Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Cryptography

Source: chromecache_1050.14.dr

Binary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----

memstr_e9f4499d-3

Phishing

Source: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/

HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49885 version: TLS 1.2

Networking

Source: global traffic

TCP traffic: 192.168.2.16:49717 -> 1.1.1.1:53

Source: Joe Sandbox View

IP Address: 13.107.136.10 13.107.136.10

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWoaM2LaelOXU8&MD=LbnGm7y6 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/v2.1/graphql HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWoaM2LaelOXU8&MD=LbnGm7y6 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWdHkyK0JJRkk3a3F5OXMrTUdxTmVHQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.SI8cQ4SXFo4rwUupfSxWZVMv9gk7P3-noB-kUG8aoOk&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWdHkyK0JJRkk3a3F5OXMrTUdxTmVHQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.SI8cQ4SXFo4rwUupfSxWZVMv9gk7P3-noB-kUG8aoOk&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWdHkyK0JJRkk3a3F5OXMrTUdxTmVHQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.SI8cQ4SXFo4rwUupfSxWZVMv9gk7P3-noB-kUG8aoOk&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWdHkyK0JJRkk3a3F5OXMrTUdxTmVHQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.SI8cQ4SXFo4rwUupfSxWZVMv9gk7P3-noB-kUG8aoOk&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ee3d09ce5c171ae002cab98841c92b86 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ee3d09ce5c171ae002cab98841c92b86 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?3df352edd7d3ab59a9ec9e022a676c2e HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?3df352edd7d3ab59a9ec9e022a676c2e HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?977605b2b261daafedc8f21331f23802 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e0eoo/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7caad09dd84794&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e0eoo/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e0eoo/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0c3d74797a89e425b23c11ed7a62611f HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?977605b2b261daafedc8f21331f23802 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7caad09dd84794&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0c3d74797a89e425b23c11ed7a62611f HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1690534537:1729797106:Vr6q-IfjiwD6LK05wqCpAUcSrx-7RJxtkzzY_oxFyss/8d7caad09dd84794/EXKKNKWsr0IjKeBDAMkvL6v72k0sq1lrBIlW7T0kpZk-1729801223-1.1.1.1-F0kXuPT8b0ur6i8U1cP7ENtEd2xj77x4cJtTXmdkVaiTFxNjzFCYh.xa2WRiDIE9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7caad09dd84794/1729801225888/xf_Rm4yg23a7UoE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e0eoo/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7caad09dd84794/1729801225888/0901550898927346355fe5d75953a03f77ad87d1b032785307d7034a8398a9b7/3fJSEn3o2gWLDJ3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e0eoo/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7caad09dd84794/1729801225888/xf_Rm4yg23a7UoE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1690534537:1729797106:Vr6q-IfjiwD6LK05wqCpAUcSrx-7RJxtkzzY_oxFyss/8d7caad09dd84794/EXKKNKWsr0IjKeBDAMkvL6v72k0sq1lrBIlW7T0kpZk-1729801223-1.1.1.1-F0kXuPT8b0ur6i8U1cP7ENtEd2xj77x4cJtTXmdkVaiTFxNjzFCYh.xa2WRiDIE9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/AccessDenied.aspx?correlation=d0255da1%2Db0b7%2D6000%2Dc603%2D53c63453d726 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=dfada040-1b12-417f-82d4-cfca3f9fe22d; ai_session=IoQcrINpBTspyAgbNlcjKH|1729801199120|1729801199120; MSFPC=GUID=836372ae8a054880928c2d263d23ae58&HASH=8363&LV=202410&V=4&LU=1729801199043
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1690534537:1729797106:Vr6q-IfjiwD6LK05wqCpAUcSrx-7RJxtkzzY_oxFyss/8d7caad09dd84794/EXKKNKWsr0IjKeBDAMkvL6v72k0sq1lrBIlW7T0kpZk-1729801223-1.1.1.1-F0kXuPT8b0ur6i8U1cP7ENtEd2xj77x4cJtTXmdkVaiTFxNjzFCYh.xa2WRiDIE9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://16b69e33.0cced60565238cd25cf4ed69.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hvbWVsdW1iZXJuaWMuY29tLyIsImRvbWFpbiI6ImhvbWVsdW1iZXJuaWMuY29tIiwia2V5IjoiMXNqR21RSU55b09xIiwicXJjIjpudWxsLCJpYXQiOjE3Mjk4MDEyNjYsImV4cCI6MTcyOTgwMTM4Nn0.o6YNK3nB1E9a9nybI_l6eF5h2Dq7umIM8cxLkpUztDs HTTP/1.1Host: homelumbernic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: homelumbernic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=1sjGmQINyoOq; qPdM.sig=uXE-3nq4l_1-Idgy6g4_t6odANQ
Source: global traffic	HTTP traffic detected: GET /?cczaakcn=8e046e7478bbf41c4cf7f968bdde58ccc0c8096e13ca756c0ff9f4e4f59a51b115684b7074dddc35db930f1d04fff40d449be6179b7d8fa41e235872a3a257c0 HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=tRYFZjXP48PQ; qPdM.sig=1tH6jAPSEokw68F40y7j2BAHNKw
Source: global traffic	HTTP traffic detected: GET /mail/ HTTP/1.1Host: homelumbernic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=1sjGmQINyoOq; qPdM.sig=uXE-3nq4l_1-Idgy6g4_t6odANQ

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: neweranet0.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: eastus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: 7d922087c09d72a0e525b959f027fa71.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic	DNS traffic detected: DNS query: 16b69e33.0cced60565238cd25cf4ed69.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: qiagens.com
Source: global traffic	DNS traffic detected: DNS query: homelumbernic.com

Source: unknown

HTTP traffic detected: POST /personal/malahmar_neweranet_com/_api/v2.1/graphql HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json;odata=verboseContent-Type: application/json;odata=verboseX-ServiceWorker-Strategy: CacheFirstsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTA3MDAwMDAwMDAsMCwxMzM3NDM2MTE3MDU1MjE0NTQsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsYzAyNTVkYTEtYzA1Yi02MDAwLWIzNzQtY2MzMjY4NTI1MTE0LGMwMjU1ZGExLWMwNWItNjAwMC1iMzc0LWNjMzI2ODUyNTExNCx0eTIrQklGSTdrcXk5cytNR3FOZUdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLE9zbEhaZEpmUHNyY0dqK1ZMQWtqRmxjdGZVdGNBZTRUTngxZGxXT2F2NEprRytVZno0MlpzVkFzcDhJL2Y3ZGo2SEw5MXA5bmRjSFhubjhZQ2FVQ0xRSkVudTZiWDlnZW4rbDJPSkFsUlJ5TmtVVmNWeXREUkVYaXYwemw1YnBlU0MvbXpTZUt2a3E0QklFdzQ2SjI2b0VwbTRoNVBZYUE1cFIyS1pXby8waUxQeFJGalFVQVpvOGNnT0RlL3ZzbEs4UEd2Q0wzTndnVGt3T1hoNWNtdmUxK0xncFI2bE1yWE5DVE1md1g4NDhCZW9sOTFmUnJyOFVCSldSbER6QUx3SXA3VmZiRVpieWt6aG9OeWdreDkzNFdzSDlkWi81RUdqSUVnTmppTUVBa3YrK05kNWdsVnNFS091YVRBb3NUdnZtMnNPZkRubjlneXp6QnNOUkdTdz09PC9TUD4=

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:20:27 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: H4Ls72WkA8QCiyOJDjNuLBFVokRjPK0/MoU=$kntjk6Bxu/u8NRKlServer: cloudflareCF-RAY: 8d7caae52cec2e60-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:20:31 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: ATIIZ8RjX4BFyWmlTfSC0LyQljZ9vcLV+WA=$JO/IQzZJZHitFVvbServer: cloudflareCF-RAY: 8d7caafe5c486b7c-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:21:05 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 3W5OpE2expnpzmY/Yasb9ja4oCuROC84Cks=$2HH+cjReUDg5CHWOcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7cabd74efe2c9f-DFWalt-svc: h3=":443"; ma=86400

Source: chromecache_714.14.dr, chromecache_1068.14.dr, chromecache_733.14.dr, chromecache_1052.14.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_1016.14.dr, chromecache_978.14.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_894.14.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_780.14.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: chromecache_1013.14.dr, chromecache_958.14.dr	String found in binary or memory: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/)
Source: chromecache_1023.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_1023.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_1020.14.dr, chromecache_1050.14.dr, chromecache_963.14.dr, chromecache_790.14.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: ed7554e8-e1f9-40e5-a432-1e96251107c0.tmp.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_864.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: chromecache_1069.14.dr, chromecache_752.14.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_1023.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_909.14.dr, chromecache_761.14.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_1023.14.dr, chromecache_740.14.dr, chromecache_837.14.dr, chromecache_776.14.dr, chromecache_741.14.dr, chromecache_883.14.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_909.14.dr, chromecache_761.14.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: chromecache_837.14.dr, chromecache_883.14.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	String found in binary or memory: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br
Source: chromecache_1023.14.dr, chromecache_740.14.dr, chromecache_837.14.dr, chromecache_776.14.dr, chromecache_741.14.dr, chromecache_883.14.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_1061.14.dr, chromecache_1023.14.dr, chromecache_957.14.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_1061.14.dr, chromecache_1023.14.dr, chromecache_957.14.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_909.14.dr, chromecache_761.14.dr	String found in binary or memory: https://onedrive.live.com/sa
Source: chromecache_1023.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_1050.14.dr, chromecache_963.14.dr, chromecache_790.14.dr	String found in binary or memory: https://qiagens.com/?cczaakcn
Source: chromecache_741.14.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://res-1-sdf.cdn.office.net
Source: chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_732.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_912.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_912.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/stsserviceworkerprefetch/stsservicew
Source: chromecache_712.14.dr, chromecache_697.14.dr, chromecache_912.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/
Source: chromecache_912.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/spserviceworker.js
Source: chromecache_712.14.dr, chromecache_697.14.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/spwebworker.js
Source: chromecache_912.14.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_888.14.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_1023.14.dr, chromecache_776.14.dr, chromecache_741.14.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_1033.14.dr, chromecache_1057.14.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48

Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49885 version: TLS 1.2

System Summary

Source: chromecache_1053.14.dr	OLE indicator, VBA macros: true
Source: chromecache_766.14.dr	OLE indicator, VBA macros: true

Source: chromecache_1053.14.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chromecache_766.14.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: sus23.winPDF@34/694@61/11

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/etd2wgqoomlancpcjokati0br6hyyfmab6miwzmzjef3xw?e=8rf3az
Source: chromecache_958.14.dr	Initial sample: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.812

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 16-19-06-718.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1648 --field-trial-handle=1552,i,14824447783216249022,15538149311993325529,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2024,i,8418923506075728781,9654654873541631301,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1648 --field-trial-handle=1552,i,14824447783216249022,15538149311993325529,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2024,i,8418923506075728781,9654654873541631301,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JS count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_1013.14.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_1013.14.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_958.14.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_958.14.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: bc3c228ad2c13f96cb14375c3860e802.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: chromecache_1013.14.dr

Initial sample: PDF keyword obj count = 71

Persistence and Installation Behavior

Source: PDF document	LLM: Page contains button: 'View or Download Document' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'view or download document'
Source: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1	LLM: Page contains button: 'View docs.pdf' Source: '1.2.pages.csv'
Source: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445%2FView%20docs%2Epdf&parent=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445	LLM: Page contains button: 'View docs.pdf' Source: '2.3.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1013
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 958			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1013			Jump to dropped file

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: chromecache_829.14.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_829.14.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior