link&utm_source=designer&utm_content=secure-document-59ad7d&preview=9a2adf8bcbeeee4bfc926853e0f2eb24&workflow=preview	Get hash	malicious	HTMLPhisher	Browse
	Statement.xlsx	Get hash	malicious	HTMLPhisher	Browse
	carcept-prev@aftral.com receipt.htm	Get hash	malicious	HTMLPhisher	Browse
	https://venturelogistics028-my.sharepoint.com/:f:/g/personal/joseph_villa_chrebinson_com/EjDYBb2Q01tGtxDvDoxjL1oBzNghZjsEOxiMDcy4AvxLGw?e=9m5ZTH	Get hash	malicious	Unknown	Browse
	Re Account Suspension Notice N 926774436133.msg	Get hash	malicious	HTMLPhisher	Browse
	https://linkin.bi/o/filedoc	Get hash	malicious	HTMLPhisher	Browse
	https://johnaartsgroup-my.sharepoint.com/:f:/g/personal/jkruger_j-aar_com/EsuWZXCNupJNhcmJeJOdDVEBRN8QdutfO-N5og4Wi0zUog?e=szCi5a	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HHN-efz.ms-acdc.office.com	Play_VM-Now(Bstilz)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	40.99.150.34
	https://homedigital.cloud/YoM8n6uU7J/.d7g/3Ugx2oDrh4/aGVscGRlc2tAZ290ZWNobm9sb2dpeC5jb20=	Get hash	malicious	HTMLPhisher	Browse	52.98.152.194
	https://cloudsds1-my.sharepoint.com/:f:/g/personal/soumitra_cloudsds_com/Ei6OHXc0_bNHleZYwdiea4gBdHbOiJReQ2tSzcE567VwIQ?e=C01mZ0&xsdata=MDV8MDJ8ZGVzdGluLmNvbGVAeGNlbGVuZXJneS5jb218NGY4MDM5MDliNTcwNDQ5MDRmNTMwOGRjZDFkNTZmZTl8MjRiMmE1ODM1YzA1NGI2YWI0ZTk0ZTEyZGMwMDI1YWR8MHwwfDYzODYxNTk2MTg1OTEwMjA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bUh6aFliRUZYLzNBRGdPWk1kTFd6R0o5N3pKdkxXSnNpUVptVUFXZXYwZz0%3d	Get hash	malicious	HTMLPhisher	Browse	52.98.242.242
	https://van-hook-service.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	52.98.179.34
	https://b00gjbzv.r.us-west-2.awstrack.me/L0/https:%2F%2Fwww.tiktok.com%2F%2F%2F%2F%2Flink%2Fv2%3Faid=1988%26lang=enpihd7s%26scene=bio_url%26target=google.com.%2F%2F%2F%2Famp%2Fs%2Fkarlandrade.com%2Fdayo%2Fapmvx%2F%5B$%E3%80%82%2Fa2FtYWwuY2hhb3VuaS1iZW5hYmRhbGxhaEBvdHRhd2EuY2E=/1/01010191d83030e0-aa44e6dc-4f95-4bca-9218-00962e0085b0-000000/IkggeFigBnAl5Bd98KeRPZVdH10=391	Get hash	malicious	HTMLPhisher	Browse	52.98.228.50
	https://jtielectrical-my.sharepoint.com/:f:/g/personal/wwise_jtielectric_com/EiRUStVFyApDuTy9pUHQbzMB7Ixh_nngG6WTsOeTzF4k1w?e=MsJpM6	Get hash	malicious	Unknown	Browse	52.98.175.2
	PROPOSTA CONTRATTUALE.msg	Get hash	malicious	HTMLPhisher	Browse	52.98.243.50
	Play_VM-Now(Aaron.fisher)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	52.98.241.162
	Play_VM-NowCLQD.html	Get hash	malicious	HTMLPhisher	Browse	52.98.228.50
dual-spo-0005.spo-msedge.net	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse	13.107.136.10
	https://1drv.ms/b/c/7bab8803aa446446/EVRHiu8efYZAkD-YFD5xQmIBzT5hMnGkyiNpwrnOj-mH_g	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	https://purdue0-my.sharepoint.com/:b:/g/personal/smharrel_purdue_edu/EfkZDXWGfClCplaGiKthQoUBK8GXZs5ymE-vf6tacU7vPA?e=VQBHbe	Get hash	malicious	HtmlDropper	Browse	13.107.136.10
	https://sglfunding-my.sharepoint.com/:f:/g/personal/sbramley_sglfunding_co_nz/Eiwj1cmjgL9BvaM3wffUrqwBh25EOgbXJeDEjL1RuYijSg?e=akMguD	Get hash	malicious	Unknown	Browse	13.107.136.10
	https://edgecombe0-my.sharepoint.com/:f:/g/personal/culbertsona_edgecombe_edu/EvGBKLX7bMFBnDTuoIGqwggBXiXCblWwNG8YRTgaf1y1lQ?e=va7LD8	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	https://dyconohio-my.sharepoint.com/:f:/g/personal/securedocument_dynamicconstruction_net/Ek90znp0_79Kh28S84WBzzMBMK5kw-vhTWqq4yzYIkmQhw?e=Ce4toD&c=E,1,g4v-x3OikaZhgKzXs-n8PgrfJ4KGJQRo7EeVX7S3efUISO2N4Cu8cBgVGnC_9QGFvFwXCnNShJcL7ha_so-3f4RSCZsNYNw1I1ioB52VCA,,&typo=1&d=DwMFAg	Get hash	malicious	Unknown	Browse	13.107.136.10
	https://cloudsds1-my.sharepoint.com/:f:/g/personal/soumitra_cloudsds_com/Ei6OHXc0_bNHleZYwdiea4gBdHbOiJReQ2tSzcE567VwIQ?e=C01mZ0&xsdata=MDV8MDJ8ZGVzdGluLmNvbGVAeGNlbGVuZXJneS5jb218NGY4MDM5MDliNTcwNDQ5MDRmNTMwOGRjZDFkNTZmZTl8MjRiMmE1ODM1YzA1NGI2YWI0ZTk0ZTEyZGMwMDI1YWR8MHwwfDYzODYxNTk2MTg1OTEwMjA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bUh6aFliRUZYLzNBRGdPWk1kTFd6R0o5N3pKdkxXSnNpUVptVUFXZXYwZz0%3d	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	https://jtielectrical-my.sharepoint.com/:f:/g/personal/wwise_jtielectric_com/EiRUStVFyApDuTy9pUHQbzMB7Ixh_nngG6WTsOeTzF4k1w?e=MsJpM6	Get hash	malicious	Unknown	Browse	13.107.136.10
	PROPOSTA CONTRATTUALE.msg	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
api.ipify.org	signed contract and order confirmation.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	MV TBN CALL PORT FOR LOADING COAL_pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	documento de envio para fatura n#U00ba 52-FK-24.pdf.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	YMLUI275163148 - BL.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	KeB00e9poi.msi	Get hash	malicious	Unknown	Browse	104.26.12.205
	4TLr2kKeuX.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	DEMURRAGE INVOICE.bat.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	WOOYANG VENUS PARTICULARS.docx.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Updated Pricelist.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	MV TBN 58 SHIP PARTICULARS.01.pdf.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
FRA-efz.ms-acdc.office.com	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse	52.98.179.98
	https://login.secsignerservices.com/WKSsWyQJ	Get hash	malicious	HTMLPhisher	Browse	40.99.149.178
	https://edgecombe0-my.sharepoint.com/:f:/g/personal/culbertsona_edgecombe_edu/EvGBKLX7bMFBnDTuoIGqwggBXiXCblWwNG8YRTgaf1y1lQ?e=va7LD8	Get hash	malicious	HTMLPhisher	Browse	52.98.179.114
	original.eml	Get hash	malicious	HTMLPhisher	Browse	52.97.189.66
	https://b00gjbzv.r.us-west-2.awstrack.me/L0/https:%2F%2Fwww.tiktok.com%2F%2F%2F%2F%2Flink%2Fv2%3Faid=1988%26lang=enpihd7s%26scene=bio_url%26target=google.com.%2F%2F%2F%2Famp%2Fs%2Fkarlandrade.com%2Fdayo%2Fapmvx%2F%5B$%E3%80%82%2Fa2FtYWwuY2hhb3VuaS1iZW5hYmRhbGxhaEBvdHRhd2EuY2E=/1/01010191d83030e0-aa44e6dc-4f95-4bca-9218-00962e0085b0-000000/IkggeFigBnAl5Bd98KeRPZVdH10=391	Get hash	malicious	HTMLPhisher	Browse	52.98.179.178
	PROPOSTA CONTRATTUALE.msg	Get hash	malicious	HTMLPhisher	Browse	52.98.252.130
	Play_VM-Now(Aaron.fisher)CLQD2.html	Get hash	malicious	HTMLPhisher	Browse	52.98.252.66
	https://b00gjbzv.r.us-west-2.awstrack.me/L0/https://www.tiktok.com/////link/v2?aid=1988&lang=enpihd7s&scene=bio_url&target=google.com.////amp/s/karlandrade.com/dayo/apmvx/%5B$%E3%80%82/YWNhYmVyb0BidXJuc21jZC5jb20=/1/01010191d7358f23-01744765-7af5-4eed-8446-de1b584459e4-000000/m-sFuLTWhbEYMC52sHOqVlTWLLE=391	Get hash	malicious	HTMLPhisher	Browse	52.97.189.98
	https://atiguesconstruction-my.sharepoint.com/:f:/g/personal/nartigues_artiguesconstruction_com/Elezf74k885Bs1Su18MKsokBXolnLvxbVc_Ow6itYDUEWA?e=J4Wars	Get hash	malicious	HTMLPhisher	Browse	52.98.178.242

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	FirstfedwebInv27-1486.html	Get hash	malicious	BlackHacker JS Obfuscator	Browse	13.107.42.22
	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse	20.42.73.31
	vm AUDIO_QzOXYQIfIQZ VOICE September 11th, 2024 attachment.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	150.171.28.10
	https://www.lsswis.org/	Get hash	malicious	Unknown	Browse	13.107.42.14
	tmNB51skaY.elf	Get hash	malicious	Mirai	Browse	20.183.203.95
	https://digitalentreprise.fr/	Get hash	malicious	Unknown	Browse	150.171.29.10
	QvTbUiFWlo.elf	Get hash	malicious	Mirai	Browse	70.37.124.45
	Play_VM-Now(Bstilz)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	40.99.150.34
	http://url7829.pcsrdesk.com/ls/click?upn=u001.nbKFt0-2FCe8GqWYb6aRzVSspOoKxL-2B8Qs9N3b7IrNTNDWMvcMhiA0nesbfLr2sei5CzkpSMzLWSWF6HncRdiGtg-3D-3D3Quc_lRrqvesR31n2Jd-2F2RHkH2Oyxsj6DYni9hLycG-2BZMPiwT52INXkXFJFdGxwHqWOl1wtdwZv3Bdl70zAjq7OcHd3nyjQMF2NWsfXMLYzmzYPI6lcfPEJHv6oLujrNWdmvsWEsaXC7hqLYtukvEnVFo4o6evK8IyRCBeFCnXKPhaXeupwSBBHtjhkAFCPijiWWPcKxUV5cvnZ1jRDopgzBTbiKurvPdsCjkOZWaa9rSYnV1yAbnweIgY88mkGZrqcIbEZhPXLnQf4Ebzp9e7psnHwhG8D8dwfodNomEUUW5b9CmnUlAD4m1s7ScSAO-2BUDg82RDksTC4vqh-2BOv6PLntyXg-2FAoT8u9hucZ8Toc7lKE-2B6LoVuTd6rsL-2BVtM82MjQoIrFqj47AzncpfeAdkwaD-2BUv-2B97UVK0WwuuWGQwXYMpNPwReBaLHQXct4rvvTjxBaX6cyRenJkyOvlvV5MJ6825voPwUNN3DQVuCkUl5uL23MT3UFL3sYUHDZsSClBM-2F-2B1ID-2BVnW7eLbjwGvKQNa1BosXFeYEshcbLLk2xJ3LkEc6Jvw59rK0WEk3cY6BcW4OqnflGq2qlKuU-2BGzZ2ZxGruTSpTwyLuKWW2sShDhrEcEZae9KicZxCLnescCqOI3MrKitci97bZbmjjYcvFjx7wn9trX3nDNVCdRVpbS9ZF-2FJFgDH13QMNYOop3SVxK4UI5hEpFVtrtrPvw9y2rNqrdtT59jIqxv6UaCcjkKylcS3rFCrK8XwQxaoSKhkDO5cGCOHmNnRVjNA-2BeJ3l8um-2BnxFvIwHtSA-2BYeMAJrv0sH8ri4VTchIMXUQJaILxpZ6v31qXVSuUmS37g2jO-2BioNsFnkWQWxO3wehc7npsHV6J6w-3D	Get hash	malicious	Unknown	Browse	13.107.6.156
MULTIBAND-NEWHOPEUS	EF520_B18Payment_2600_D3781_N3895_L1029_H482_X4782_E3819.exe	Get hash	malicious	Unknown	Browse	209.74.95.146
	https://lookerstudio.google.com/s/u2hbu8O7xHg	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	209.74.66.141
	ibero.bat	Get hash	malicious	SilverRat	Browse	209.74.95.136
	CY51PaymentAUG-38122-507-783-17531I-39UW-J471-3017-3C762-M732.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	209.74.95.146
	H#Payment03-28S2-J5892-C938-KL105-DN782-FN823-CD47912-SC8923-19574.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	209.74.95.146
	X4kQxc5ZQW	Get hash	malicious	Unknown	Browse	209.74.85.117
	e8AjLx6Lex	Get hash	malicious	Mirai	Browse	209.74.85.106
MICROSOFT-CORP-MSN-AS-BLOCKUS	FirstfedwebInv27-1486.html	Get hash	malicious	BlackHacker JS Obfuscator	Browse	13.107.42.22
	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse	20.42.73.31
	vm AUDIO_QzOXYQIfIQZ VOICE September 11th, 2024 attachment.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	150.171.28.10
	https://www.lsswis.org/	Get hash	malicious	Unknown	Browse	13.107.42.14
	tmNB51skaY.elf	Get hash	malicious	Mirai	Browse	20.183.203.95
	https://digitalentreprise.fr/	Get hash	malicious	Unknown	Browse	150.171.29.10
	QvTbUiFWlo.elf	Get hash	malicious	Mirai	Browse	70.37.124.45
	Play_VM-Now(Bstilz)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	40.99.150.34
	http://url7829.pcsrdesk.com/ls/click?upn=u001.nbKFt0-2FCe8GqWYb6aRzVSspOoKxL-2B8Qs9N3b7IrNTNDWMvcMhiA0nesbfLr2sei5CzkpSMzLWSWF6HncRdiGtg-3D-3D3Quc_lRrqvesR31n2Jd-2F2RHkH2Oyxsj6DYni9hLycG-2BZMPiwT52INXkXFJFdGxwHqWOl1wtdwZv3Bdl70zAjq7OcHd3nyjQMF2NWsfXMLYzmzYPI6lcfPEJHv6oLujrNWdmvsWEsaXC7hqLYtukvEnVFo4o6evK8IyRCBeFCnXKPhaXeupwSBBHtjhkAFCPijiWWPcKxUV5cvnZ1jRDopgzBTbiKurvPdsCjkOZWaa9rSYnV1yAbnweIgY88mkGZrqcIbEZhPXLnQf4Ebzp9e7psnHwhG8D8dwfodNomEUUW5b9CmnUlAD4m1s7ScSAO-2BUDg82RDksTC4vqh-2BOv6PLntyXg-2FAoT8u9hucZ8Toc7lKE-2B6LoVuTd6rsL-2BVtM82MjQoIrFqj47AzncpfeAdkwaD-2BUv-2B97UVK0WwuuWGQwXYMpNPwReBaLHQXct4rvvTjxBaX6cyRenJkyOvlvV5MJ6825voPwUNN3DQVuCkUl5uL23MT3UFL3sYUHDZsSClBM-2F-2B1ID-2BVnW7eLbjwGvKQNa1BosXFeYEshcbLLk2xJ3LkEc6Jvw59rK0WEk3cY6BcW4OqnflGq2qlKuU-2BGzZ2ZxGruTSpTwyLuKWW2sShDhrEcEZae9KicZxCLnescCqOI3MrKitci97bZbmjjYcvFjx7wn9trX3nDNVCdRVpbS9ZF-2FJFgDH13QMNYOop3SVxK4UI5hEpFVtrtrPvw9y2rNqrdtT59jIqxv6UaCcjkKylcS3rFCrK8XwQxaoSKhkDO5cGCOHmNnRVjNA-2BeJ3l8um-2BnxFvIwHtSA-2BYeMAJrv0sH8ri4VTchIMXUQJaILxpZ6v31qXVSuUmS37g2jO-2BioNsFnkWQWxO3wehc7npsHV6J6w-3D	Get hash	malicious	Unknown	Browse	13.107.6.156
MICROSOFT-CORP-MSN-AS-BLOCKUS	FirstfedwebInv27-1486.html	Get hash	malicious	BlackHacker JS Obfuscator	Browse	13.107.42.22
	https://nmgovdot-my.sharepoint.com/:f:/g/personal/brian_filip_nmgov_co/EopUqBu8fqpOvw_R7W8qXnEBWw032PoWoE-pjka6mBLMVw?e=G3klTx	Get hash	malicious	HtmlDropper	Browse	20.42.73.31
	vm AUDIO_QzOXYQIfIQZ VOICE September 11th, 2024 attachment.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	150.171.28.10
	https://www.lsswis.org/	Get hash	malicious	Unknown	Browse	13.107.42.14
	tmNB51skaY.elf	Get hash	malicious	Mirai	Browse	20.183.203.95
	https://digitalentreprise.fr/	Get hash	malicious	Unknown	Browse	150.171.29.10
	QvTbUiFWlo.elf	Get hash	malicious	Mirai	Browse	70.37.124.45
	Play_VM-Now(Bstilz)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	40.99.150.34
	http://url7829.pcsrdesk.com/ls/click?upn=u001.nbKFt0-2FCe8GqWYb6aRzVSspOoKxL-2B8Qs9N3b7IrNTNDWMvcMhiA0nesbfLr2sei5CzkpSMzLWSWF6HncRdiGtg-3D-3D3Quc_lRrqvesR31n2Jd-2F2RHkH2Oyxsj6DYni9hLycG-2BZMPiwT52INXkXFJFdGxwHqWOl1wtdwZv3Bdl70zAjq7OcHd3nyjQMF2NWsfXMLYzmzYPI6lcfPEJHv6oLujrNWdmvsWEsaXC7hqLYtukvEnVFo4o6evK8IyRCBeFCnXKPhaXeupwSBBHtjhkAFCPijiWWPcKxUV5cvnZ1jRDopgzBTbiKurvPdsCjkOZWaa9rSYnV1yAbnweIgY88mkGZrqcIbEZhPXLnQf4Ebzp9e7psnHwhG8D8dwfodNomEUUW5b9CmnUlAD4m1s7ScSAO-2BUDg82RDksTC4vqh-2BOv6PLntyXg-2FAoT8u9hucZ8Toc7lKE-2B6LoVuTd6rsL-2BVtM82MjQoIrFqj47AzncpfeAdkwaD-2BUv-2B97UVK0WwuuWGQwXYMpNPwReBaLHQXct4rvvTjxBaX6cyRenJkyOvlvV5MJ6825voPwUNN3DQVuCkUl5uL23MT3UFL3sYUHDZsSClBM-2F-2B1ID-2BVnW7eLbjwGvKQNa1BosXFeYEshcbLLk2xJ3LkEc6Jvw59rK0WEk3cY6BcW4OqnflGq2qlKuU-2BGzZ2ZxGruTSpTwyLuKWW2sShDhrEcEZae9KicZxCLnescCqOI3MrKitci97bZbmjjYcvFjx7wn9trX3nDNVCdRVpbS9ZF-2FJFgDH13QMNYOop3SVxK4UI5hEpFVtrtrPvw9y2rNqrdtT59jIqxv6UaCcjkKylcS3rFCrK8XwQxaoSKhkDO5cGCOHmNnRVjNA-2BeJ3l8um-2BnxFvIwHtSA-2BYeMAJrv0sH8ri4VTchIMXUQJaILxpZ6v31qXVSuUmS37g2jO-2BioNsFnkWQWxO3wehc7npsHV6J6w-3D	Get hash	malicious	Unknown	Browse	13.107.6.156

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://drive.google.com/file/d/1hLMDa8ExxGe0PYtL7YM5OZBLtBMMvZFb/view?usp=sharing	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	vm AUDIO_QzOXYQIfIQZ VOICE September 11th, 2024 attachment.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	http://www.nanpfund.com/	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	https://ar4download.com/	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	https://www.bdorgacare.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VlhaMk1rbz0mdWlkPVVTRVIwMjA5MjAyNFUwMzA5MDIyMg==	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	http://url7829.pcsrdesk.com/ls/click?upn=u001.nbKFt0-2FCe8GqWYb6aRzVSspOoKxL-2B8Qs9N3b7IrNTNDWMvcMhiA0nesbfLr2sei5CzkpSMzLWSWF6HncRdiGtg-3D-3Dd1IV_PBm3xKPXITlLipppzFDXCirI58RSdMKdXdG-2F80SohbBy4zq53iNVTA5ei1o8HwzpS93FlvZ275SNJFmlTeRSpI8EUZ4xHQqPo8gDvVG2BEHNznD1ry3PWBBHGL6G0-2BrzMelUuaUp9ztyBG3043BYwIdAYuOH3xNZvMfwqdVCLRE3AF7pMJ-2FMZtqfsuyRf2sjgMjsT1YXN9CTKoqmwN-2FAW6hETjOVm0QS9VoHqiLVjrTRrBJcX-2BcDm2Z1X9OF7ehMOfPQ3evnGTEtoWkAk-2Bh7ORnv-2Fj2fQjC2p7H5-2FCkdn4Mpv5fBX6ZZ5RswUz6VRlnrB7mOCBabsE2DJMUHfAb3vgLhZdV2viCUsGG-2BHUJzT24sSm1337AgZrFc-2BvtX8zUghrJUabZ-2ByMWOT5Lh46BgD0M8clhcSRb3zqPnMEmzDOEM1TbAL0M8z0-2FJKRsfPcVAqIMmOpK-2FPO1TrpSTvmrU-2BVP1fURRCEyX1PrI29lcVLFWonx9AnPvlFgSTSwoBrq2ilDwXPS8Cl-2B6YQGebYmy6SdCjN-2B7ahp-2FnbrrpNfLSsm5cLkcOtk9OG1tnApG7l7ngD40KKnNlcGsG86mZ3rqwaEYKfEIGmifKLU23sQguKhcISeAE32aHj0dKUn1j3Gt9L-2FpxcoQ-2B1JEVN6VCqf1i6gitCRd17fUf9xvlxVmVudH3iZULVl3mRZz3YdKEnPYkveXaSWcTdVwY3-2BI6MY6EMPmC9rVkdOa3Grj5lNwi3dHAoYjqYOVnMa5PFeRHliiZgtLD1engEGaKd7qhhJVt8zOyibK1DjClIo7VbPkVTmx4Xu1R62oVmw5HBwZEHksYA0eh4y1sEIIeLaVgP52DQ-3D-3D	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	https://profile.datasbase.click/administration.html?now=Angela.Tremblay@CSC-SCC.GC.CA	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	http://url7829.pcsrdesk.com/ls/click?upn=u001.nbKFt0-2FCe8GqWYb6aRzVSspOoKxL-2B8Qs9N3b7IrNTNDWMvcMhiA0nesbfLr2sei5CzkpSMzLWSWF6HncRdiGtg-3D-3Depjf_Iw3cex3ZqTITszazbri0K-2FC6JX9CYcSKeNEkHAD5yqLsyD40a8pdQeubh5eh65p8UWVnJYpmbNi4BEl2mHF7eCQ-2FecEyeftHVzEYyT4NHcqNcqCJLjf1XRDH630GoNx70cuNZz5POYp9-2BqFLTo8y7ihDDU3kAVg-2FPsVVQJG2nwQDDTKBTm26VVzvCbds3WN7nYVB9LxL-2FyxZLPQ5UnpJzHXFwotm0-2BO9-2BTbaL6c81yivS9jvMAjDlyPwMKHDOkT2ZA9ppkt7uWMfkl5H0Z2Mp9kUufr4F-2FVhuugfMM1U-2FgRrGbyHHh3LOh0dXsc0VYHm6jsPKxv4l-2FbnpDiizlXu8mFqKMFgwR1xWBYr8NQAUFZG-2BSWHgm9DWgXaI-2F5h6FYnzlDAqprfEYlTqckwUC1MqgO2Ja6X41xqyke1o-2BaSlvLQXI0rAL1nFy1VPzJYLR0-2BIJk5NKQ-2Fjb-2FFyn9zv-2Fq-2FfdBsztBKKWCBYi7XeJM-2FivOTrrWUbD2VYbwqrpg1y7znL10SQbyrWDfP8hHkZ5rnFfcKuQ-2BpAizc-2FunPcTwL-2B-2FU0cxOMGLeY6JTMlgiuaCIyIu-2B2x3vah-2B5ARLzG2Lch8k2-2FOlKGfOCh8dOY53sX3zBM3HudvdmANsn0iMODjyfdDzekW02-2B8hRFUwcBOjndWCElGAQTgy1auVik7xT-2FxnERpcR8wxKKW-2BYUWgejF9obdSwL8Xzbe2KIZXpwagsBHc0ZsYtLAMVn3OGiyTMwQw5kZV6XKn3xK9LkmAdvyz8HN7jXgrus32COEwOVhC7aSpisZ175hOiStlmDZTS-2FYsN8h0eMkADTrPRa-2FLhCFn58l8jf0zX4-2B90FyrKW5nHPAp9iBSEXm-2F6Gq8YNkqJbm8o-3D&c=E,1,-YhqrxALbOoF7IYLASSHnoG1WrToqWwedPF4140vsVzLoA8fupXcjEywNR8DEHCUyf-RZJcaCTQyfQGcFjeKaaGjBD2d0iZLNR9P1EHQZCRRc6jDHlA_zd51Tg,,&typo=1	Get hash	malicious	Unknown	Browse	40.126.32.133 184.28.90.27 52.165.165.26
	Play_VM-Now(Ksattorneys)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	40.126.32.133 184.28.90.27 52.165.165.26

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.385400632681125
Encrypted:	false
SSDEEP:	3072:eCpgCQlHgfmiGu2rBqoQirt0Fvm+nDM39gV:eC3Gami2rk7nDM39q
MD5:	8E06AC48B04ADF427D80BA73BD8BC4FE
SHA1:	CCB3263522688FBD427C74A6FC1C5E832D5043D7
SHA-256:	2976FDDE9367109ABDF6F14293CFAEC234091F2EB3F0429B3A79AF8F80020968
SHA-512:	E06A1DF14C5F99CA9FE8190F8DC5B8F6709EAFDBCFC969A0BBF3989B02489FA056E23C43B22F281EE15042F641D4F576C02F0A09E53E355855A3DACD02AEA85E
Malicious:	false
Reputation:	low
Preview:	TH02...... ...*n1.......SM01X...,....3.n1...........IPM.Activity...........h...............h............H..hL.......n.<U...h..........C.H..h\cal ...pDat...h.U@.0..........h6.=../........h........_`Pk...h..=@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h.{.E..........#h....8.........$h..C.....8....."h..3......3...'h..............1h6.=<.........0h....4....Uk../h....h.....UkH..h 4/.p...L.....-h ............+h..=....@................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 12 15:33:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9793943957460165
Encrypted:	false
SSDEEP:	48:83LdIWToybpqWHxidAKZdA1FehwiZUklqehGy+3:8333Fdy
MD5:	D9DEC103F80028DB95205522CBABD1F7
SHA1:	3CF8AA30A684673B40DD982794EF3C6F57823A98
SHA-256:	65B3971D983D1D191C528E8074F910E34685A56D20A0E327BC8F41194640B7C7
SHA-512:	ABA656F806A0260A546F0750D24E6EF55003449982A2DDCEE1F49FB54F73BFD310AB8E87646CF8770E0A6A6D8AB6E68F4BDAED3CA352E1CBC57D570429738199
Malicious:	false
Preview:	L..................F.@.. ...$+.,....+./.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I,Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Y-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Y-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Y-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Y/............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........iSn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	RFC 822 mail, ASCII text, with very long lines (998), with CRLF line terminators
Entropy (8bit):	6.106601008855716
TrID:	E-Mail message (Var. 5) (54515/1) 100.00%
File name:	Untitled.eml
File size:	122'728 bytes
MD5:	b4c065f9992451d485a2689d671eccf2
SHA1:	f6d5deb107b9b7e9335d6535afd0a830163c29c8
SHA256:	1e1b973ca4e3ccda4f8d60852bdf774cbbfbceb0650ae3d2896a9254055a287e
SHA512:	9b561f4824af7d9273aa1e69bcea1719aee80c86eefa23901ad0b725fcc999c30ae966eb1fc863b809ed6e1f3671e428c8250fe1fc3bbf1fa179ca1ffb115916
SSDEEP:	3072:UJ35vMsNt8qJz4NtjcWCQivh86WVPIGms7NL00WVe9Rw:UssQqZWUh+AENnie9Rw
TLSH:	7CC3D0388A8B57EADE77A6DD5D096C4F1D6121DB6282C8DD780DA3F223AA4341F4DC70
File Content Preview:	Received: from SJ0PR17MB4712.namprd17.prod.outlook.com (::1) by.. BY1PR17MB6805.namprd17.prod.outlook.com with HTTPS; Thu, 12 Sep 2024 13:44:12.. +0000..Received: from DM6PR02CA0095.namprd02.prod.outlook.com (2603:10b6:5:1f4::36).. by SJ0PR17MB4712.namprd

Subject:	Payment Advice Note from 09/11/2024.
From:	K Moore <kathy@sterlingcols.com>
To:	K Moore <kathy@sterlingcols.com>
Cc:
BCC:
Date:	Thu, 12 Sep 2024 13:42:58 +0000
Communications:	CAUTION - EXTERNAL SENDER: This email originated outside of ASF/VCF [cid:image001.png@01DB0513.D59DFCE0]<https://ampsalon-my.sharepoint.com/:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t> Just a heads up. Thanks, Kathy Moore Director of Client Services Sterling Staffing Services, Inc. Office: 614-452-5998 Cell: 614-940-7779 www.sterlingcols.com<http://www.sterlingcols.com/> [cid:image002.jpg@01DB0514.26EB9620]
Attachments:	image001.png image002.jpg

Key	Value
Received	from MBX082-W7-CO-4.EXCH082.serverpod.net ([10.224.169.146]) by MBX082-W7-CO-4.EXCH082.serverpod.net ([10.224.169.146]) with mapi id 15.02.1544.011; Thu, 12 Sep 2024 06:42:58 -0700
Authentication-Results	spf=pass (sender IP is 64.78.33.177) smtp.mailfrom=sterlingcols.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=sterlingcols.com;compauth=pass reason=109
Received-SPF	Pass (protection.outlook.com: domain of sterlingcols.com designates 64.78.33.177 as permitted sender) receiver=protection.outlook.com; client-ip=64.78.33.177; helo=aesdomtco11b.serverdata.net; pr=C
From	K Moore <kathy@sterlingcols.com>
To	K Moore <kathy@sterlingcols.com>
Subject	Payment Advice Note from 09/11/2024.
Thread-Topic	Payment Advice Note from 09/11/2024.
Thread-Index	AdsFFPVaDB8ZSkuaSbWt7BvImU6rOQ==
Date	Thu, 12 Sep 2024 13:42:58 +0000
Message-ID	<ff8b00f3b7cd4f37a0c3163f2b6b84ef@sterlingcols.com>
Accept-Language	en-US
Content-Language	en-US
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator
x-originating-ip	[104.210.207.3]
x-source-routing-agent	True
Content-Type	multipart/related; boundary="_005_ff8b00f3b7cd4f37a0c3163f2b6b84efsterlingcolscom_"; type="multipart/alternative"
X-CMAE-Score	0
X-CMAE-Analysis	v=2.4 cv=f75buc+M c=1 sm=1 tr=0 ts=66e2efe8 a=2fuxhAgnKTHiPOJrPQJ48g==:117 a=kjuy6fLy7_EA:10 a=EaEq8P2WXUwA:10 a=iO-L8NgeAAAA:20 a=MgBEL-7wAAAA:8 a=d1EcYXM5mhrxmwUqb64A:9 a=CjuIK1q_8ugA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=8KwbvZ36yxQvWL2W7BsA:9 a=DqI3HrVViKvM_bm0:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 a=lqcHg5cX4UMA:10 a=tNr7NL14BUE_sRLJ3gsA:9 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=-HAjFB1MHtTyBAwGKnMA:9 a=KQqxNPgzF0kA:10 a=VEiTNn8F7TgA:10 a=S3OkDnotATYcLlG19rE9:22
Spam-Stopper-Id	b8f500a1-8bc7-4517-af59-d5d179b55670
Spam-Stopper-v2	Yes
X-Envelope-Mail-From	kathy@sterlingcols.com
X-AES-Category	LEGIT
X-Spam-Reasons	{'verdict': 'clean', 'spamcause': 'gggruggvucftvghtrhhoucdtuddrgeeftddrudejfedgieekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecukffpvffgtffogfffkfetpdfqfgfvnecuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenogetfedtuddqtdduucdludehmdenucfjughrpefhvffuthffkfhitgggsehrtdhjredttddvnecuhfhrohhmpefmucfoohhorhgvuceokhgrthhhhiesshhtvghrlhhinhhgtgholhhsrdgtohhmqeenucggtffrrghtthgvrhhnpeehtdfhfeeutdehtdduteefheegvdduhfevheegtdefleffteefvddvjeejleehueenucffohhmrghinhepshhhrghrvghpohhinhhtrdgtohhmpdhsthgvrhhlihhnghgtohhlshdrtghomhenucfkphepuddtgedrvddutddrvddtjedrfeenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhepihhnvghtpefpohhnvgdpmhgrihhlfhhrohhmpehkrghthhihsehsthgvrhhlihhnghgtohhlshdrtghomhdpnhgspghrtghpthhtohephedtpdhrtghpthhtohepfihfohhsthgvrhesrgdulhhumhhpvghrshdrtghomhdprhgtphhtthhopehvghhrihhllhhosegrtggtvghsshgtrghpihhtrghlrdgtohhmpdhrtghpthhtohepvhhinhgvlhgrnhgusegrtggtuhhsthgrfhhfihhnghdrtghomhdprhgtphhtthhopehtphgvrhhkihhnshesrggtlhhotghhvgdrtghomhdprhgtphhtthhopehtohhnhidrthhorhgrlhe srgguphdrtghomhdprhgtphhtthhopehvshhtrhgrmhgrghhlihgrsegrfhhsihhntgdrohhrghdprhgtphhtthhopehtrhgrghhlrghnugesrghmrghtvggthhhinhgtrdgtohhmpdhrtghpthhtohepthhrrggtihdrvhgrnhhovhgvrhesrghmvghrihgtrghnshhighhnrghtuhhrvgdrtghomhdprhgtphhtthhopehvsghmqdhhqdhmqdhushgvrhhssegrmhgvrhhitggrnhhsihhgnhgrthhurhgvrdgtohhm', 'elapsed': '29ms'}
X-Spam-Category	LEGIT
X-Spam-Score	64
Return-Path	kathy@sterlingcols.com
X-MS-Exchange-Organization-ExpirationStartTime	12 Sep 2024 13:43:07.7307 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	ce259c3a-ef71-4ce0-a7a3-08dcd330d5b8
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	5c02e89a-b968-4d4e-960d-e62c7cd02766:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	DS2PEPF00003446:EE_\|SJ0PR17MB4712:EE_\|BY1PR17MB6805:EE_
X-MS-Exchange-Organization-AuthSource	DS2PEPF00003446.namprd04.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id	ce259c3a-ef71-4ce0-a7a3-08dcd330d5b8
X-LD-Processed	5c02e89a-b968-4d4e-960d-e62c7cd02766,ExtAddr
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|3613699012;
X-Forefront-Antispam-Report	CIP:64.78.33.177;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:aesdomtco11b.serverdata.net;PTR:aesdomtco11b.serverdata.net;CAT:NONE;SFS:(13230040)(3613699012);DIR:INB;
X-MS-Exchange-UnifiedGroup-DisplayName	vbm-h-m-users
X-MS-Exchange-UnifiedGroup-Address	vbm-h-m-users@americansignature.com
X-MS-Exchange-UnifiedGroup-MailboxGuid	3c9cbe57-7aba-4c2b-90ec-28b59694566b
X-Auto-Response-Suppress	DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime	12 Sep 2024 13:43:07.6369 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	ce259c3a-ef71-4ce0-a7a3-08dcd330d5b8
X-MS-Exchange-CrossTenant-Id	5c02e89a-b968-4d4e-960d-e62c7cd02766
X-MS-Exchange-CrossTenant-AuthSource	DS2PEPF00003446.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped	SJ0PR17MB4712
X-MS-Exchange-Transport-EndToEndLatency	00:01:04.5049406
X-MS-Exchange-Processed-By-BccFoldering	15.20.7939.015
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(920097)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info	deonGL3f3KbUOS1cndhXZl1qiEhZcqBOLjEIMRh1BxITcqxDt3/cqKt+Qrz4YGkG5wNSVG2CXfCFpDOKnM+ybmAaIhtFdXYGEZqX61FEJyS3jtNNyWYvwmT+Pgp9EO0ttAOk3LulqRbk6dp3wFscnP0TVN8+yHjpCWeAr8QOIkBq1O+TgFo4kf5B4UtrtIbJIzM2LqNk2iUX+1cYAO//HRG1/3lYoiv+XJc4oB0Osn/h5J4JpXZ3uGHMYq+Fe4jZ52pWs3ZXuQ/NRz10wO8eNBlZZSpftEZnOPrk5QHVVnrZpZOmRU2gezADpgbyYtUTwd6JckTms27Z3N/tRVvcG5qaVoTIsit61+c7df5HI3dv5LoswQ7MMOrU4j0Q7cn5vDVvv44nDjFceNm8FhGuGtC8b96TNOxEU+6RvO+8ZAw38LvCk41KCUHrpWs99be24UL3+leXLJIxapENdREzTKIRxpd0dD6nRp1M5EDVj3EUfWnxzexrw8oRilqejNWFBJDy08uDzIAOm1htIj+wZlXkQ2IYlgF21CERcVD4cmoZxnO84g88OLkqNF9XcEXKD6K1XUqFcyUwSKFD8Xxk+XFHn3AtPEXnQK9EheYrI2YGbGd+q713SDN4spL28o/uQlbyIP5Yv4J7DwSRzDSwm54O4oJZZAMwPECe5f+PMWU2lKXcZ1+10lACUPanIwOZ40P0xrmeSSYNmFbpu56FuGEV7r70lmwJaij/3NzGW8ag83FAN+755E/RR/KXFEtyuZ2QcyKVFYV8ZU7Act9UONsDrVWKN1CMnolFYxJmT2er5r5i9dOnKrZyg8LJPp6pdkJR+EMtjBJjxtuzYKwGab1Vem99uYxu713RchkcklHn2CIVAgdlzoJEQaPe7EPUl5J+PPzlTLKamv5M+2/eKGHO3YXe5yVfmJLNvyYgBpLgp3WZf9B10MvLzd2LXRB30b43HvXGvRems+joASCyE45VZrHmrq+P5n/vOH3xPrz0UUzEH+VviwhHfxRSjUjzHqJefZjZlf+Y9QfhsOLuY+ZvGiT+1eC/dQ56lNmFAFatFkkCx/eDtrD+ZXHrGim190oaFHPm0kN4kqGGs7D6ACOP/XNvvAWM2nas7vi9ne4AFY5Wm6DEPkGEdX9sZX4BUWc5Gdt7/4fcWI6/7bY3eE42FPB2yUPtfD3yLT17wB8NfDXXsu+DlEEtBjtBFco0YvKHwXEuVr2xKYsQZsbzyD1KKZbMYXkMpsW4kOdF3lUBbm5bph9tT2P54tXplu+IhnLCcCYFM/fdoONJchYwznnBDSiejLYNm8TgUcMmWKbqysU31q58BoePdu3+M+SU3IC7TjcBHMerQWlCNdNgy9IRt7f3dPv5t6uWP8cM+FljPkoGamPhBaBKheMu6VMVbiBrR2v43sVW/LnUfelO5Aw9isNBnnrbqqoP06ASVk3MMUQWsCHBSxrDR1AnFC2IipTf5Hx5In7x19J2sRVIaJN5+YPLlBWnFyVOgHFJGrTyuoAwbr5pAVE7nfqZsXzU5/OWlkg+2J9pAXcY4+l2Z0fA36/gOxq6pBYKmckPgLpLccVdPvhXg771hZgAW1Dw0pTea28DMti367TZUk7jp56SdevuZhzJZ7KHjnzPUQjlX/QVPSZA8T9lC/k7ml1pgsRwR62ridqOG1nH5E6N0AsEAbxE8TUD2FrrzNZKQ4hj7wwt0Pl/XJsx/xVxpaRDusO2QgWHytA52Cg7dYgXJGsk15vpGfGjdBT3T/Yu6DDveH7axRqC3lx6vFbpMlDjyOk+wEgxdRYYdjAgFoa3eFwXQrhKukofsKACZ0bGjgOCRuxvVa8okDw2Brju18HNs52nRiE2YUYcRbQoUh5Os65x8P/QT5EN6jW44Og/Lu3eBk7E+QKE5Fc7zO0tqs2wBfqP3Bz6xCiGOyqpG5+iuqrzjTy0XRHWaimv90gCBzbTowXOlcasUPq/rBOaKux4wLfI9Oh3XUiE8OEmjd61hjDH5VLBffdtXnRij9bLVY3fT+Ov4MXDc6A+eHA1DdDR
MIME-Version	1.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 12, 2024 18:33:27.395452023 CEST	59475	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:27.395548105 CEST	63322	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:27.402599096 CEST	53	50495	1.1.1.1	192.168.2.16
Sep 12, 2024 18:33:27.406517982 CEST	53	56108	1.1.1.1	192.168.2.16
Sep 12, 2024 18:33:28.524825096 CEST	53	55539	1.1.1.1	192.168.2.16
Sep 12, 2024 18:33:30.230745077 CEST	63529	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:30.230912924 CEST	57976	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:30.915349007 CEST	61590	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:30.915409088 CEST	53263	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:32.092818975 CEST	55032	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:32.093036890 CEST	56766	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:33:32.099805117 CEST	53	56766	1.1.1.1	192.168.2.16
Sep 12, 2024 18:33:32.099945068 CEST	53	55032	1.1.1.1	192.168.2.16
Sep 12, 2024 18:33:45.481652021 CEST	53	51698	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:04.517362118 CEST	53	53027	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:11.491020918 CEST	53575	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:11.491780996 CEST	60981	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:11.552179098 CEST	53	60981	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:11.556602955 CEST	53	53575	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:12.600008011 CEST	50309	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:12.600169897 CEST	57462	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:12.607963085 CEST	53	57462	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:13.739408970 CEST	64374	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:13.739537001 CEST	62420	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:13.746649027 CEST	53	62420	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:13.790482998 CEST	53	51094	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:15.024158001 CEST	53	65096	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:18.934607029 CEST	62695	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:18.934777021 CEST	60869	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:19.081427097 CEST	57527	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:19.081558943 CEST	53998	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:19.141242981 CEST	53	53998	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:19.151992083 CEST	53	57527	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:19.985538006 CEST	50030	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:19.988919973 CEST	55068	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:20.007575035 CEST	62680	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:20.007575035 CEST	59094	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:20.015533924 CEST	53	62680	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:20.016757965 CEST	53	59094	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:20.540363073 CEST	62699	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:20.540515900 CEST	63568	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:20.547233105 CEST	53	62699	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:20.547247887 CEST	53	63568	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:21.191440105 CEST	58693	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:21.191589117 CEST	63481	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:21.199412107 CEST	59818	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:21.199573994 CEST	59715	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:21.203119040 CEST	53	63481	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:21.206367016 CEST	53	59715	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:21.206717014 CEST	53	59818	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:21.245373011 CEST	138	138	192.168.2.16	192.168.2.255
Sep 12, 2024 18:34:21.664850950 CEST	53	52192	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:27.283250093 CEST	53	65064	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:27.446813107 CEST	53	61786	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:30.239403009 CEST	49856	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.239511967 CEST	60886	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.239794970 CEST	54639	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.239902973 CEST	58661	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.240220070 CEST	59278	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.240405083 CEST	54071	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.240653038 CEST	62476	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.240755081 CEST	52062	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.240983963 CEST	50186	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.241091013 CEST	54121	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:30.246839046 CEST	53	58661	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:30.246855021 CEST	53	54639	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:31.486016035 CEST	59270	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:31.486165047 CEST	59568	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:31.652632952 CEST	53	59568	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:33.588757992 CEST	51191	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:33.588901997 CEST	56386	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:33.616240025 CEST	53	56386	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:34.666379929 CEST	56653	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:34.666747093 CEST	53297	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:34.673981905 CEST	53	56653	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:34.674587011 CEST	53	53297	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:35.670566082 CEST	58300	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:35.670696974 CEST	62607	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:35.678117037 CEST	53	58300	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:35.693605900 CEST	53	62607	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:38.774084091 CEST	59557	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:38.774225950 CEST	60148	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:38.781827927 CEST	53	60148	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:39.747947931 CEST	58570	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:39.748092890 CEST	49519	53	192.168.2.16	1.1.1.1
Sep 12, 2024 18:34:39.762845993 CEST	53	49519	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:50.218286991 CEST	53	63490	1.1.1.1	192.168.2.16
Sep 12, 2024 18:34:55.517682076 CEST	53	50244	1.1.1.1	192.168.2.16
Sep 12, 2024 18:35:00.586055040 CEST	53	55292	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 12, 2024 18:34:30.303560972 CEST	192.168.2.16	1.1.1.1	c32b	(Port unreachable)	Destination Unreachable
Sep 12, 2024 18:34:36.803685904 CEST	192.168.2.16	1.1.1.1	c32a	(Port unreachable)	Destination Unreachable
Sep 12, 2024 18:34:37.848911047 CEST	192.168.2.16	1.1.1.1	c32c	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	201347-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:33:27.435599089 CEST	1.1.1.1	192.168.2.16	0xef0	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:33:27.440582037 CEST	1.1.1.1	192.168.2.16	0x2ce6	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.440582037 CEST	1.1.1.1	192.168.2.16	0x2ce6	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.440582037 CEST	1.1.1.1	192.168.2.16	0x2ce6	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:27.440582037 CEST	1.1.1.1	192.168.2.16	0x2ce6	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.237972975 CEST	1.1.1.1	192.168.2.16	0x3845	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.238735914 CEST	1.1.1.1	192.168.2.16	0x1ee1	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	201347-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:33:30.957786083 CEST	1.1.1.1	192.168.2.16	0x62d0	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:33:30.963197947 CEST	1.1.1.1	192.168.2.16	0xa78c	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.963197947 CEST	1.1.1.1	192.168.2.16	0xa78c	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.963197947 CEST	1.1.1.1	192.168.2.16	0xa78c	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:30.963197947 CEST	1.1.1.1	192.168.2.16	0xa78c	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:33:32.099805117 CEST	1.1.1.1	192.168.2.16	0xb7b5	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 12, 2024 18:33:32.099945068 CEST	1.1.1.1	192.168.2.16	0xcb27	No error (0)	www.google.com		216.58.212.132	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:11.556602955 CEST	1.1.1.1	192.168.2.16	0x4192	No error (0)	hie4bqxikx.n2ns99.store		209.74.66.140	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:12.606956005 CEST	1.1.1.1	192.168.2.16	0xf70e	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:12.607963085 CEST	1.1.1.1	192.168.2.16	0xd102	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:13.746634960 CEST	1.1.1.1	192.168.2.16	0xc157	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:13.746649027 CEST	1.1.1.1	192.168.2.16	0x816b	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:18.942249060 CEST	1.1.1.1	192.168.2.16	0xcfbf	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:18.951283932 CEST	1.1.1.1	192.168.2.16	0xaa2a	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:19.151992083 CEST	1.1.1.1	192.168.2.16	0xd9ac	No error (0)	hie4bqxikx.n2ns99.store		209.74.66.140	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:19.993415117 CEST	1.1.1.1	192.168.2.16	0x2a7b	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:19.997140884 CEST	1.1.1.1	192.168.2.16	0xfe90	No error (0)	r4.res.office365.com	r4.res.office365.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:20.468878031 CEST	1.1.1.1	192.168.2.16	0x6db3	No error (0)	config.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:20.547233105 CEST	1.1.1.1	192.168.2.16	0x517e	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:20.547233105 CEST	1.1.1.1	192.168.2.16	0x517e	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:20.547233105 CEST	1.1.1.1	192.168.2.16	0x517e	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:20.547247887 CEST	1.1.1.1	192.168.2.16	0xba75	No error (0)	api.ipify.org			65	IN (0x0001)	false
Sep 12, 2024 18:34:21.198695898 CEST	1.1.1.1	192.168.2.16	0x984c	No error (0)	config.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:21.206367016 CEST	1.1.1.1	192.168.2.16	0xa789	No error (0)	api.ipify.org			65	IN (0x0001)	false
Sep 12, 2024 18:34:21.206717014 CEST	1.1.1.1	192.168.2.16	0xeda4	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:21.206717014 CEST	1.1.1.1	192.168.2.16	0xeda4	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:21.206717014 CEST	1.1.1.1	192.168.2.16	0xeda4	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:30.246678114 CEST	1.1.1.1	192.168.2.16	0x31c9	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.246855021 CEST	1.1.1.1	192.168.2.16	0x43de	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:30.247232914 CEST	1.1.1.1	192.168.2.16	0x10e7	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.247872114 CEST	1.1.1.1	192.168.2.16	0xc89e	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.247944117 CEST	1.1.1.1	192.168.2.16	0x4b17	No error (0)	spo.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.248208046 CEST	1.1.1.1	192.168.2.16	0x2509	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.249197006 CEST	1.1.1.1	192.168.2.16	0x49fb	No error (0)	m365cdn.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	201347-ipv4v6.farm.dprodmgd108.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.net	dual-spo-0005.spo-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	dual-spo-0005.spo-msedge.net		13.107.136.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:30.282351971 CEST	1.1.1.1	192.168.2.16	0x3138	No error (0)	dual-spo-0005.spo-msedge.net		13.107.138.10	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:30.303503990 CEST	1.1.1.1	192.168.2.16	0xc38b	No error (0)	ampsalon-my.sharepoint.com	ampsalon.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.303503990 CEST	1.1.1.1	192.168.2.16	0xc38b	No error (0)	ampsalon.sharepoint.com	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.303503990 CEST	1.1.1.1	192.168.2.16	0xc38b	No error (0)	1149-ipv4v6e.clump.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:30.303503990 CEST	1.1.1.1	192.168.2.16	0xc38b	No error (0)	201347-ipv4v6e.farm.dprodmgd108.aa-rt.sharepoint.com	201347-ipv4v6w.farm.dprodmgd108.sharepointonline.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:31.665946007 CEST	1.1.1.1	192.168.2.16	0xf5ad	No error (0)	6bfacd71a66bb0707070c71378f18542.fp.measure.office.com	cdg-mvp.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:33.628007889 CEST	1.1.1.1	192.168.2.16	0xb21e	No error (0)	6bfacd71a66bb0707070c71378f18542.fp.measure.office.com	cdg-mvp.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	outlook.ms-acdc.office.com	HHN-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	HHN-efz.ms-acdc.office.com		52.98.171.242	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	HHN-efz.ms-acdc.office.com		52.98.179.66	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	HHN-efz.ms-acdc.office.com		40.99.150.114	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:34.673981905 CEST	1.1.1.1	192.168.2.16	0xbee2	No error (0)	HHN-efz.ms-acdc.office.com		52.98.152.178	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:34.674587011 CEST	1.1.1.1	192.168.2.16	0xb88b	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:34.674587011 CEST	1.1.1.1	192.168.2.16	0xb88b	No error (0)	outlook.ms-acdc.office.com	HHN-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:35.678117037 CEST	1.1.1.1	192.168.2.16	0xb14e	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:35.678117037 CEST	1.1.1.1	192.168.2.16	0xb14e	No error (0)	outlook.ms-acdc.office.com	FRA-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:35.678117037 CEST	1.1.1.1	192.168.2.16	0xb14e	No error (0)	FRA-efz.ms-acdc.office.com		52.98.179.178	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:35.678117037 CEST	1.1.1.1	192.168.2.16	0xb14e	No error (0)	FRA-efz.ms-acdc.office.com		52.98.179.114	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:35.678117037 CEST	1.1.1.1	192.168.2.16	0xb14e	No error (0)	FRA-efz.ms-acdc.office.com		52.98.179.98	A (IP address)	IN (0x0001)	false
Sep 12, 2024 18:34:35.693605900 CEST	1.1.1.1	192.168.2.16	0xa3c8	No error (0)	tr-ooc-acdc.office.com	outlook.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:35.693605900 CEST	1.1.1.1	192.168.2.16	0xa3c8	No error (0)	outlook.ms-acdc.office.com	HHN-efz.ms-acdc.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:36.789778948 CEST	1.1.1.1	192.168.2.16	0xb567	No error (0)	ic3-calling-composer-recorderwebapirole.c01-prd02weu.ic3-calling-composer.westeurope-prod.cosmic.office.net	cosmic-westeurope-ns-178319ed56c2.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:36.803168058 CEST	1.1.1.1	192.168.2.16	0x1aa5	No error (0)	ic3-calling-composer-recorderwebapirole.c02-prd02weu.ic3-calling-composer.westeurope-prod.cosmic.office.net	cosmic-westeurope-ns-0432159a223d.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:37.828478098 CEST	1.1.1.1	192.168.2.16	0x83c	No error (0)	ic3-calling-composer-recorderwebapirole.c02-prd02weu.ic3-calling-composer.westeurope-prod.cosmic.office.net	cosmic-westeurope-ns-0432159a223d.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:37.848809004 CEST	1.1.1.1	192.168.2.16	0x482d	No error (0)	ic3-calling-composer-recorderwebapirole.c01-prd02neu.ic3-calling-composer.northeurope-prod.cosmic.office.net	cosmic-northeurope-ns-0dfdc4c7b594.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:38.781266928 CEST	1.1.1.1	192.168.2.16	0xdca6	No error (0)	upload.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 12, 2024 18:34:39.762407064 CEST	1.1.1.1	192.168.2.16	0x5fd0	No error (0)	upload.fp.measure.office.com	fpc.msedge.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:23 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-12 16:33:24 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25922 Date: Thu, 12 Sep 2024 16:33:24 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:24 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-12 16:33:25 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25988 Date: Thu, 12 Sep 2024 16:33:24 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-12 16:33:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:25 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4762 Host: login.live.com
2024-09-12 16:33:25 UTC	4762	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-12 16:33:25 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 12 Sep 2024 16:32:25 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: 2e416bdd-53e9-4be6-8e7c-b61674c898e0 PPServer: PPV: 30 H: BL02EPF0001D906 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 12 Sep 2024 16:33:24 GMT Connection: close Content-Length: 10197
2024-09-12 16:33:25 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gcCGHLE9ofX+PuM&MD=GceYxE7n HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-12 16:33:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e50eade3-cef7-4372-be73-c1527160534d MS-RequestId: 7c27636b-eda7-4fdd-8674-eb5a7c35d28d MS-CV: si6KTW/oG0+c6yAO.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 12 Sep 2024 16:33:27 GMT Connection: close Content-Length: 24490
2024-09-12 16:33:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-12 16:33:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:28 UTC	1152	OUT	GET /:f:/g/personal/guestservices_amomentspeace_com/EpdhTtQbrslBkYzmMyC73V0BuRIA15dE-ECiEgpeMvQFMg?e=yiAI1t&xsdata=MDV8MDJ8TWlrZS5NY01haG9uQGFtZXJpY2Fuc2lnbmF0dXJlLmNvbXxjZTI1OWMzYWVmNzE0Y2UwYTdhMzA4ZGNkMzMwZDViOHw1YzAyZTg5YWI5Njg0ZDRlOTYwZGU2MmM3Y2QwMjc2NnwwfDB8NjM4NjE3NDU0NTIyNjM2MzE1fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw2MDAwMHx8fA%3d%3d&sdata=ZWRlT2ZrRFE4VUdZVXFRYkNDZTZEbE9vWlFVMVNwMTIwMmhzb29yYlBubz0%3d HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-12 16:33:28 UTC	3796	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 344 Content-Type: text/html; charset=utf-8 Location: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,8409600,564,472,405943,0,4887322,36 X-SharePointHealthScore: 2 X-MS-SPO-CookieValidator: mnKngW9tgcSkeBIgBdH4T/yN9nbeV3g5kbnnvXCrjp4sgtcnAC2euNjnVhzxVTdJs5SC+1N2uUhiSrXV6KKpeFeMtDhvMnEraf/RhIkjjJShHGRjc+57JJalrNVMZMMATo6pfjpP5Ug8LlWcc+uG8zhI0n3rNbsknAYMZVAzOQ1SSmRGpZAAbdaNX68sXmqc6WqZak0JIjJHk2hdUcgEerWjk426SNM3CY5mo2GBhq/rPuicx4O/sz90f6FpPOEcIIXu74gwlqutUk7bn/q7vYZ6BAXjzFt9R8nER5r5Xkcj0VPt6LlqjanvTe6aS63HKW+DOGXH+To7EQfRt1u6Mw== X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 1f944fa1-90c3-0000-2bbc-dc140fa19a02 request-id: 1f944fa1-90c3-0000-2bbc-dc140fa19a02 MS-CV: oU+UH8OQAAArvNwUD6GaAg.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5c&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 604 SPIisLatency: 6 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 94ECFA0744F043AAB04FC8E138C7D530 Ref B: EWR311000106009 Ref C: 2024-09-12T16:33:28Z Date: Thu, 12 Sep 2024 16:33:28 GMT Connection: close
2024-09-12 16:33:28 UTC	344	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 67 75 65 73 74 73 65 72 76 69 63 65 73 5f 61 6d 6f 6d 65 6e 74 73 70 65 61 63 65 5f 63 6f 6d 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 6f 6e 65 64 72 69 76 65 2e 61 73 70 78 3f 69 64 3d 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 67 75 65 73 74 73 65 72 76 69 63 65 73 25 35 46 61 6d 6f 6d 65 6e 74 73 70 65 61 63 65 25 35 46 63 6f 6d 25 32 46 44 6f 63 75 6d 65 6e 74 73 25 32 46 53 74 65 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSte

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:29 UTC	2015	OUT	GET /personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:33:29 UTC	11113	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,42,1392319,0,366264,41 X-SharePointHealthScore: 1 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Reporting-Endpoints: cspendpoint="https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/CSPReporting.aspx" X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com .cloud.microsoft app.powerbi.com; Content-Security-Policy-Report-Only: base-uri 'none';;report-to cspendpoint Content-Security-Policy: worker-src 'self' blob:;script-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'unsafe-eval' 'nonce-78a4c32e-faed-437d-91 [TRUNCATED] Content-Security-Policy-Report-Only: style-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'self' blob: 'unsafe-inline';connect-src 'self' blob: h [TRUNCATED] X-Service-Worker-Application-Id: STS X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 20944fa1-e022-0000-2a47-014540068177 request-id: 20944fa1-e022-0000-2a47-014540068177 MS-CV: oU+UICLgAAAqRwFFQAaBdw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 6825A719010E4FE2A9F2D18BE8B3FCB4 Ref B: EWR311000104029 Ref C: 2024-09-12T16:33:29Z Date: Thu, 12 Sep 2024 16:33:29 GMT Connection: close
2024-09-12 16:33:29 UTC	1153	IN	Data Raw: 34 37 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: 47a<!DOCTYPE html><html lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equ
2024-09-12 16:33:29 UTC	4248	IN	Data Raw: 31 30 39 30 0d 0a 73 3a 2f 2f 73 68 65 6c 6c 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 53 68 65 6c 6c 42 6f 6f 74 73 74 72 61 70 70 65 72 2f 62 75 73 69 6e 65 73 73 2f 4f 6e 65 53 68 65 6c 6c 22 3e 0d 0a 0d 0a 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 37 38 61 34 63 33 32 65 2d 66 61 65 64 2d 34 33 37 64 2d 39 31 30 30 2d 34 37 38 30 66 34 62 32 37 30 61 36 22 3e 0d 0a 09 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 53 75 69 74 65 4e 61 76 53 68 65 6c 6c 43 6f 72 65 27 29 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6c 6f 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 28 Data Ascii: 1090s://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell"></script><script type="text/javascript" nonce="78a4c32e-faed-437d-9100-4780f4b270a6">window.document.getElementById('SuiteNavShellCore').addEventListener('load', function() { (
2024-09-12 16:33:29 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 20 74 72 75 65 2c 20 64 61 72 6b 41 63 63 65 6e 74 3a 20 27 23 38 32 43 37 46 46 27 2c 20 73 68 65 6c 6c 41 75 74 68 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 3a 20 7b 20 74 79 70 65 3a 20 27 77 65 62 41 61 64 57 69 74 68 4d 73 61 50 72 6f 78 79 27 2c 20 6c 6f 67 69 6e 5f 48 69 6e 74 3a 20 27 75 72 6e 3a 73 70 6f 3a 61 6e 6f 6e 23 63 65 33 38 38 35 63 34 64 64 34 63 63 34 63 62 38 39 63 39 36 36 64 65 35 35 31 34 30 62 30 61 36 32 36 32 63 35 37 35 36 34 65 38 61 38 36 30 34 62 39 35 37 30 35 35 37 37 62 33 35 64 33 32 27 2c 20 61 70 70 53 69 67 6e 49 6e 55 72 6c 3a 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 70 72 6f 6d 70 74 3d 73 65 6c 65 63 74 5f 61 63 63 6f 75 6e 74 26 72 75 3d 25 32 Data Ascii: 2000 true, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webAadWithMsaProxy', login_Hint: 'urn:spo:anon#ce3885c4dd4cc4cb89c966de55140b0a6262c57564e8a8604b95705577b35d32', appSignInUrl: 'https://www.office.com/login?prompt=select_account&ru=%2
2024-09-12 16:33:29 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 44 61 74 61 4c 6f 63 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 52 6f 6f 74 53 69 74 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 4d 79 53 69 74 65 48 6f 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 54 65 6e 61 6e 74 41 64 6d 69 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 61 64 6d 69 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 50 6f 72 74 61 6c 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 41 64 64 69 74 69 6f 6e 61 6c 55 72 6c 73 22 3a 5b 5d 7d 5d Data Ascii: 2000DataLocation":false,"RootSiteUrl":"https://ampsalon.sharepoint.com/","MySiteHostUrl":"https://ampsalon-my.sharepoint.com/","TenantAdminUrl":"https://ampsalon-admin.sharepoint.com/","PortalUrl":"https://ampsalon.sharepoint.com/","AdditionalUrls":[]}]
2024-09-12 16:33:29 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 39 2d 41 38 33 43 2d 37 43 31 43 35 30 33 30 44 42 42 31 22 3a 74 72 75 65 2c 22 45 36 38 46 34 44 39 31 2d 34 46 34 35 2d 34 30 33 34 2d 42 30 43 37 2d 45 41 42 41 39 36 46 32 33 43 31 35 22 3a 74 72 75 65 2c 22 38 30 33 44 45 35 30 41 2d 30 44 34 31 2d 34 44 37 43 2d 39 35 31 32 2d 45 37 41 34 41 44 45 37 34 34 33 31 22 3a 74 72 75 65 2c 22 44 39 42 38 30 41 43 45 2d 44 33 39 41 2d 34 32 46 32 2d 39 39 33 42 2d 30 34 46 33 45 35 41 46 34 31 34 37 22 3a 74 72 75 65 2c 22 35 36 45 45 33 35 30 37 2d 45 44 35 32 2d 34 46 30 38 2d 41 44 43 35 2d 38 30 34 46 41 45 35 35 31 39 38 46 22 3a 74 72 75 65 2c 22 31 31 38 33 30 35 39 46 2d 41 37 43 44 2d 34 31 39 43 2d 42 31 33 41 2d 41 36 30 38 43 36 30 34 42 45 44 32 22 3a 74 72 75 65 2c 22 31 33 Data Ascii: 20009-A83C-7C1C5030DBB1":true,"E68F4D91-4F45-4034-B0C7-EABA96F23C15":true,"803DE50A-0D41-4D7C-9512-E7A4ADE74431":true,"D9B80ACE-D39A-42F2-993B-04F3E5AF4147":true,"56EE3507-ED52-4F08-ADC5-804FAE55198F":true,"1183059F-A7CD-419C-B13A-A608C604BED2":true,"13
2024-09-12 16:33:29 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 35 41 44 36 35 30 38 46 44 31 35 22 3a 74 72 75 65 2c 22 34 31 35 46 34 31 32 45 2d 44 31 33 33 2d 34 30 35 34 2d 38 41 35 37 2d 39 41 34 34 46 42 41 35 34 30 45 30 22 3a 74 72 75 65 2c 22 34 35 39 41 34 30 41 45 2d 44 37 32 44 2d 34 34 31 35 2d 39 37 34 44 2d 34 31 35 39 32 38 37 44 36 43 37 34 22 3a 74 72 75 65 2c 22 32 41 32 41 44 39 34 30 2d 34 31 35 30 2d 34 33 36 39 2d 38 45 39 42 2d 43 46 46 45 33 37 39 46 39 37 38 34 22 3a 74 72 75 65 2c 22 39 42 33 30 38 45 41 36 2d 45 37 33 45 2d 34 36 45 34 2d 41 31 34 37 2d 38 41 34 42 30 44 39 37 35 32 35 30 22 3a 74 72 75 65 2c 22 44 39 34 41 30 45 38 46 2d 43 30 42 34 2d 34 38 39 39 2d 42 30 42 43 2d 41 45 34 44 42 45 46 41 36 33 37 45 22 3a 74 72 75 65 2c 22 35 39 37 39 42 43 34 35 2d 35 Data Ascii: 20005AD6508FD15":true,"415F412E-D133-4054-8A57-9A44FBA540E0":true,"459A40AE-D72D-4415-974D-4159287D6C74":true,"2A2AD940-4150-4369-8E9B-CFFE379F9784":true,"9B308EA6-E73E-46E4-A147-8A4B0D975250":true,"D94A0E8F-C0B4-4899-B0BC-AE4DBEFA637E":true,"5979BC45-5
2024-09-12 16:33:30 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 43 37 45 22 3a 74 72 75 65 2c 22 41 32 35 32 44 35 36 39 2d 35 44 34 46 2d 34 42 31 46 2d 39 42 37 32 2d 44 36 30 33 41 39 38 44 42 34 45 43 22 3a 74 72 75 65 2c 22 38 43 41 30 30 34 39 37 2d 46 36 31 36 2d 34 36 36 30 2d 38 33 41 34 2d 44 31 34 35 37 37 43 38 46 35 36 41 22 3a 74 72 75 65 2c 22 37 33 43 34 38 34 33 43 2d 33 31 43 31 2d 34 33 44 43 2d 42 35 36 34 2d 37 38 32 44 37 42 32 37 43 43 39 45 22 3a 74 72 75 65 2c 22 38 37 31 46 39 39 45 35 2d 42 33 44 43 2d 34 42 43 44 2d 41 44 43 37 2d 46 38 31 46 36 45 35 30 45 37 30 39 22 3a 74 72 75 65 2c 22 34 43 31 38 36 38 35 44 2d 33 41 33 32 2d 34 36 34 33 2d 42 37 30 43 2d 35 43 35 37 46 46 45 43 41 44 42 41 22 3a 74 72 75 65 2c 22 32 31 41 34 33 36 35 35 2d 39 41 35 30 2d 34 41 31 44 Data Ascii: 2000C7E":true,"A252D569-5D4F-4B1F-9B72-D603A98DB4EC":true,"8CA00497-F616-4660-83A4-D14577C8F56A":true,"73C4843C-31C1-43DC-B564-782D7B27CC9E":true,"871F99E5-B3DC-4BCD-ADC7-F81F6E50E709":true,"4C18685D-3A32-4643-B70C-5C57FFECADBA":true,"21A43655-9A50-4A1D
2024-09-12 16:33:30 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 65 2c 22 35 36 45 37 36 33 31 38 2d 36 38 43 36 2d 34 46 36 39 2d 38 30 41 39 2d 32 30 43 43 43 44 37 37 41 38 33 46 22 3a 74 72 75 65 2c 22 45 42 35 46 44 46 37 39 2d 33 39 37 30 2d 34 42 45 43 2d 42 46 39 38 2d 34 42 45 44 32 36 42 46 38 33 34 36 22 3a 74 72 75 65 2c 22 33 44 36 34 31 39 42 41 2d 44 44 36 43 2d 34 43 44 45 2d 39 39 46 35 2d 30 45 38 38 33 42 43 39 46 37 31 30 22 3a 74 72 75 65 2c 22 33 33 34 30 41 44 42 43 2d 37 35 37 44 2d 34 45 37 31 2d 41 43 32 36 2d 35 37 33 42 32 35 36 31 39 31 46 32 22 3a 74 72 75 65 2c 22 31 30 45 38 32 34 38 35 2d 45 30 35 32 2d 34 43 38 46 2d 39 35 32 39 2d 45 30 30 31 33 33 35 37 34 31 38 43 22 3a 74 72 75 65 2c 22 32 30 46 45 30 31 30 46 2d 38 30 37 31 2d 34 45 32 46 2d 41 32 30 45 2d 37 42 Data Ascii: 2000e,"56E76318-68C6-4F69-80A9-20CCCD77A83F":true,"EB5FDF79-3970-4BEC-BF98-4BED26BF8346":true,"3D6419BA-DD6C-4CDE-99F5-0E883BC9F710":true,"3340ADBC-757D-4E71-AC26-573B256191F2":true,"10E82485-E052-4C8F-9529-E0013357418C":true,"20FE010F-8071-4E2F-A20E-7B
2024-09-12 16:33:30 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 35 37 41 2d 38 45 35 46 2d 34 43 33 43 2d 38 45 44 34 2d 32 31 30 32 41 36 41 33 46 42 35 39 22 3a 74 72 75 65 2c 22 38 37 45 34 35 41 43 44 2d 34 43 31 42 2d 34 37 39 30 2d 41 33 36 38 2d 37 33 41 30 38 32 46 45 43 31 35 39 22 3a 74 72 75 65 2c 22 33 43 32 32 37 39 31 38 2d 42 37 36 43 2d 34 43 39 36 2d 42 33 36 35 2d 36 42 45 46 32 43 44 33 46 32 41 30 22 3a 74 72 75 65 2c 22 44 37 42 45 38 36 39 38 2d 46 35 38 46 2d 34 43 35 33 2d 39 31 32 42 2d 34 39 39 44 34 42 33 33 46 36 45 30 22 3a 74 72 75 65 2c 22 46 32 35 34 44 33 33 35 2d 44 32 38 31 2d 34 35 37 45 2d 39 33 38 43 2d 31 36 44 35 30 41 37 44 41 42 43 42 22 3a 74 72 75 65 2c 22 34 45 41 32 31 38 32 32 2d 36 44 45 34 2d 34 39 31 45 2d 41 39 38 44 2d 39 41 44 31 30 30 31 45 46 36 Data Ascii: 200057A-8E5F-4C3C-8ED4-2102A6A3FB59":true,"87E45ACD-4C1B-4790-A368-73A082FEC159":true,"3C227918-B76C-4C96-B365-6BEF2CD3F2A0":true,"D7BE8698-F58F-4C53-912B-499D4B33F6E0":true,"F254D335-D281-457E-938C-16D50A7DABCB":true,"4EA21822-6DE4-491E-A98D-9AD1001EF6
2024-09-12 16:33:30 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 2d 34 42 30 46 2d 39 44 44 37 2d 44 31 44 41 34 45 31 34 32 33 46 44 22 3a 74 72 75 65 2c 22 35 46 39 37 41 36 32 39 2d 45 45 42 44 2d 34 43 34 43 2d 38 31 38 35 2d 39 39 41 38 30 37 41 35 44 43 38 43 22 3a 74 72 75 65 2c 22 42 44 37 35 31 35 36 42 2d 30 34 34 38 2d 34 33 45 39 2d 42 32 45 46 2d 42 45 39 42 35 33 43 30 31 36 33 33 22 3a 74 72 75 65 2c 22 38 38 30 39 41 45 45 32 2d 38 30 32 43 2d 34 32 30 31 2d 41 38 33 33 2d 34 45 44 46 39 43 38 43 44 37 33 34 22 3a 74 72 75 65 2c 22 31 44 31 32 31 32 37 33 2d 30 35 38 31 2d 34 42 30 41 2d 39 34 43 44 2d 39 37 42 37 30 45 32 36 46 35 43 32 22 3a 74 72 75 65 2c 22 42 39 42 45 46 46 33 38 2d 38 35 43 36 2d 34 44 42 38 2d 38 35 36 31 2d 44 32 31 31 41 46 33 30 43 34 34 42 22 3a 74 72 75 65 Data Ascii: 2000-4B0F-9DD7-D1DA4E1423FD":true,"5F97A629-EEBD-4C4C-8185-99A807A5DC8C":true,"BD75156B-0448-43E9-B2EF-BE9B53C01633":true,"8809AEE2-802C-4201-A833-4EDF9C8CD734":true,"1D121273-0581-4B0A-94CD-97B70E26F5C2":true,"B9BEFF38-85C6-4DB8-8561-D211AF30C44B":true

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:30 UTC	1552	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:33:30 UTC	3165	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,2102272,0,404,2928392,0,2102272,40 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 20944fa1-e06a-0000-2bbc-d9b1ffa4ed95 request-id: 20944fa1-e06a-0000-2bbc-d9b1ffa4ed95 MS-CV: oU+UIGrgAAArvNmx/6TtlQ.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 418B2E1B22AD49DCBE713ECA4E40C46C Ref B: EWR311000104035 Ref C: 2024-09-12T16:33:30Z Date: Thu, 12 Sep 2024 16:33:30 GMT Connection: close
2024-09-12 16:33:30 UTC	749	IN	Data Raw: 32 65 36 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f Data Ascii: 2e6self._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.perfo
2024-09-12 16:33:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:31 UTC	1545	OUT	GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:33:31 UTC	3158	IN	HTTP/1.1 200 OK Cache-Control: max-age=600 Transfer-Encoding: chunked Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,64587,0,82208,36 X-SharePointHealthScore: 1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 20944fa1-709d-0000-2a47-01123938b6d8 request-id: 20944fa1-709d-0000-2a47-01123938b6d8 MS-CV: oU+UIJ1wAAAqRwESOTi22A.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 726480AE343A45B8BD34538476DD525E Ref B: EWR311000108051 Ref C: 2024-09-12T16:33:31Z Date: Thu, 12 Sep 2024 16:33:30 GMT Connection: close
2024-09-12 16:33:31 UTC	749	IN	Data Raw: 32 65 36 0d 0a 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 20 3d 20 7b 7d 3b 0a 73 65 6c 66 2e 5f 6d 61 72 6b 50 65 72 66 53 74 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 65 79 29 20 7b 69 66 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 7d 20 65 6c 73 65 7b 73 65 6c 66 2e 5f 70 65 72 66 4d 61 72 6b 73 5b 6b 65 79 5d 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 7d 20 69 66 20 28 73 65 6c 66 2e 70 65 72 66 6f 72 6d 61 6e 63 65 20 26 26 20 74 79 70 65 6f 66 20 73 65 6c 66 2e 70 65 72 66 6f Data Ascii: 2e6self._perfMarks = {};self._markPerfStage=function(key) {if(self.performance && typeof self.performance.now === 'function'){self._perfMarks[key]=self.performance.now();} else{self._perfMarks[key]=Date.now();} if (self.performance && typeof self.perfo
2024-09-12 16:33:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:57 UTC	2041	OUT	GET /personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:33:57 UTC	11109	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,19270,0,40719,51 X-SharePointHealthScore: 3 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Reporting-Endpoints: cspendpoint="https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/CSPReporting.aspx" X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com .powerapps.com .yammer.com engage.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com .cloud.microsoft app.powerbi.com; Content-Security-Policy-Report-Only: base-uri 'none';;report-to cspendpoint Content-Security-Policy: worker-src 'self' blob:;script-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'unsafe-eval' 'nonce-0dea013d-3764-4635-98 [TRUNCATED] Content-Security-Policy-Report-Only: style-src https://contentstorage.osi.office.net https://swx.cdn.skype.com https://res.delve.office.com https://lpcres.delve.office.com https://widget.uservoice.com https://by2.uservoice.com https://www.bing.com/api/maps/ https://www.bing.com/rms/ https://fabriciss.azureedge.net https://publiccdn.sharepointonline.com https://ajax.aspnetcdn.com https://res-1.cdn.office.net https://res-1.cdn.office.net https://res-2.cdn.office.net https://webshell.suite.office.com https://amcdn.msftauth.net .cdn.office.net .fluidpreview.office.net https://res-1.cdn.office.net https://teams.microsoft.com https://js.monitor.azure.com https://r4.res.office365.com https://c1-excel-15.cdn.office.net https://c1-onenote-15.cdn.office.net https://c1-powerpoint-15.cdn.office.net https://c1-visio-15.cdn.office.net https://c1-word-view-15.cdn.office.net https://loki.delve.office.com https://res.cdn.office.net/midgard/ https://substrate.office.com 'self' blob: 'unsafe-inline';connect-src 'self' blob: h [TRUNCATED] X-Service-Worker-Application-Id: STS X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 26944fa1-d0ec-0000-2bbc-deec499c4eb0 request-id: 26944fa1-d0ec-0000-2bbc-deec499c4eb0 MS-CV: oU+UJuzQAAArvN7sSZxOsA.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 67EC38762E034169959BC0CAFF15B13B Ref B: EWR311000101011 Ref C: 2024-09-12T16:33:57Z Date: Thu, 12 Sep 2024 16:33:57 GMT Connection: close
2024-09-12 16:33:57 UTC	3344	IN	Data Raw: 64 30 39 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 69 63 72 6f 73 6f 66 74 20 53 68 61 72 65 50 6f 69 6e 74 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: d09<!DOCTYPE html><html lang="en-us" dir="ltr"><head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equ
2024-09-12 16:33:57 UTC	2060	IN	Data Raw: 38 30 35 0d 0a 20 77 69 6e 64 6f 77 2e 6f 33 36 35 53 68 65 6c 6c 50 6f 73 74 52 65 6e 64 65 72 50 72 6f 6d 69 73 65 20 3d 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 20 28 70 72 52 65 73 6f 6c 76 65 2c 70 72 52 65 6a 65 63 74 29 20 7b 20 77 69 6e 64 6f 77 2e 6f 33 36 35 53 68 65 6c 6c 50 6f 73 74 52 65 6e 64 65 72 50 72 6f 6d 69 73 65 52 65 73 6f 6c 76 65 20 3d 20 70 72 52 65 73 6f 6c 76 65 2c 20 77 69 6e 64 6f 77 2e 6f 33 36 35 53 68 65 6c 6c 50 6f 73 74 52 65 6e 64 65 72 50 72 6f 6d 69 73 65 52 65 6a 65 63 74 20 3d 20 70 72 52 65 6a 65 63 74 20 7d 29 3b 76 61 72 20 65 78 65 63 75 74 65 53 75 69 74 65 4e 61 76 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 76 61 72 20 73 75 69 74 65 4e 61 76 50 6c 61 63 65 68 6f 6c 64 65 72 20 3d 20 Data Ascii: 805 window.o365ShellPostRenderPromise = new Promise(function (prResolve,prReject) { window.o365ShellPostRenderPromiseResolve = prResolve, window.o365ShellPostRenderPromiseReject = prReject });var executeSuiteNav = function () {var suiteNavPlaceholder =
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 65 2c 20 64 61 72 6b 41 63 63 65 6e 74 3a 20 27 23 38 32 43 37 46 46 27 2c 20 73 68 65 6c 6c 41 75 74 68 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 3a 20 7b 20 74 79 70 65 3a 20 27 77 65 62 41 61 64 57 69 74 68 4d 73 61 50 72 6f 78 79 27 2c 20 6c 6f 67 69 6e 5f 48 69 6e 74 3a 20 27 75 72 6e 3a 73 70 6f 3a 61 6e 6f 6e 23 63 65 33 38 38 35 63 34 64 64 34 63 63 34 63 62 38 39 63 39 36 36 64 65 35 35 31 34 30 62 30 61 36 32 36 32 63 35 37 35 36 34 65 38 61 38 36 30 34 62 39 35 37 30 35 35 37 37 62 33 35 64 33 32 27 2c 20 61 70 70 53 69 67 6e 49 6e 55 72 6c 3a 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 70 72 6f 6d 70 74 3d 73 65 6c 65 63 74 5f 61 63 63 6f 75 6e 74 26 72 75 3d 25 32 46 6c 61 75 Data Ascii: 2000e, darkAccent: '#82C7FF', shellAuthProviderConfig: { type: 'webAadWithMsaProxy', login_Hint: 'urn:spo:anon#ce3885c4dd4cc4cb89c966de55140b0a6262c57564e8a8604b95705577b35d32', appSignInUrl: 'https://www.office.com/login?prompt=select_account&ru=%2Flau
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 4c 6f 63 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 52 6f 6f 74 53 69 74 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 4d 79 53 69 74 65 48 6f 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 54 65 6e 61 6e 74 41 64 6d 69 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 61 64 6d 69 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 50 6f 72 74 61 6c 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 22 2c 22 41 64 64 69 74 69 6f 6e 61 6c 55 72 6c 73 22 3a 5b 5d 7d 5d 2c 22 76 69 Data Ascii: 2000Location":false,"RootSiteUrl":"https://ampsalon.sharepoint.com/","MySiteHostUrl":"https://ampsalon-my.sharepoint.com/","TenantAdminUrl":"https://ampsalon-admin.sharepoint.com/","PortalUrl":"https://ampsalon.sharepoint.com/","AdditionalUrls":[]}],"vi
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 33 43 2d 37 43 31 43 35 30 33 30 44 42 42 31 22 3a 74 72 75 65 2c 22 45 36 38 46 34 44 39 31 2d 34 46 34 35 2d 34 30 33 34 2d 42 30 43 37 2d 45 41 42 41 39 36 46 32 33 43 31 35 22 3a 74 72 75 65 2c 22 38 30 33 44 45 35 30 41 2d 30 44 34 31 2d 34 44 37 43 2d 39 35 31 32 2d 45 37 41 34 41 44 45 37 34 34 33 31 22 3a 74 72 75 65 2c 22 44 39 42 38 30 41 43 45 2d 44 33 39 41 2d 34 32 46 32 2d 39 39 33 42 2d 30 34 46 33 45 35 41 46 34 31 34 37 22 3a 74 72 75 65 2c 22 35 36 45 45 33 35 30 37 2d 45 44 35 32 2d 34 46 30 38 2d 41 44 43 35 2d 38 30 34 46 41 45 35 35 31 39 38 46 22 3a 74 72 75 65 2c 22 31 31 38 33 30 35 39 46 2d 41 37 43 44 2d 34 31 39 43 2d 42 31 33 41 2d 41 36 30 38 43 36 30 34 42 45 44 32 22 3a 74 72 75 65 2c 22 31 33 43 37 46 37 Data Ascii: 20003C-7C1C5030DBB1":true,"E68F4D91-4F45-4034-B0C7-EABA96F23C15":true,"803DE50A-0D41-4D7C-9512-E7A4ADE74431":true,"D9B80ACE-D39A-42F2-993B-04F3E5AF4147":true,"56EE3507-ED52-4F08-ADC5-804FAE55198F":true,"1183059F-A7CD-419C-B13A-A608C604BED2":true,"13C7F7
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 35 30 38 46 44 31 35 22 3a 74 72 75 65 2c 22 34 31 35 46 34 31 32 45 2d 44 31 33 33 2d 34 30 35 34 2d 38 41 35 37 2d 39 41 34 34 46 42 41 35 34 30 45 30 22 3a 74 72 75 65 2c 22 34 35 39 41 34 30 41 45 2d 44 37 32 44 2d 34 34 31 35 2d 39 37 34 44 2d 34 31 35 39 32 38 37 44 36 43 37 34 22 3a 74 72 75 65 2c 22 32 41 32 41 44 39 34 30 2d 34 31 35 30 2d 34 33 36 39 2d 38 45 39 42 2d 43 46 46 45 33 37 39 46 39 37 38 34 22 3a 74 72 75 65 2c 22 39 42 33 30 38 45 41 36 2d 45 37 33 45 2d 34 36 45 34 2d 41 31 34 37 2d 38 41 34 42 30 44 39 37 35 32 35 30 22 3a 74 72 75 65 2c 22 44 39 34 41 30 45 38 46 2d 43 30 42 34 2d 34 38 39 39 2d 42 30 42 43 2d 41 45 34 44 42 45 46 41 36 33 37 45 22 3a 74 72 75 65 2c 22 35 39 37 39 42 43 34 35 2d 35 38 46 32 2d Data Ascii: 2000508FD15":true,"415F412E-D133-4054-8A57-9A44FBA540E0":true,"459A40AE-D72D-4415-974D-4159287D6C74":true,"2A2AD940-4150-4369-8E9B-CFFE379F9784":true,"9B308EA6-E73E-46E4-A147-8A4B0D975250":true,"D94A0E8F-C0B4-4899-B0BC-AE4DBEFA637E":true,"5979BC45-58F2-
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 3a 74 72 75 65 2c 22 41 32 35 32 44 35 36 39 2d 35 44 34 46 2d 34 42 31 46 2d 39 42 37 32 2d 44 36 30 33 41 39 38 44 42 34 45 43 22 3a 74 72 75 65 2c 22 38 43 41 30 30 34 39 37 2d 46 36 31 36 2d 34 36 36 30 2d 38 33 41 34 2d 44 31 34 35 37 37 43 38 46 35 36 41 22 3a 74 72 75 65 2c 22 37 33 43 34 38 34 33 43 2d 33 31 43 31 2d 34 33 44 43 2d 42 35 36 34 2d 37 38 32 44 37 42 32 37 43 43 39 45 22 3a 74 72 75 65 2c 22 38 37 31 46 39 39 45 35 2d 42 33 44 43 2d 34 42 43 44 2d 41 44 43 37 2d 46 38 31 46 36 45 35 30 45 37 30 39 22 3a 74 72 75 65 2c 22 34 43 31 38 36 38 35 44 2d 33 41 33 32 2d 34 36 34 33 2d 42 37 30 43 2d 35 43 35 37 46 46 45 43 41 44 42 41 22 3a 74 72 75 65 2c 22 32 31 41 34 33 36 35 35 2d 39 41 35 30 2d 34 41 31 44 2d 41 46 32 Data Ascii: 2000:true,"A252D569-5D4F-4B1F-9B72-D603A98DB4EC":true,"8CA00497-F616-4660-83A4-D14577C8F56A":true,"73C4843C-31C1-43DC-B564-782D7B27CC9E":true,"871F99E5-B3DC-4BCD-ADC7-F81F6E50E709":true,"4C18685D-3A32-4643-B70C-5C57FFECADBA":true,"21A43655-9A50-4A1D-AF2
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 36 45 37 36 33 31 38 2d 36 38 43 36 2d 34 46 36 39 2d 38 30 41 39 2d 32 30 43 43 43 44 37 37 41 38 33 46 22 3a 74 72 75 65 2c 22 45 42 35 46 44 46 37 39 2d 33 39 37 30 2d 34 42 45 43 2d 42 46 39 38 2d 34 42 45 44 32 36 42 46 38 33 34 36 22 3a 74 72 75 65 2c 22 33 44 36 34 31 39 42 41 2d 44 44 36 43 2d 34 43 44 45 2d 39 39 46 35 2d 30 45 38 38 33 42 43 39 46 37 31 30 22 3a 74 72 75 65 2c 22 33 33 34 30 41 44 42 43 2d 37 35 37 44 2d 34 45 37 31 2d 41 43 32 36 2d 35 37 33 42 32 35 36 31 39 31 46 32 22 3a 74 72 75 65 2c 22 31 30 45 38 32 34 38 35 2d 45 30 35 32 2d 34 43 38 46 2d 39 35 32 39 2d 45 30 30 31 33 33 35 37 34 31 38 43 22 3a 74 72 75 65 2c 22 32 30 46 45 30 31 30 46 2d 38 30 37 31 2d 34 45 32 46 2d 41 32 30 45 2d 37 42 37 36 33 34 Data Ascii: 20006E76318-68C6-4F69-80A9-20CCCD77A83F":true,"EB5FDF79-3970-4BEC-BF98-4BED26BF8346":true,"3D6419BA-DD6C-4CDE-99F5-0E883BC9F710":true,"3340ADBC-757D-4E71-AC26-573B256191F2":true,"10E82485-E052-4C8F-9529-E0013357418C":true,"20FE010F-8071-4E2F-A20E-7B7634
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 38 45 35 46 2d 34 43 33 43 2d 38 45 44 34 2d 32 31 30 32 41 36 41 33 46 42 35 39 22 3a 74 72 75 65 2c 22 38 37 45 34 35 41 43 44 2d 34 43 31 42 2d 34 37 39 30 2d 41 33 36 38 2d 37 33 41 30 38 32 46 45 43 31 35 39 22 3a 74 72 75 65 2c 22 33 43 32 32 37 39 31 38 2d 42 37 36 43 2d 34 43 39 36 2d 42 33 36 35 2d 36 42 45 46 32 43 44 33 46 32 41 30 22 3a 74 72 75 65 2c 22 44 37 42 45 38 36 39 38 2d 46 35 38 46 2d 34 43 35 33 2d 39 31 32 42 2d 34 39 39 44 34 42 33 33 46 36 45 30 22 3a 74 72 75 65 2c 22 46 32 35 34 44 33 33 35 2d 44 32 38 31 2d 34 35 37 45 2d 39 33 38 43 2d 31 36 44 35 30 41 37 44 41 42 43 42 22 3a 74 72 75 65 2c 22 34 45 41 32 31 38 32 32 2d 36 44 45 34 2d 34 39 31 45 2d 41 39 38 44 2d 39 41 44 31 30 30 31 45 46 36 43 34 22 3a Data Ascii: 20008E5F-4C3C-8ED4-2102A6A3FB59":true,"87E45ACD-4C1B-4790-A368-73A082FEC159":true,"3C227918-B76C-4C96-B365-6BEF2CD3F2A0":true,"D7BE8698-F58F-4C53-912B-499D4B33F6E0":true,"F254D335-D281-457E-938C-16D50A7DABCB":true,"4EA21822-6DE4-491E-A98D-9AD1001EF6C4":
2024-09-12 16:33:57 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 46 2d 39 44 44 37 2d 44 31 44 41 34 45 31 34 32 33 46 44 22 3a 74 72 75 65 2c 22 35 46 39 37 41 36 32 39 2d 45 45 42 44 2d 34 43 34 43 2d 38 31 38 35 2d 39 39 41 38 30 37 41 35 44 43 38 43 22 3a 74 72 75 65 2c 22 42 44 37 35 31 35 36 42 2d 30 34 34 38 2d 34 33 45 39 2d 42 32 45 46 2d 42 45 39 42 35 33 43 30 31 36 33 33 22 3a 74 72 75 65 2c 22 38 38 30 39 41 45 45 32 2d 38 30 32 43 2d 34 32 30 31 2d 41 38 33 33 2d 34 45 44 46 39 43 38 43 44 37 33 34 22 3a 74 72 75 65 2c 22 31 44 31 32 31 32 37 33 2d 30 35 38 31 2d 34 42 30 41 2d 39 34 43 44 2d 39 37 42 37 30 45 32 36 46 35 43 32 22 3a 74 72 75 65 2c 22 42 39 42 45 46 46 33 38 2d 38 35 43 36 2d 34 44 42 38 2d 38 35 36 31 2d 44 32 31 31 41 46 33 30 43 34 34 42 22 3a 74 72 75 65 2c 22 33 32 Data Ascii: 2000F-9DD7-D1DA4E1423FD":true,"5F97A629-EEBD-4C4C-8185-99A807A5DC8C":true,"BD75156B-0448-43E9-B2EF-BE9B53C01633":true,"8809AEE2-802C-4201-A833-4EDF9C8CD734":true,"1D121273-0581-4B0A-94CD-97B70E26F5C2":true,"B9BEFF38-85C6-4DB8-8561-D211AF30C44B":true,"32

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:33:58 UTC	1983	OUT	GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:33:58 UTC	1947	IN	HTTP/1.1 200 OK Cache-Control: max-age=31536000 Content-Length: 7886 Content-Type: image/x-icon Last-Modified: Sat, 07 Sep 2024 03:07:43 GMT Accept-Ranges: bytes ETag: "b88f691bd30db1:0" P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,8409600,128,405,1250639,0,8146571,41 SPRequestDuration: 15 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DA1B1A6B3052421BB0C2AA6357DD3BB3 Ref B: EWR311000103035 Ref C: 2024-09-12T16:33:58Z Date: Thu, 12 Sep 2024 16:33:57 GMT Connection: close
2024-09-12 16:33:58 UTC	718	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @
2024-09-12 16:33:58 UTC	7168	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea a8 28 60 ea a8 28 bf ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 ff ea a8 28 Data Ascii: (`(((((((((((((((((((((((

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:00 UTC	2114	OUT	POST /personal/guestservices_amomentspeace_com/_api/v2.1/graphql HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Content-Length: 507 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" accept: application/json;odata=verbose Content-Type: application/json;odata=verbose X-ServiceWorker-Strategy: CacheFirst sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ampsalon-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:00 UTC	507	OUT	Data Raw: 7b 22 71 75 65 72 79 22 3a 22 71 75 65 72 79 20 28 5c 6e 20 20 20 20 20 20 20 20 24 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 51 75 65 72 79 53 74 72 69 6e 67 3a 20 53 74 72 69 6e 67 21 5c 6e 20 20 20 20 20 20 20 20 29 5c 6e 20 20 20 20 20 20 7b 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 6c 65 67 61 63 79 20 7b 5c 6e 20 20 20 20 20 20 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 28 5c 6e 20 20 20 20 20 20 71 75 65 72 79 53 74 72 69 6e 67 3a 20 24 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 51 75 65 72 79 53 74 72 69 6e 67 5c 6e 20 20 20 20 20 20 29 20 20 20 20 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 7d 5c 6e 20 20 20 20 20 20 5c 6e 20 20 20 20 20 20 5c 6e 20 20 70 65 72 66 20 7b 5c 6e 20 20 20 20 65 78 65 63 75 74 69 6f 6e 54 69 6d 65 5c 6e 20 Data Ascii: {"query":"query (\n $spoSuiteLinksQueryString: String!\n )\n {\n \n legacy {\n spoSuiteLinks(\n queryString: $spoSuiteLinksQueryString\n ) \n \n }\n \n \n perf {\n executionTime\n
2024-09-12 16:34:00 UTC	3142	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 17754 Content-Type: application/json P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,4204800,0,334,1514837,0,2710111,36 X-SharePointHealthScore: 0 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 27944fa1-f09d-0000-2bbc-d2f47530b357 request-id: 27944fa1-f09d-0000-2bbc-d2f47530b357 MS-CV: oU+UJ53wAAArvNL0dTCzVw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 40764CC34B354C52A0AEB033746F301D Ref B: EWR311000103019 Ref C: 2024-09-12T16:34:00Z Date: Thu, 12 Sep 2024 16:34:00 GMT Connection: close
2024-09-12 16:34:00 UTC	1028	IN	Data Raw: 7b 22 64 61 74 61 22 3a 7b 22 6c 65 67 61 63 79 22 3a 7b 22 73 70 6f 53 75 69 74 65 4c 69 6e 6b 73 22 3a 7b 0a 20 22 53 50 53 75 69 74 65 56 65 72 73 69 6f 6e 22 3a 32 2c 0a 20 22 53 50 49 73 4d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 0a 20 22 43 73 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 73 68 61 72 65 64 2e 33 38 34 61 61 63 65 35 66 39 38 61 38 36 32 32 66 34 32 31 63 66 35 39 39 33 35 37 62 36 38 64 2e 63 73 73 22 2c 0a 20 22 4a 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 62 6f 6f 74 73 74 72 Data Ascii: {"data":{"legacy":{"spoSuiteLinks":{ "SPSuiteVersion":2, "SPIsMobile":false, "CssUrl":"https://res-1.cdn.office.net/shellux/suiteux.shell.shared.384aace5f98a8622f421cf599357b68d.css", "JsUrl":"https://res-1.cdn.office.net/shellux/suiteux.shell.bootstr
2024-09-12 16:34:00 UTC	8192	IN	Data Raw: 73 44 6f 77 6e 6c 6f 61 64 45 6e 61 62 6c 65 64 5c 22 3a 66 61 6c 73 65 2c 5c 22 41 70 70 73 50 69 6e 6e 65 64 44 61 74 61 5c 22 3a 6e 75 6c 6c 2c 5c 22 41 70 70 73 55 70 64 61 74 65 54 69 6d 65 53 70 61 6e 5c 22 3a 31 34 34 30 30 30 30 30 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 45 6e 61 62 6c 65 64 5c 22 3a 74 72 75 65 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 53 65 72 76 65 72 52 65 71 75 65 73 74 49 6e 66 6c 75 78 43 6f 6e 74 72 6f 6c 5c 22 3a 35 2c 5c 22 41 72 69 61 54 65 6c 65 6d 65 74 72 79 54 65 6e 61 6e 74 54 6f 6b 65 6e 5c 22 3a 5c 22 63 36 63 31 39 30 61 31 62 37 33 63 34 61 36 33 62 62 61 38 39 38 33 35 64 35 34 36 63 66 32 38 2d 66 32 61 30 34 38 32 66 2d 61 30 30 64 2d 34 38 64 39 2d 38 32 32 65 2d 65 38 39 63 63 38 39 65 62 36 Data Ascii: sDownloadEnabled\":false,\"AppsPinnedData\":null,\"AppsUpdateTimeSpan\":14400000,\"AriaTelemetryEnabled\":true,\"AriaTelemetryServerRequestInfluxControl\":5,\"AriaTelemetryTenantToken\":\"c6c190a1b73c4a63bba89835d546cf28-f2a0482f-a00d-48d9-822e-e89cc89eb6
2024-09-12 16:34:00 UTC	4144	IN	Data Raw: 6e 74 61 69 6e 65 72 2d 70 6c 75 67 69 6e 73 5f 64 69 73 74 5f 6f 6e 64 65 6d 61 6e 64 5f 6a 73 2e 65 35 39 62 63 63 63 32 30 66 65 65 36 34 62 37 38 66 31 35 2e 6a 73 5c 22 2c 5c 22 73 65 61 72 63 68 62 6f 78 5c 22 3a 5c 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 73 65 61 72 63 68 62 6f 78 2e 32 32 62 64 61 32 35 39 33 38 33 66 63 63 62 30 34 31 64 35 2e 6a 73 5c 22 2c 5c 22 73 65 61 72 63 68 75 78 5c 22 3a 5c 22 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 73 68 65 6c 6c 75 78 2f 73 75 69 74 65 75 78 2e 73 68 65 6c 6c 2e 73 65 61 72 63 68 75 78 2e 39 39 65 34 62 38 63 33 61 31 33 66 39 31 63 32 66 64 Data Ascii: ntainer-plugins_dist_ondemand_js.e59bccc20fee64b78f15.js\",\"searchbox\":\"https://res-1.cdn.office.net/shellux/suiteux.shell.searchbox.22bda259383fccb041d5.js\",\"searchux\":\"https://res-1.cdn.office.net/shellux/suiteux.shell.searchux.99e4b8c3a13f91c2fd
2024-09-12 16:34:00 UTC	4390	IN	Data Raw: 2f 61 6e 73 77 65 72 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 55 53 2f 6d 73 6f 66 66 69 63 65 22 7d 2c 22 43 6f 6d 70 61 6e 79 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 6e 75 6c 6c 2c 22 43 6f 72 72 65 6c 61 74 69 6f 6e 49 44 22 3a 22 39 36 65 61 35 38 65 39 2d 36 30 63 66 2d 34 61 61 38 2d 61 65 65 63 2d 63 35 33 39 37 64 39 30 38 37 65 32 22 2c 22 43 75 6c 74 75 72 65 4e 61 6d 65 22 3a 22 65 6e 2d 55 53 22 2c 22 43 75 72 72 65 6e 74 4d 61 69 6e 4c 69 6e 6b 45 6c 65 6d 65 6e 74 49 44 22 3a 22 53 68 65 6c 6c 53 68 61 72 65 70 6f 69 6e 74 22 2c 22 43 75 72 72 65 6e 74 57 6f 72 6b 6c 6f 61 64 48 65 6c 70 53 75 62 4c 69 6e 6b 73 22 3a 6e 75 6c 6c 2c 22 43 75 72 72 65 6e 74 57 6f 72 6b 6c 6f 61 64 53 65 74 74 69 6e 67 73 4c 69 6e 6b 22 3a 6e 75 Data Ascii: /answers.microsoft.com/en-US/msoffice"},"CompanyDisplayName":null,"CorrelationID":"96ea58e9-60cf-4aa8-aeec-c5397d9087e2","CultureName":"en-US","CurrentMainLinkElementID":"ShellSharepoint","CurrentWorkloadHelpSubLinks":null,"CurrentWorkloadSettingsLink":nu

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:01 UTC	1570	OUT	GET /personal/guestservices_amomentspeace_com/_api/v2.1/graphql HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:01 UTC	3140	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 87 Content-Type: application/json P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,8409600,398,564,882201,0,7117445,36 X-SharePointHealthScore: 1 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 27944fa1-c0d6-0000-2bbc-d577bfc4d1ab request-id: 27944fa1-c0d6-0000-2bbc-d577bfc4d1ab MS-CV: oU+UJ9bAAAArvNV3v8TRqw.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: BFB04F7D79FD40D2A1990C09701F1875 Ref B: EWR311000104027 Ref C: 2024-09-12T16:34:01Z Date: Thu, 12 Sep 2024 16:34:00 GMT Connection: close
2024-09-12 16:34:01 UTC	87	IN	Data Raw: 7b 22 65 72 72 6f 72 73 22 3a 5b 7b 22 6d 65 73 73 61 67 65 22 3a 22 41 20 71 75 65 72 79 20 69 73 20 72 65 71 75 69 72 65 64 2e 22 2c 22 65 78 74 65 6e 73 69 6f 6e 73 22 3a 7b 22 63 6f 64 65 22 3a 22 45 58 45 43 55 54 49 4f 4e 5f 45 52 52 4f 52 22 7d 7d 5d 7d Data Ascii: {"errors":[{"message":"A query is required.","extensions":{"code":"EXECUTION_ERROR"}}]}

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:05 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gcCGHLE9ofX+PuM&MD=GceYxE7n HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-12 16:34:05 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 5b384adb-6b5c-49c3-bfe0-f10de8ca75f0 MS-RequestId: 5410e1d7-f41c-499a-ab44-45871ac31e23 MS-CV: PpMT+lbiX0eJvN+5.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 12 Sep 2024 16:34:04 GMT Connection: close Content-Length: 30005
2024-09-12 16:34:05 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-12 16:34:05 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Untitled.eml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Evil Proxy

Yara Signatures

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15952EF.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\727EA126.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E3495601-4D87-47E4-A164-D8AD5F937784}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1726158798047474400_7E13EEF6-6D5F-4B87-AD7E-8E93A585837C.log

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1726158798048196900_7E13EEF6-6D5F-4B87-AD7E-8E93A585837C.log

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240912T1233170831-6976.etl

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Windows Analysis Report
Untitled.eml

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:06 UTC	2693	OUT	POST /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Content-Length: 821 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" x-ms-cc: t ScenarioType: AUO sec-ch-ua-mobile: ?0 Authorization: Bearer User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CollectSPPerfMetrics: SPSQLQueryCount Content-Type: application/json;odata=verbose accept: application/json;odata=verbose X-ClientService-ClientTag: ODB Web X-SP-REQUESTRESOURCES: listUrl=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments X-ServiceWorker-Strategy: CacheFirst x-requestdigest: 0xF393377C09E2787DA4FFC1B7594B8EDDE5F44F5CB482429BA446CC58D98F172224FBC074870843F754B4135E8354E517B97CB48AB674937096118CBDA3D013CA,12 Sep 2024 16:33:57 -0000 sec-ch-ua-platform: "Windows" Origin: https://ampsalon-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:06 UTC	821	OUT	Data Raw: 7b 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 5f 5f 6d 65 74 61 64 61 74 61 22 3a 7b 22 74 79 70 65 22 3a 22 53 50 2e 52 65 6e 64 65 72 4c 69 73 74 44 61 74 61 50 61 72 61 6d 65 74 65 72 73 22 7d 2c 22 52 65 6e 64 65 72 4f 70 74 69 6f 6e 73 22 3a 31 30 35 32 36 37 39 2c 22 56 69 65 77 58 6d 6c 22 3a 22 3c 56 69 65 77 20 3e 3c 51 75 65 72 79 3e 3c 2f 51 75 65 72 79 3e 3c 56 69 65 77 46 69 65 6c 64 73 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 44 6f 63 49 63 6f 6e 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 4c 69 6e 6b 46 69 6c 65 6e 61 6d 65 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 4d 6f 64 69 66 69 65 64 5c 22 2f 3e 3c 46 69 65 6c 64 52 65 66 20 4e 61 6d 65 3d 5c 22 45 64 69 74 6f 72 5c 22 2f 3e 3c 46 Data Ascii: {"parameters":{"__metadata":{"type":"SP.RenderListDataParameters"},"RenderOptions":1052679,"ViewXml":"<View ><Query></Query><ViewFields><FieldRef Name=\"DocIcon\"/><FieldRef Name=\"LinkFilename\"/><FieldRef Name=\"Modified\"/><FieldRef Name=\"Editor\"/><F
2024-09-12 16:34:07 UTC	3386	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Expires: Wed, 28 Aug 2024 16:34:06 GMT Last-Modified: Thu, 12 Sep 2024 16:34:06 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,1051136,0,80,1747734,0,1051136,41 X-SharePointHealthScore: 0 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 79 SPRequestDuration: 80 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 29944fa1-303a-0000-3024-2d8d376f9e12 request-id: 29944fa1-303a-0000-3024-2d8d376f9e12 MS-CV: oU+UKTowAAAwJC2NN2+eEg.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 3D7A4C1F2BFB4CB38C4D6994CB4710AF Ref B: EWR311000108031 Ref C: 2024-09-12T16:34:06Z Date: Thu, 12 Sep 2024 16:34:06 GMT Connection: close
2024-09-12 16:34:07 UTC	785	IN	Data Raw: 33 30 61 0d 0a 7b 22 77 70 71 22 3a 22 22 2c 22 54 65 6d 70 6c 61 74 65 73 22 3a 7b 7d 2c 22 4c 69 73 74 44 61 74 61 22 3a 7b 20 22 52 6f 77 22 20 3a 20 0a 5b 7b 0d 0a 22 49 44 22 3a 20 22 31 36 22 2c 0d 0a 22 50 65 72 6d 4d 61 73 6b 22 3a 20 22 30 78 33 30 30 38 30 33 31 30 32 31 22 2c 0d 0a 22 46 53 4f 62 6a 54 79 70 65 22 3a 20 22 31 22 2c 0d 0a 22 48 54 4d 4c 5f 78 30 30 32 30 5f 46 69 6c 65 5f 78 30 30 32 30 5f 54 79 70 65 22 3a 20 22 22 2c 0d 0a 22 55 6e 69 71 75 65 49 64 22 3a 20 22 7b 44 34 34 45 36 31 39 37 2d 41 45 31 42 2d 34 31 43 39 2d 39 31 38 43 2d 45 36 33 33 32 30 42 42 44 44 35 44 7d 22 2c 0d 0a 22 50 72 6f 67 49 64 22 3a 20 22 22 2c 0d 0a 22 4e 6f 45 78 65 63 75 74 65 22 3a 20 22 30 22 2c 0d 0a 22 43 6f 6e 74 65 6e 74 54 79 70 65 49 64 Data Ascii: 30a{"wpq":"","Templates":{},"ListData":{ "Row" : [{"ID": "16","PermMask": "0x3008031021","FSObjType": "1","HTML_x0020_File_x0020_Type": "","UniqueId": "{D44E6197-AE1B-41C9-918C-E63320BBDD5D}","ProgId": "","NoExecute": "0","ContentTypeId
2024-09-12 16:34:07 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 6c 2e 70 72 6f 67 69 64 22 3a 20 22 22 2c 0d 0a 22 53 65 72 76 65 72 52 65 64 69 72 65 63 74 65 64 45 6d 62 65 64 55 72 6c 22 3a 20 22 22 2c 0d 0a 22 46 69 6c 65 5f 78 30 30 32 30 5f 54 79 70 65 2e 70 72 6f 67 69 64 22 3a 20 22 46 41 4c 53 45 22 2c 0d 0a 22 46 69 6c 65 5f 78 30 30 32 30 5f 54 79 70 65 2e 75 72 6c 22 3a 20 22 22 2c 0d 0a 22 46 69 6c 65 4c 65 61 66 52 65 66 22 3a 20 22 53 74 65 72 6c 69 6e 67 20 53 74 61 66 66 69 6e 67 20 53 65 72 76 69 63 65 73 2c 20 49 6e 63 22 2c 0d 0a 22 43 68 65 63 6b 6f 75 74 55 73 65 72 22 3a 20 22 22 2c 0d 0a 22 43 68 65 63 6b 65 64 4f 75 74 55 73 65 72 49 64 22 3a 20 22 22 2c 0d 0a 22 49 73 43 68 65 63 6b 65 64 6f 75 74 54 6f 4c 6f 63 61 6c 22 3a 20 22 30 22 2c 0d 0a 22 5f 43 6f 6d 70 6c 69 61 6e Data Ascii: 2000l.progid": "","ServerRedirectedEmbedUrl": "","File_x0020_Type.progid": "FALSE","File_x0020_Type.url": "","FileLeafRef": "Sterling Staffing Services, Inc","CheckoutUser": "","CheckedOutUserId": "","IsCheckedoutToLocal": "0","_Complian
2024-09-12 16:34:07 UTC	4152	IN	Data Raw: 31 30 33 30 0d 0a 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 22 2c 0a 22 50 69 6e 6e 65 64 54 6f 46 69 6c 74 65 72 73 50 61 6e 65 22 3a 20 22 46 41 4c 53 45 22 2c 0a 22 53 68 6f 77 49 6e 46 69 6c 74 65 72 73 50 61 6e 65 22 3a 20 22 41 75 74 6f 22 7d 0a 2c 7b 22 4e 61 6d 65 22 3a 20 22 46 69 6c 65 52 65 66 22 2c 0a 22 46 69 65 6c 64 54 79 70 65 22 3a 20 22 4c 6f 6f 6b 75 70 22 2c 0a 22 52 65 61 6c 46 69 65 6c 64 4e 61 6d 65 22 3a 20 22 46 69 6c 65 52 65 66 22 2c 0a 22 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 20 22 55 52 4c 20 50 61 74 68 22 2c 0a 22 49 44 22 3a 20 22 39 34 66 38 39 37 31 35 2d 65 30 39 37 2d 34 65 38 62 2d 62 61 37 39 2d 65 61 30 32 61 61 38 62 37 61 64 62 22 2c 0a 22 53 74 61 Data Ascii: 103000000000-0000-0000-0000-000000000000","PinnedToFiltersPane": "FALSE","ShowInFiltersPane": "Auto"},{"Name": "FileRef","FieldType": "Lookup","RealFieldName": "FileRef","DisplayName": "URL Path","ID": "94f89715-e097-4e8b-ba79-ea02aa8b7adb","Sta
2024-09-12 16:34:07 UTC	7522	IN	Data Raw: 31 64 35 61 0d 0a 68 69 4e 6a 6b 74 5a 6a 59 7a 4e 6d 45 7a 59 6a 41 31 59 6a 59 33 49 69 77 69 5a 58 68 77 49 6a 6f 69 4d 54 63 79 4e 6a 45 33 4e 44 67 77 4d 43 4a 39 2e 43 69 4d 4b 43 58 4e 6f 59 58 4a 70 62 6d 64 70 5a 42 49 57 4e 6c 4a 4f 51 58 64 74 55 44 49 77 56 54 4a 4a 52 33 70 50 4e 31 56 33 61 47 4e 76 5a 77 6f 49 43 67 4e 7a 64 48 41 53 41 58 51 4b 43 67 6f 45 63 32 35 70 5a 42 49 43 4d 7a 4d 53 42 67 6a 2d 77 7a 6f 51 41 52 6f 4c 4f 43 34 30 4e 69 34 78 4d 6a 4d 75 4d 7a 4d 69 46 47 31 70 59 33 4a 76 63 32 39 6d 64 43 35 7a 61 47 46 79 5a 58 42 76 61 57 35 30 4b 69 78 46 4d 55 6f 32 4d 44 45 7a 4c 31 59 72 4b 79 39 44 51 6b 5a 43 62 32 52 4a 65 48 68 68 51 6c 4e 4e 53 33 4a 68 4d 56 5a 74 63 6d 59 79 4e 55 73 33 4d 6c 70 6f 4c 7a 56 6e 50 54 Data Ascii: 1d5ahiNjktZjYzNmEzYjA1YjY3IiwiZXhwIjoiMTcyNjE3NDgwMCJ9.CiMKCXNoYXJpbmdpZBIWNlJOQXdtUDIwVTJJR3pPN1V3aGNvZwoICgNzdHASAXQKCgoEc25pZBICMzMSBgj-wzoQARoLOC40Ni4xMjMuMzMiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixFMUo2MDEzL1YrKy9DQkZCb2RJeHhhQlNNS3JhMVZtcmYyNUs3MlpoLzVnPT
2024-09-12 16:34:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:06 UTC	2799	OUT	POST /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&TryNewExperienceSingle=TRUE HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Content-Length: 201 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" x-ms-cc: t ScenarioType: AUO Accept-Language: en-US sec-ch-ua-mobile: ?0 Authorization: Bearer User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json;odata=verbose CollectSPPerfMetrics: SPSQLQueryCount accept: application/json;odata=verbose X-ClientService-ClientTag: ODB Web X-SP-REQUESTRESOURCES: listUrl=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments X-ServiceWorker-Strategy: CacheFirst x-requestdigest: 0xF393377C09E2787DA4FFC1B7594B8EDDE5F44F5CB482429BA446CC58D98F172224FBC074870843F754B4135E8354E517B97CB48AB674937096118CBDA3D013CA,12 Sep 2024 16:33:57 -0000 sec-ch-ua-platform: "Windows" Origin: https://ampsalon-my.sharepoint.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 Accept-Encoding: gzip, deflate, br Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:06 UTC	201	OUT	Data Raw: 7b 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 5f 5f 6d 65 74 61 64 61 74 61 22 3a 7b 22 74 79 70 65 22 3a 22 53 50 2e 52 65 6e 64 65 72 4c 69 73 74 44 61 74 61 50 61 72 61 6d 65 74 65 72 73 22 7d 2c 22 52 65 6e 64 65 72 4f 70 74 69 6f 6e 73 22 3a 35 34 34 35 33 38 33 2c 22 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 56 61 6c 75 65 46 69 6c 74 65 72 46 6f 72 54 61 78 6f 6e 6f 6d 79 46 69 65 6c 64 73 22 3a 74 72 75 65 2c 22 41 64 64 52 65 71 75 69 72 65 64 46 69 65 6c 64 73 22 3a 74 72 75 65 2c 22 52 65 71 75 69 72 65 46 6f 6c 64 65 72 43 6f 6c 6f 72 69 6e 67 46 69 65 6c 64 73 22 3a 74 72 75 65 7d 7d Data Ascii: {"parameters":{"__metadata":{"type":"SP.RenderListDataParameters"},"RenderOptions":5445383,"AllowMultipleValueFilterForTaxonomyFields":true,"AddRequiredFields":true,"RequireFolderColoringFields":true}}
2024-09-12 16:34:07 UTC	3389	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Expires: Wed, 28 Aug 2024 16:34:06 GMT Last-Modified: Thu, 12 Sep 2024 16:34:06 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,4204800,88,76,5567578,0,3657934,36 X-SharePointHealthScore: 0 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 108 SPRequestDuration: 109 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 29944fa1-403c-0000-2bbc-d6c3a15b29fd request-id: 29944fa1-403c-0000-2bbc-d6c3a15b29fd MS-CV: oU+UKTxAAAArvNbDoVsp/Q.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 31A440B831B346F3AAD17CB93598573D Ref B: EWR311000104021 Ref C: 2024-09-12T16:34:06Z Date: Thu, 12 Sep 2024 16:34:06 GMT Connection: close
2024-09-12 16:34:07 UTC	3444	IN	Data Raw: 64 36 64 0d 0a 7b 22 77 70 71 22 3a 22 22 2c 22 54 65 6d 70 6c 61 74 65 73 22 3a 7b 7d 2c 22 4c 69 73 74 44 61 74 61 22 3a 7b 20 22 52 6f 77 22 20 3a 20 0a 5b 7b 0d 0a 22 49 44 22 3a 20 22 31 37 22 2c 0d 0a 22 50 65 72 6d 4d 61 73 6b 22 3a 20 22 30 78 33 30 30 38 30 33 31 30 32 31 22 2c 0d 0a 22 46 53 4f 62 6a 54 79 70 65 22 3a 20 22 30 22 2c 0d 0a 22 48 54 4d 4c 5f 78 30 30 32 30 5f 46 69 6c 65 5f 78 30 30 32 30 5f 54 79 70 65 22 3a 20 22 22 2c 0d 0a 22 55 6e 69 71 75 65 49 64 22 3a 20 22 7b 35 37 45 31 43 46 41 42 2d 46 34 39 37 2d 34 42 32 38 2d 42 38 44 34 2d 42 45 42 32 33 46 41 44 30 37 33 36 7d 22 2c 0d 0a 22 50 72 6f 67 49 64 22 3a 20 22 22 2c 0d 0a 22 4e 6f 45 78 65 63 75 74 65 22 3a 20 22 31 22 2c 0d 0a 22 43 6f 6e 74 65 6e 74 54 79 70 65 49 64 Data Ascii: d6d{"wpq":"","Templates":{},"ListData":{ "Row" : [{"ID": "17","PermMask": "0x3008031021","FSObjType": "0","HTML_x0020_File_x0020_Type": "","UniqueId": "{57E1CFAB-F497-4B28-B8D4-BEB23FAD0736}","ProgId": "","NoExecute": "1","ContentTypeId
2024-09-12 16:34:07 UTC	8200	IN	Data Raw: 32 30 30 30 0d 0a 73 65 22 2c 0d 0a 22 2e 63 74 61 67 22 3a 20 22 5c 22 63 3a 7b 35 37 45 31 43 46 41 42 2d 46 34 39 37 2d 34 42 32 38 2d 42 38 44 34 2d 42 45 42 32 33 46 41 44 30 37 33 36 7d 2c 31 5c 22 22 2c 0d 0a 22 2e 65 74 61 67 22 3a 20 22 5c 22 7b 35 37 45 31 43 46 41 42 2d 46 34 39 37 2d 34 42 32 38 2d 42 38 44 34 2d 42 45 42 32 33 46 41 44 30 37 33 36 7d 2c 31 5c 22 22 2c 0d 0a 22 49 6e 74 65 72 61 63 74 69 76 69 74 79 22 3a 20 22 22 2c 0d 0a 22 45 64 69 74 73 22 3a 20 22 22 2c 0d 0a 22 50 72 65 76 69 65 77 54 68 75 6d 62 6e 61 69 6c 73 51 75 61 6c 69 74 79 53 65 74 73 22 3a 20 22 22 0d 0a 7d 0d 0a 5d 2c 22 46 69 72 73 74 52 6f 77 22 20 3a 20 31 2c 0d 0a 22 46 6f 6c 64 65 72 50 65 72 6d 69 73 73 69 6f 6e 73 22 20 3a 20 22 30 78 33 30 30 38 30 33 Data Ascii: 2000se",".ctag": "\"c:{57E1CFAB-F497-4B28-B8D4-BEB23FAD0736},1\"",".etag": "\"{57E1CFAB-F497-4B28-B8D4-BEB23FAD0736},1\"","Interactivity": "","Edits": "","PreviewThumbnailsQualitySets": ""}],"FirstRow" : 1,"FolderPermissions" : "0x300803
2024-09-12 16:34:07 UTC	1489	IN	Data Raw: 35 63 61 0d 0a 68 63 65 6e 74 72 61 6c 75 73 31 2d 6d 65 64 69 61 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 6d 65 64 69 61 42 61 73 65 55 72 6c 53 65 63 6f 6e 64 61 72 79 22 20 3a 20 22 68 74 74 70 73 3a 5c 75 30 30 32 66 5c 75 30 30 32 66 6e 6f 72 74 68 63 65 6e 74 72 61 6c 75 73 31 2d 6d 65 64 69 61 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 70 75 73 68 43 68 61 6e 6e 65 6c 42 61 73 65 55 72 6c 22 20 3a 20 22 68 74 74 70 73 3a 5c 75 30 30 32 66 5c 75 30 30 32 66 73 6f 75 74 68 63 65 6e 74 72 61 6c 75 73 30 2e 70 75 73 68 6e 70 2e 73 76 63 2e 6d 73 22 0d 0a 2c 20 22 2e 63 61 6c 6c 65 72 53 74 61 63 6b 22 20 3a 20 22 66 46 4e 51 54 77 22 0d 0a 2c 20 22 2e 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 20 3a 20 22 32 39 39 34 34 66 61 31 2d 34 30 33 63 2d Data Ascii: 5cahcentralus1-mediap.svc.ms", ".mediaBaseUrlSecondary" : "https:\u002f\u002fnorthcentralus1-mediap.svc.ms", ".pushChannelBaseUrl" : "https:\u002f\u002fsouthcentralus0.pushnp.svc.ms", ".callerStack" : "fFNQTw", ".correlationId" : "29944fa1-403c-
2024-09-12 16:34:07 UTC	5766	IN	Data Raw: 31 36 37 65 0d 0a 65 61 74 65 4e 65 77 44 6f 63 75 6d 65 6e 74 2e 61 73 70 78 3f 69 64 3d 68 74 74 70 73 3a 2f 2f 61 6d 70 73 61 6c 6f 6e 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 70 65 72 73 6f 6e 61 6c 2f 67 75 65 73 74 73 65 72 76 69 63 65 73 5f 61 6d 6f 6d 65 6e 74 73 70 65 61 63 65 5f 63 6f 6d 2f 44 6f 63 75 6d 65 6e 74 73 2f 46 6f 72 6d 73 2f 74 65 6d 70 6c 61 74 65 2e 64 6f 74 78 22 2c 22 63 6f 6e 74 65 6e 74 54 79 70 65 49 64 22 3a 22 30 78 30 31 30 31 30 30 38 30 44 43 38 33 39 46 43 43 32 46 36 32 34 42 39 46 31 32 31 32 45 42 31 32 44 34 43 44 32 30 22 2c 22 69 63 6f 6e 55 72 6c 22 3a 22 69 63 64 6f 74 78 2e 70 6e 67 22 2c 22 64 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 44 6f 63 75 6d 65 6e 74 22 2c 22 43 6c 69 65 6e 74 46 6f 72 6d Data Ascii: 167eeateNewDocument.aspx?id=https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/Documents/Forms/template.dotx","contentTypeId":"0x01010080DC839FCC2F624B9F1212EB12D4CD20","iconUrl":"icdotx.png","displayName":"Document","ClientForm
2024-09-12 16:34:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:07 UTC	1750	OUT	GET /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:07 UTC	3394	IN	HTTP/1.1 405 Method Not Allowed Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/xml;charset=utf-8 Expires: Wed, 28 Aug 2024 16:34:07 GMT Last-Modified: Thu, 12 Sep 2024 16:34:07 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,27414,0,52435,40 X-SharePointHealthScore: 2 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 23 SPRequestDuration: 24 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 29944fa1-c073-0000-2bbc-d9e0ad75732d request-id: 29944fa1-c073-0000-2bbc-d9e0ad75732d MS-CV: oU+UKXPAAAArvNngrXVzLQ.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FDDC4B561ADB431CB7962755FF49A756 Ref B: EWR311000101049 Ref C: 2024-09-12T16:34:07Z Date: Thu, 12 Sep 2024 16:34:07 GMT Connection: close
2024-09-12 16:34:07 UTC	450	IN	Data Raw: 31 62 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 6d 3a 65 72 72 6f 72 20 78 6d 6c 6e 73 3a 6d 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 64 6f 2f 32 30 30 37 2f 30 38 2f 64 61 74 61 73 65 72 76 69 63 65 73 2f 6d 65 74 61 64 61 74 61 22 3e 3c 6d 3a 63 6f 64 65 3e 2d 31 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 53 68 61 72 65 50 6f 69 6e 74 2e 43 6c 69 65 6e 74 2e 43 6c 69 65 6e 74 53 65 72 76 69 63 65 45 78 63 65 70 74 69 6f 6e 3c 2f 6d 3a 63 6f 64 65 3e 3c 6d 3a 6d 65 73 73 61 67 65 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 54 68 65 20 48 54 54 50 20 6d 65 74 68 6f 64 20 27 47 45 54 27 20 63 61 6e 6e 6f 74 20 62 65 Data Ascii: 1bb<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>-1, Microsoft.SharePoint.Client.ClientServiceException</m:code><m:message xml:lang="en-US">The HTTP method 'GET' cannot be
2024-09-12 16:34:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:07 UTC	1865	OUT	GET /personal/guestservices_amomentspeace_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&TryNewExperienceSingle=TRUE HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:08 UTC	3403	IN	HTTP/1.1 405 Method Not Allowed Cache-Control: private, max-age=0 Transfer-Encoding: chunked Content-Type: application/xml;charset=utf-8 Expires: Wed, 28 Aug 2024 16:34:07 GMT Last-Modified: Thu, 12 Sep 2024 16:34:07 GMT Vary: Origin P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,2102272,23,209,11105019,0,2102272,40 X-SharePointHealthScore: 0 X-SP-SERVERSTATE: ReadOnly=0 DATASERVICEVERSION: 3.0 SPClientServiceRequestDuration: 25 SPRequestDuration: 26 X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 29944fa1-c079-0000-2bbc-d080be032bba request-id: 29944fa1-c079-0000-2bbc-d080be032bba MS-CV: oU+UKXnAAAArvNCAvgMrug.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5a&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C089D9425BFA444E9FE3B55111F06555 Ref B: EWR311000101017 Ref C: 2024-09-12T16:34:07Z Date: Thu, 12 Sep 2024 16:34:07 GMT Connection: close
2024-09-12 16:34:08 UTC	450	IN	Data Raw: 31 62 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 6d 3a 65 72 72 6f 72 20 78 6d 6c 6e 73 3a 6d 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 64 6f 2f 32 30 30 37 2f 30 38 2f 64 61 74 61 73 65 72 76 69 63 65 73 2f 6d 65 74 61 64 61 74 61 22 3e 3c 6d 3a 63 6f 64 65 3e 2d 31 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 53 68 61 72 65 50 6f 69 6e 74 2e 43 6c 69 65 6e 74 2e 43 6c 69 65 6e 74 53 65 72 76 69 63 65 45 78 63 65 70 74 69 6f 6e 3c 2f 6d 3a 63 6f 64 65 3e 3c 6d 3a 6d 65 73 73 61 67 65 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 54 68 65 20 48 54 54 50 20 6d 65 74 68 6f 64 20 27 47 45 54 27 20 63 61 6e 6e 6f 74 20 62 65 Data Ascii: 1bb<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>-1, Microsoft.SharePoint.Client.ClientServiceException</m:code><m:message xml:lang="en-US">The HTTP method 'GET' cannot be
2024-09-12 16:34:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:09 UTC	2781	OUT	GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive Cache-Control: max-age=0 Accept: / Service-Worker: script Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: serviceworker Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:10 UTC	1960	IN	HTTP/1.1 200 OK Cache-Control: max-age=1800 Content-Length: 896 Content-Type: text/javascript; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,160830,0,271451,36 Service-Worker-Allowed: / Strict-Transport-Security: max-age=31536000 X-AspNet-Version: 4.0.30319 SPRequestDuration: 27 SPIisLatency: 0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E23B7513112B4109A1196B438F76AAB6 Ref B: EWR311000108021 Ref C: 2024-09-12T16:34:09Z Date: Thu, 12 Sep 2024 16:34:09 GMT Connection: close
2024-09-12 16:34:10 UTC	896	IN	Data Raw: 0d 0a 76 61 72 20 5f 73 74 61 72 74 54 69 6d 65 3d 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2c 5f 73 74 61 72 74 54 69 6d 65 54 69 63 6b 73 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 0a 76 61 72 20 5f 73 68 6f 75 6c 64 42 79 70 61 73 73 3d 66 61 6c 73 65 3b 0a 76 61 72 20 5f 63 64 6e 42 61 73 65 55 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 72 65 73 2d 31 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 66 69 6c 65 73 2f 6f 64 73 70 2d 77 65 62 2d 70 72 6f 64 5f 32 30 32 34 2d 30 38 2d 32 33 2e 30 30 39 2f 27 3b 0a 76 61 72 20 5f 73 77 42 75 69 6c 64 4e 75 6d 62 65 72 3d 27 6f 64 73 70 2d 77 65 62 2d 70 72 6f 64 5f 32 30 32 34 2d 30 38 2d 32 33 2e 30 30 39 27 3b 0a 76 61 72 20 5f 77 77 42 75 69 6c 64 4e 75 6d 62 65 72 3d 27 6f 64 73 70 2d 77 65 62 2d 70 72 6f Data Ascii: var _startTime=performance.now(),_startTimeTicks=Date.now();var _shouldBypass=false;var _cdnBaseUrl='https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-23.009/';var _swBuildNumber='odsp-web-prod_2024-08-23.009';var _wwBuildNumber='odsp-web-pro

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:10 UTC	2055	OUT	GET /_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ampsalon-my.sharepoint.com/personal/guestservices_amomentspeace_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fguestservices%5Famomentspeace%5Fcom%2FDocuments%2FSterling%20Staffing%20Services%2C%20Inc&ga=1&LOF=1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:11 UTC	3279	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=86400 Content-Length: 1500 Content-Type: image/png P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,525568,0,0,10320,0,60398,36 X-SharePointHealthScore: 2 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Disposition: attachment; filename=PersonPlaceholder.96x96x32.png X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 2a944fa1-b02d-0000-2bbc-d3aff47ccbef request-id: 2a944fa1-b02d-0000-2bbc-d3aff47ccbef MS-CV: oU+UKi2wAAArvNOv9HzL7w.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5d&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 85EE36EC55844E828E20612B6EBB0142 Ref B: EWR311000108023 Ref C: 2024-09-12T16:34:10Z Date: Thu, 12 Sep 2024 16:34:10 GMT Connection: close
2024-09-12 16:34:11 UTC	891	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 05 71 49 44 41 54 78 5e ed 9c e7 6e e4 30 0c 84 ef fd df 66 d3 7b 43 1a d2 7b 45 7a ef bd 17 1d c6 a7 3d 20 39 da 2b c9 36 c9 bd 68 80 f9 97 ac 69 7d 6b 2d 45 51 fe 55 a9 54 4c b4 9c 23 00 61 47 00 c2 8e 00 84 1d 01 08 3b 02 10 76 04 20 ec 08 40 d8 11 80 b0 23 00 61 47 00 c2 8e 00 84 5d 77 00 7a 7b 7b 4d 7f 7f ff 5f 53 7f 53 4f 56 0f a0 b3 b3 d3 ac ae ae 9a cb cb 4b 93 a6 f7 f7 77 73 78 78 68 c6 c7 c7 4d 73 73 33 f9 39 5a ad 16 c0 c0 c0 80 d9 df df b7 43 ec ae 8f 8f 0f b3 b5 b5 65 5a 5b 5b c9 cf d5 66 75 Data Ascii: PNGIHDR``w8sRGBgAMAapHYsodqIDATx^n0f{C{Ez= 9+6hi}k-EQUTL#aG;v @#aG]wz{{M_SSOVKwsxxhMss39ZCeZ[[fu
2024-09-12 16:34:11 UTC	609	IN	Data Raw: 4c a0 18 98 b5 37 8d a7 08 15 5b fc 1d f5 ff 45 ba 34 00 43 43 43 5e 1b f0 c8 d1 39 de fd 80 6f b8 eb 94 86 82 1d 9e 90 32 d3 d7 c2 01 e0 5b 13 da 7e 88 1b c6 b4 44 7d 6e 5e e3 37 01 4f 62 48 19 bc 0a a2 8c fa 51 a1 00 50 63 41 a1 2b af 4e 4e 4e 0a 5d b1 e2 b7 a1 88 86 30 54 6f b1 a7 4d 5d 23 d4 85 00 c0 71 53 7c 43 8a 14 da 45 f2 16 cd aa e9 6c c8 b7 3e 4d d8 cf 9e 9d 9d 25 af 17 e2 42 00 94 79 e0 ee f6 f6 36 59 21 fb a4 95 98 b3 91 15 f9 a4 af be 1a 1b 1b 23 af ed eb dc 00 90 73 73 08 8f 3f d2 45 7c fb 90 ce e2 07 1b 99 13 a6 97 e1 e1 e1 24 85 c4 53 88 b2 03 87 10 4f 11 1b fa b9 00 e0 07 97 eb 35 03 1a 85 cc 2d 6f fa 9c 0b 80 f4 59 5f 0d ca bb b1 1f 0c 00 d5 45 4d 0d 56 52 ca 7b de 38 18 00 ca 02 51 7f 94 27 2b 0a 02 80 b4 33 ab b4 f0 d3 84 da 14 35 4e Data Ascii: L7[E4CCC^9o2[~D}n^7ObHQPcA+NNN]0ToM]#qS\|CEl>M%By6Y!#ss?E\|$SO5-oY_EMVR{8Q'+35N

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:11 UTC	1624	OUT	GET /_layouts/15/userphoto.aspx?size=M&accountname=guestservices%40amomentspeace.com HTTP/1.1 Host: ampsalon-my.sharepoint.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9zejkw [TRUNCATED]
2024-09-12 16:34:12 UTC	3285	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=86400 Content-Length: 1500 Content-Type: image/png P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2NlMzg4NWM0ZGQ0Y2M0Y2I4OWM5NjZkZTU1MTQwYjBhNjI2MmM1NzU2NGU4YTg2MDRiOTU3MDU1NzdiMzVkMzIsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jY2UzODg1YzRkZDRjYzRjYjg5Yzk2NmRlNTUxNDBiMGE2MjYyYzU3NTY0ZThhODYwNGI5NTcwNTU3N2IzNWQzMiwxMzM3MDYzMjcwODAwMDAwMDAsMCwxMzM3MDcxODgwODM1NTg1MzYsMC4wLjAuMCwyNTgsNWRkMmZmMzktOTNlZS00ZTBjLThiNjktZjYzNmEzYjA1YjY3LCwsMWY5NDRmYTEtOTBjMy0wMDAwLTJiYmMtZGMxNDBmYTE5YTAyLDFmOTQ0ZmExLTkwYzMtMDAwMC0yYmJjLWRjMTQwZmExOWEwMiw2Uk5Bd21QMjBVMklHek83VXdoY29nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEzNDcsZmR2dURYQldnMl94b0tPWElIbWlEQlZ5ckdnLG1uS25nVzl0Z2NTa2VCSWdCZEg0VC95TjluYmVWM2c1a2JubnZYQ3JqcDRzZ3RjbkFDMmV1TmpuVmh6eFZUZEpzNVNDKzFOMnVVaGlTclhWNktLcGVGZU10RGh2TW5FcmFmL1JoSWtqakpTaEhHUmpjKzU3SkphbHJOVk1aTU1BVG82cGZqcFA1VWc4TGxXY2MrdUc4emhJMG4zck5ic2tuQVlNWlZBek9RMVNTbVJHcFpBQWJkYU5YNjhzWG1xYzZXcVphazBKSWpKSGsyaGRVY2dFZXJXams0MjZTTk0zQ1k1bW8yR0JocS9yUHVpY3g0Ty9z [TRUNCATED] X-NetworkStatistics: 0,2102272,0,201,962290,0,2102272,40 X-SharePointHealthScore: 2 Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Disposition: attachment; filename=PersonPlaceholder.96x96x32.png X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 2a944fa1-3069-0000-2a47-0b18488c94b9 request-id: 2a944fa1-3069-0000-2a47-0b18488c94b9 MS-CV: oU+UKmkwAAAqRwsYSIyUuQ.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=5dd2ff39-93ee-4e0c-8b69-f636a3b05b67&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com app.powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25221 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 287AF738505B48659EE8987648271517 Ref B: EWR311000103049 Ref C: 2024-09-12T16:34:11Z Date: Thu, 12 Sep 2024 16:34:11 GMT Connection: close
2024-09-12 16:34:12 UTC	1500	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 05 71 49 44 41 54 78 5e ed 9c e7 6e e4 30 0c 84 ef fd df 66 d3 7b 43 1a d2 7b 45 7a ef bd 17 1d c6 a7 3d 20 39 da 2b c9 36 c9 bd 68 80 f9 97 ac 69 7d 6b 2d 45 51 fe 55 a9 54 4c b4 9c 23 00 61 47 00 c2 8e 00 84 1d 01 08 3b 02 10 76 04 20 ec 08 40 d8 11 80 b0 23 00 61 47 00 c2 8e 00 84 5d 77 00 7a 7b 7b 4d 7f 7f ff 5f 53 7f 53 4f 56 0f a0 b3 b3 d3 ac ae ae 9a cb cb 4b 93 a6 f7 f7 77 73 78 78 68 c6 c7 c7 4d 73 73 33 f9 39 5a ad 16 c0 c0 c0 80 d9 df df b7 43 ec ae 8f 8f 0f b3 b5 b5 65 5a 5b 5b c9 cf d5 66 75 Data Ascii: PNGIHDR``w8sRGBgAMAapHYsodqIDATx^n0f{C{Ez= 9+6hi}k-EQUTL#aG;v @#aG]wz{{M_SSOVKwsxxhMss39ZCeZ[[fu

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:12 UTC	698	OUT	GET / HTTP/1.1 Host: hie4bqxikx.n2ns99.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://ampsalon-my.sharepoint.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-12 16:34:12 UTC	421	IN	HTTP/1.1 200 OK Date: Thu, 12 Sep 2024 16:34:12 GMT Server: Apache/2.4.56 (Unix) OpenSSL/3.0.7 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; path=/ Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-09-12 16:34:12 UTC	7771	IN	Data Raw: 31 66 63 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 33 4f 46 37 43 5a 39 4f 32 4d 48 4c 38 35 4a 4c 4f 33 31 52 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 20 4a 4f 4d 51 52 47 38 59 47 46 49 39 4b 31 4f 51 48 43 54 56 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: 1fc6<!DOCTYPE html><html lang="en" 3OF7CZ9O2MHL85JLO31R><head> <meta charset="UTF-8"> <link rel="shortcut icon" href="data:image/x-icon;, JOMQRG8YGFI9K1OQHCTV" type="image/x-icon"> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewp
2024-09-12 16:34:12 UTC	369	IN	Data Raw: 2c 30 2c 2e 31 29 3b 7d 0d 0a 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 7d 0d 0a 2e 78 6d 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 70 78 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 3a 34 70 78 3b 77 69 64 74 68 3a 32 38 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 6f 75 74 6c 69 6e 65 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 65 78 74 2d 62 6f 74 74 6f 6d 3b 7d 0d 0a 2e 78 6d 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 2d 62 6f 72 Data Ascii: ,0,.1);}.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block;}.xmcaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom;}.xmcaptcha-checkbox-bor
2024-09-12 16:34:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-09-12 16:34:12 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 31 63 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 70 78 3b 68 65 69 67 68 74 3a 32 34 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 34 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 3b 7d 0d 0a 2e 78 6d 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 2d 62 6f 72 64 65 72 41 6e 69 6d 61 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 46 51 41 41 41 4e 49 43 41 59 41 41 41 42 5a 6c 38 69 38 41 41 41 41 42 6d 4a 4c 52 30 51 41 2f 77 44 2f 41 50 2b 67 76 61 65 54 41 41 41 41 43 58 42 49 57 58 4d 41 41 41 42 49 41 41 41 41 53 41 42 47 79 57 73 2b 41 41 Data Ascii: 1f401c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1;}.xmcaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AA
2024-09-12 16:34:12 UTC	7822	IN	Data Raw: 2b 54 65 78 2f 54 59 57 2f 2f 6e 70 33 51 4f 48 4c 41 50 31 31 50 74 35 36 6e 6b 6d 46 62 39 65 75 54 69 31 62 6c 6a 74 4d 2b 49 41 76 41 2f 54 4d 66 46 30 63 6d 55 34 41 54 6a 2b 39 54 75 33 62 46 78 34 6d 38 73 4b 48 67 54 6b 39 6e 35 66 76 65 76 42 66 43 75 76 55 4a 5a 66 55 71 66 33 37 67 38 4e 45 48 75 51 31 4d 46 64 6e 66 66 41 68 44 78 61 59 76 36 36 31 6c 59 43 63 65 57 61 64 2b 76 68 6a 2f 7a 43 52 46 6e 6b 4d 54 50 6a 34 75 6d 79 42 47 4b 6a 6e 38 41 75 74 36 6c 54 48 6a 6e 58 71 6a 6a 76 71 31 4f 72 56 36 55 48 69 47 74 49 67 72 59 47 4a 76 4f 63 45 33 56 63 36 30 6a 66 70 54 75 4c 2f 4c 69 58 32 69 6b 34 39 31 59 7a 63 34 38 59 5a 34 52 6a 6e 57 6d 2f 55 49 63 39 4a 73 6f 32 63 48 75 77 77 72 54 39 70 37 55 69 78 68 65 78 70 42 36 63 5a 4a 67 Data Ascii: +Tex/TYW//np3QOHLAP11Pt56nkmFb9euTi1bljtM+IAvA/TMfF0cmU4ATj+9Tu3bFx4m8sKHgTk9n5fvevBfCuvUJZfUqf37g8NEHuQ1MFdnffAhDxaYv661lYCceWad+vhj/zCRFnkMTPj4umyBGKjn8Aut6lTHjnXqjjvq1OrV6UHiGtIgrYGJvOcE3Vc60jfpTuL/LiX2ik491Yzc48YZ4RjnWm/UIc9Jso2cHuwwrT9p7UixhexpB6cZJg
2024-09-12 16:34:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-09-12 16:34:12 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 49 31 71 2f 69 66 68 35 71 50 49 67 37 7a 77 59 55 48 74 6e 4b 5a 6d 45 73 7a 46 69 78 65 72 62 64 75 32 68 5a 71 50 49 67 2f 79 77 6f 63 46 74 58 4f 61 6d 6d 6c 67 6e 6e 43 43 55 69 2b 39 70 46 52 54 69 48 65 6d 49 67 2f 79 77 6b 63 43 61 75 64 55 51 4f 2f 32 59 47 37 5a 6e 66 76 4c 57 65 48 44 67 6e 70 33 43 71 42 33 65 7a 41 50 48 4d 6a 39 48 79 6a 77 59 55 47 39 4f 77 58 51 75 2b 4d 77 31 36 37 4e 66 57 49 50 48 77 6d 6f 64 36 63 61 67 4b 6a 50 52 4f 31 79 5a 66 42 6c 39 61 6d 46 53 51 4d 51 39 5a 6d 6f 58 61 34 4d 76 71 77 2b 74 54 42 70 41 44 4a 39 4a 6d 71 58 4b 34 4f 76 52 4a 39 61 61 41 4d 64 45 73 55 43 53 64 4c 43 79 42 41 4c 36 4a 41 6f 46 6b 69 53 46 6b 61 47 57 45 43 48 78 50 76 4d 4a 6f 65 76 52 6f 61 76 52 4a 38 36 78 41 Data Ascii: 1f40I1q/ifh5qPIg7zwYUHtnKZmEszFixerbdu2hZqPIg/ywocFtXOammlgnnCCUi+9pFRTiHemIg/ywkcCaudUQO/2YG7ZnfvLWeHDgnp3CqB3ezAPHMj9HyjwYUG9OwXQu+Mw167NfWIPHwmod6cagKjPRO1yZfBl9amFSQMQ9ZmoXa4Mvqw+tTBpADJ9JmqXK4OvRJ9aaAMdEsUCSdLCyBAL6JAoFkiSFkaGWECHxPvMJoevRoavRJ86xA
2024-09-12 16:34:12 UTC	7822	IN	Data Raw: 2d 61 6e 63 68 6f 72 2d 63 6f 6e 74 65 6e 74 7b 68 65 69 67 68 74 3a 37 34 70 78 3b 77 69 64 74 68 3a 32 30 36 70 78 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 63 68 65 63 6b 62 6f 78 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 20 32 70 78 20 31 32 70 78 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 63 68 65 63 6b 62 6f 78 2d 6c 61 62 65 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 68 65 6c 76 65 74 69 63 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 6e 6f 72 6d 61 6c 20 2e 72 63 2d 61 6e 63 68 6f 72 2d 63 68 65 63 6b 62 6f 78 2d 6c 61 62 65 6c Data Ascii: -anchor-content{height:74px;width:206px;}.rc-anchor-checkbox{margin:0 12px 2px 12px;}.rc-anchor-checkbox-label{font-family:Roboto,helvetica,arial,sans-serif;font-size:14px;font-weight:400;line-height:17px;}.rc-anchor-normal .rc-anchor-checkbox-label
2024-09-12 16:34:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-09-12 16:34:12 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 20 69 64 3d 6c 6f 67 6f 3e 20 3c 64 69 76 20 69 64 3d 66 6c 61 70 43 6f 6e 74 61 69 6e 65 72 3e 20 3c 64 69 76 20 69 64 3d 6f 70 65 6e 65 64 46 6c 61 70 3e 20 3c 64 69 76 20 69 64 3d 66 6d 61 73 6b 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 66 6c 61 70 54 72 69 61 6e 67 6c 65 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 63 61 6c 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 74 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 72 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 20 73 31 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 20 73 32 20 52 4c 50 38 42 39 54 30 49 56 56 35 42 36 32 59 35 58 38 51 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 20 73 33 22 3e 3c 2f 64 69 76 3e Data Ascii: 1f40 id=logo> <div id=flapContainer> <div id=openedFlap> <div id=fmask> <div class=flapTriangle></div></div></div><div id=cal> <div class=t></div><div class=r> <div class="s s1"></div><div class="s s2 RLP8B9T0IVV5B62Y5X8Q"></div><div class="s s3"></div>

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:16 UTC	805	OUT	GET / HTTP/1.1 Host: hie4bqxikx.n2ns99.store Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://hie4bqxikx.n2ns99.store/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1
2024-09-12 16:34:17 UTC	517	IN	HTTP/1.1 302 Found Date: Thu, 12 Sep 2024 16:34:16 GMT Server: Apache/2.4.56 (Unix) OpenSSL/3.0.7 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm; expires=Thu, 12-Sep-2024 16:39:17 GMT; Max-Age=300; path=/; HttpOnly Location: m/9281dd0567d70f5aa562b0b45ccbdcb3.htm Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-09-12 16:34:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-12 16:34:17 UTC	884	OUT	GET /m/9281dd0567d70f5aa562b0b45ccbdcb3.htm HTTP/1.1 Host: hie4bqxikx.n2ns99.store Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://hie4bqxikx.n2ns99.store/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d0be137c3d98830afe1d8343780b9537; preload=1; rt=9281dd0567d70f5aa562b0b45ccbdcb3.htm
2024-09-12 16:34:17 UTC	357	IN	HTTP/1.1 200 OK Date: Thu, 12 Sep 2024 16:34:17 GMT Server: Apache/2.4.56 (Unix) OpenSSL/3.0.7 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-09-12 16:34:17 UTC	7835	IN	Data Raw: 33 33 37 62 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 34 4f 4a 49 4a 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 45 30 59 53 31 4a 30 44 44 4f 4f 35 42 5a 46 56 5a 51 58 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: 337b<html dir="ltr" class="4OJIJ" lang="en"> <head> <title>4E0YS1J0DDOO5BZFVZQX</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" />
2024-09-12 16:34:17 UTC	5350	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 22 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <div class=""></div> </div> <div class="" style="margin-bottom: 20px; display: flex; align-items: center;">
2024-09-12 16:34:17 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-09-12 16:34:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0