Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Sample name:	bc3c228ad2c13f96cb14375c3860e802.pdf
Analysis ID:	1541503
MD5:	5448dddeb4ccaa5cf39694f5c28a4b76
SHA1:	a64f68d8253c21beb398272f795aaa62db4de3f4
SHA256:	3d54f8929f551c67e0bec56d1a7c13be514b799da109ab85f3edb06681a32e2a
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

Drops files with a non-matching file extension (content does not match file extension)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains obfuscated script src

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Signatures

Source: chromecache_918.17.dr

Binary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----

memstr_ed0e94c3-6

Phishing

AI detected phishing page

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	LLM: Score: 9 Reasons: The brand 'Outlook' is well-known and is associated with the domain 'outlook.com'., The provided URL 'illmuina.com' does not match the legitimate domain for Outlook., The URL 'illmuina.com' does not contain any recognizable elements related to Outlook., The presence of input fields for email and account creation is typical for phishing sites attempting to mimic login pages., The domain 'illmuina.com' is suspicious as it does not relate to any known service or brand associated with Outlook. DOM: 5.10.pages.csv
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	LLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'illmuina.com' does not match the legitimate domain for Microsoft., The URL 'illmuina.com' does not contain any recognizable association with Microsoft., The URL does not contain any subdomains or elements that suggest a legitimate Microsoft service., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong indicator of phishing. DOM: 5.12.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 0.133.id.script.csv, type: HTML
Source: Yara match	File source: 0.138.id.script.csv, type: HTML
Source: Yara match	File source: 5.16.pages.csv, type: HTML
Source: Yara match	File source: 5.10.pages.csv, type: HTML
Source: Yara match	File source: 5.12.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://illmuina.com	Matcher: Template: microsoft matched with high similarity
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmN	Matcher: Template: microsoft matched
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmN	Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

HTML page contains obfuscated script src

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTTP Parser: <input type="password" .../> found

Source: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/	HTTP Parser: No favicon
Source: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49957 version: TLS 1.2

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.136.10 13.107.136.10
Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GaeUzFe9fxuK3Gv&MD=Y3CzMhnY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/v2.1/graphql HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GaeUzFe9fxuK3Gv&MD=Y3CzMhnY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cb2331df86b1f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cb2331df86b1f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cb2331df86b1f/1729801528446/hcPEVoAvcEGg0wO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cb2331df86b1f/1729801528446/hcPEVoAvcEGg0wO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7cb2331df86b1f/1729801528447/391605ba286f68df98208250e68f4a7c199b65305b6bf46bcc94639ac53eff8a/0QN79Uyf2HmXA8s HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e07ac061066ba18fa7b97e0654d9436d HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://16b69e33.0cced60565238cd25cf4ed69.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a106a24b73a74db3515ad939e5c8514e HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e07ac061066ba18fa7b97e0654d9436d HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2lsbG11aW5hLmNvbS8iLCJkb21haW4iOiJpbGxtdWluYS5jb20iLCJrZXkiOiJ5b0ZIdUhkYmwwSkQiLCJxcmMiOm51bGwsImlhdCI6MTcyOTgwMTUzNywiZXhwIjoxNzI5ODAxNjU3fQ.PK95BSyiMKiF5a86WrEL7drHWXsczyR6u2cQfqHIqzY HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a106a24b73a74db3515ad939e5c8514e HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d122ac44a142fefe436766869baa8b3a HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn=43dbe3be4ea967c921c47015dd2c2e1f2a0e66058ac6ba426a316aefef278ea9ee62cacb932202fa4171e55cbd45642a89b017c550b4e8050061aca0f37d9a8c HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=szxDkrNuQv0A; qPdM.sig=1YyWiNBeal69nqLvlxv-GzQWd1A
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk
Source: global traffic	HTTP traffic detected: GET /?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e32f41ff628254f2ac48073f90e481c2 HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d122ac44a142fefe436766869baa8b3a HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?bad6a97330817a280d386a4cd95a0ef9 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e32f41ff628254f2ac48073f90e481c2 HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ed125d994abdc805a9f496f9e5fb5601 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?bad6a97330817a280d386a4cd95a0ef9 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ed125d994abdc805a9f496f9e5fb5601 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8y
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://illmuina.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/AccessDenied.aspx?correlation=1e265da1%2D7085%2D6000%2Daa0e%2D1d0352a4af7e HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]; ai_session=aLJsOtZty6NoJa4JKf5lA0\|1729801509900\|1729801509900; MSFPC=GUID=f09e73372e0b4b43b7740e7c80cbfe4c&HASH=f09e&LV=202410&V=4&LU=1729801514528
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: neweranet0.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: eastus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: 16b69e33.0cced60565238cd25cf4ed69.workers.dev
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: qiagens.com
Source: global traffic	DNS traffic detected: DNS query: illmuina.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office.com
Source: global traffic	DNS traffic detected: DNS query: teams.cloud.microsoft
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /personal/malahmar_neweranet_com/_api/v2.1/graphql HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json;odata=verboseContent-Type: application/json;odata=verboseX-ServiceWorker-Strategy: CacheFirstsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:29 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: +3fDKCR9uk28LFlKHqxlWFlFyNqvYwZiPg8=$iDHoguPNI6zuZ0U1cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7cb2490b52eaac-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:33 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: WyzUGH+epEIVUvClRAVTXWfiGQM4fEMgQcE=$CHfD16/al+PaVcGlServer: cloudflareCF-RAY: 8d7cb25facb8e7eb-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:36 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: VyZTowY/P30o1GTUde4v/RuJV0x9pgSO7xc=$OAGLmXLVafmvW7Lrcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7cb2754b39e98f-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 7637b141-23cc-4a1e-9f53-bcf61ef18100x-ms-ests-server: 2.1.19184.6 - NCUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Thu, 24 Oct 2024 20:25:44 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_1250.17.dr, chromecache_816.17.dr, chromecache_839.17.dr, chromecache_1231.17.dr, chromecache_1176.17.dr, chromecache_1235.17.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_883.17.dr	String found in binary or memory: http://feross.org
Source: chromecache_1255.17.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_1198.17.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_1041.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_901.17.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: chromecache_1130.17.dr, chromecache_1253.17.dr	String found in binary or memory: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/)
Source: chromecache_1206.17.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_1206.17.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_918.17.dr, chromecache_1223.17.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_1010.17.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: chromecache_809.17.dr	String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: chromecache_883.17.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_867.17.dr, chromecache_1254.17.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_1146.17.dr	String found in binary or memory: https://illmuina.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2lsbG11aW5hL
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_978.17.dr	String found in binary or memory: https://lists.live.com/
Source: chromecache_1206.17.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_1028.17.dr, chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_1028.17.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_1206.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_852.17.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: chromecache_1196.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_914.17.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	String found in binary or memory: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br
Source: chromecache_1206.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_852.17.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_1206.17.dr, chromecache_1121.17.dr, chromecache_1241.17.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_1206.17.dr, chromecache_1121.17.dr, chromecache_1241.17.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_1228.17.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://onedrive.live.com/sa
Source: chromecache_1156.17.dr, chromecache_903.17.dr, chromecache_1007.17.dr, chromecache_817.17.dr	String found in binary or memory: https://outlook.office.com/search
Source: chromecache_1206.17.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_918.17.dr	String found in binary or memory: https://qiagens.com/?cczaakcn
Source: chromecache_1188.17.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_838.17.dr, chromecache_1085.17.dr, chromecache_1209.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_798.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/
Source: chromecache_798.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/spwebworker.js
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-3b870ca1
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-b7da68fc
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-ab227069
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-97518b2a
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-93de749b
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-447adea9
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-9ea4d016
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-6a7224b3
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-644642c2
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_1228.17.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_1228.17.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_1228.17.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_1206.17.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_900.17.dr, chromecache_1237.17.dr, chromecache_1213.17.dr, chromecache_1020.17.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_1228.17.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_1228.17.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49957 version: TLS 1.2

Document contains embedded VBA macros

Source: chromecache_1232.17.dr	OLE indicator, VBA macros: true
Source: chromecache_885.17.dr	OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: chromecache_1232.17.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chromecache_885.17.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal72.phis.winPDF@35/836@69/16

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/etd2wgqoomlancpcjokati0br6hyyfmab6miwzmzjef3xw?e=8rf3az
Source: chromecache_1130.17.dr	Initial sample: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6632

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 16-24-30-000.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1548,i,196938426665746239,18177206994314547253,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2032,i,248921863120407722,16504755158596381138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1548,i,196938426665746239,18177206994314547253,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2032,i,248921863120407722,16504755158596381138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JS count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_1253.17.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_1253.17.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_1130.17.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_1130.17.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: bc3c228ad2c13f96cb14375c3860e802.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: chromecache_1253.17.dr

Initial sample: PDF keyword obj count = 71

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document	LLM: Page contains button: 'View or Download Document' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'view or download document'
Source: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445%2FView%20docs%2Epdf&parent=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445	LLM: Page contains button: 'View docs.pdf' Source: '2.2.pages.csv'

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1253
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1130	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1253	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: chromecache_794.17.dr, chromecache_954.17.dr, chromecache_969.17.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_794.17.dr, chromecache_954.17.dr, chromecache_969.17.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.0.2	dns.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
96.7.168.138	unknown	United States	262589	INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR	false
40.99.150.114	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.99.150.50	HHN-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.52.38	16b69e33.0cced60565238cd25cf4ed69.workers.dev	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.123.128.14	s-0005.dual-s-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
52.98.179.34	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
89.185.80.154	illmuina.com	Russian Federation	41757	OLIMP-SVYAZ-ASRU	true

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
HHN-efz.ms-acdc.office.com	40.99.150.50	true
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true
illmuina.com	89.185.80.154	true
bg.microsoft.map.fastly.net	199.232.210.172	true
qiagens.com	89.185.80.154	true
ooc-g2.tm-4.office.com	52.98.179.34	true
challenges.cloudflare.com	104.18.95.41	true
dns.office.com	150.171.0.2	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.68	true
s-0005.dual-s-msedge.net	52.123.128.14	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
16b69e33.0cced60565238cd25cf4ed69.workers.dev	104.21.52.38	true
x1.i.lencr.org	unknown	unknown
neweranet0.sharepoint.com	unknown	unknown
r4.res.office365.com	unknown	unknown
outlook.office.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
outlook.office365.com	unknown	unknown
spo.nel.measure.office.net	unknown	unknown
teams.cloud.microsoft	unknown	unknown
a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.com	unknown	unknown
upload.fp.measure.office.com	unknown	unknown
config.fp.measure.office.com	unknown	unknown
eastus1-mediap.svc.ms	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://qiagens.com/?cczaakcn=43dbe3be4ea967c921c47015dd2c2e1f2a0e66058ac6ba426a316aefef278ea9ee62cacb932202fa4171e55cbd45642a89b017c550b4e8050061aca0f37d9a8c	false	unknown
https://neweranet0-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d7cb2331df86b1f/1729801528446/hcPEVoAvcEGg0wO	false	unknown
https://neweranet0-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg	true	unknown
https://outlook.office365.com/owa/prefetch.aspx	false	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_api/SP.OAuth.Token/Acquire()	false	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d7cb2331df86b1f/1729801528447/391605ba286f68df98208250e68f4a7c199b65305b6bf46bcc94639ac53eff8a/0QN79Uyf2HmXA8s	false	unknown
https://teams.cloud.microsoft/apc/trans.gif?bad6a97330817a280d386a4cd95a0ef9	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg	true	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445%2FView%20docs%2Epdf&parent=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false	unknown
https://eastus1-mediap.svc.ms/transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22	false	unknown
https://outlook.office.com/apc/trans.gif?d122ac44a142fefe436766869baa8b3a	false	unknown
https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/	false	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_api/v2.1/graphql	false	unknown
https://teams.cloud.microsoft/apc/trans.gif?ed125d994abdc805a9f496f9e5fb5601	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	true	unknown
https://challenges.cloudflare.com/turnstile/v0/b/e1a56f38220d/api.js	false	unknown
https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	true	unknown
https://neweranet0-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D	false	unknown
https://a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.com/apc/trans.gif?a106a24b73a74db3515ad939e5c8514e	false	unknown
https://neweranet0-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D	false	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/CSPReporting.aspx	false	unknown
https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/AccessDenied.aspx?correlation=1e265da1%2D7085%2D6000%2Daa0e%2D1d0352a4af7e	false	unknown
https://eastus1-mediap.svc.ms/transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight=	false	unknown
https://illmuina.com/owa/	true	unknown
https://outlook.office.com/apc/trans.gif?e32f41ff628254f2ac48073f90e481c2	false	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false	unknown
https://illmuina.com/	true	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js	true	unknown
https://illmuina.com/favicon.ico	true	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	true	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js	true	unknown
https://illmuina.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2lsbG11aW5hLmNvbS8iLCJkb21haW4iOiJpbGxtdWluYS5jb20iLCJrZXkiOiJ5b0ZIdUhkYmwwSkQiLCJxcmMiOm51bGwsImlhdCI6MTcyOTgwMTUzNywiZXhwIjoxNzI5ODAxNjU3fQ.PK95BSyiMKiF5a86WrEL7drHWXsczyR6u2cQfqHIqzY	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/	false	unknown
https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif	true	unknown
https://neweranet0.sharepoint.com/_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com	false	unknown
https://a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.com/apc/trans.gif?e07ac061066ba18fa7b97e0654d9436d	false	unknown
https://illmuina.com/common/GetCredentialType?mkt=en-US	true	unknown
https://illmuina.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css	true	unknown
https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/favicon.ico	false	unknown
https://qiagens.com/?cczaakcn	false	unknown
https://illmuina.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cb2331df86b1f&lang=auto	false	unknown

Source: chromecache_918.17.dr

Binary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----

memstr_ed0e94c3-6

Phishing

AI detected phishing page

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	LLM: Score: 9 Reasons: The brand 'Outlook' is well-known and is associated with the domain 'outlook.com'., The provided URL 'illmuina.com' does not match the legitimate domain for Outlook., The URL 'illmuina.com' does not contain any recognizable elements related to Outlook., The presence of input fields for email and account creation is typical for phishing sites attempting to mimic login pages., The domain 'illmuina.com' is suspicious as it does not relate to any known service or brand associated with Outlook. DOM: 5.10.pages.csv
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	LLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'illmuina.com' does not match the legitimate domain for Microsoft., The URL 'illmuina.com' does not contain any recognizable association with Microsoft., The URL does not contain any subdomains or elements that suggest a legitimate Microsoft service., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong indicator of phishing. DOM: 5.12.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 0.133.id.script.csv, type: HTML
Source: Yara match	File source: 0.138.id.script.csv, type: HTML
Source: Yara match	File source: 5.16.pages.csv, type: HTML
Source: Yara match	File source: 5.10.pages.csv, type: HTML
Source: Yara match	File source: 5.12.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://illmuina.com	Matcher: Template: microsoft matched with high similarity
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmN	Matcher: Template: microsoft matched
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmN	Matcher: Template: microsoft matched

HTML body contains low number of good links

HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

HTML page contains obfuscated script src

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTTP Parser: <input type="password" .../> found

Source: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/	HTTP Parser: No favicon
Source: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No favicon

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49957 version: TLS 1.2

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.136.10 13.107.136.10
Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GaeUzFe9fxuK3Gv&MD=Y3CzMhnY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/v2.1/graphql HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1729821675_978987c137e442151c7b982398c0d77c992fd737080b7f7acbe407a2f02f3ca6&P1=1729805032&P2=-149452251&P3=1&P4=T1YfEV6cUYX0UReS%2FpOQU7%2FnrgOYpy%2BnmiFTxwkUKlElDno3tNew4LsxRdyZhxw06SOPeyz%2Fnkzk4riIqEsOOdEX%2Fy5pjoAwsvkzKNFv88zqMGHa9wuLto%2BmtcyHpJkj0Tgb0ZcBKdKVpyl7mWz9G17S%2BRP7Pjk4JoRIOJsG3aqgRlL1%2Fl82f%2FJfsJ21Z3Uqz59rWvVHijyWtxBO9MPT8xFyiZgLbtTchL0y0vrwrqaZF9g8%2B05UXLGe5WiNKbE2rigAoKyBaAMGZ2DgY5wbozch32cE1DCEGcX3Xh0IVB2pSwwvEasUz99Yj23SGxBRNlaq3Ia6jKNmIKRNBnmvgQ%3D%3D&size=M&accountname=malahmar%40neweranet.com HTTP/1.1Host: neweranet0.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GaeUzFe9fxuK3Gv&MD=Y3CzMhnY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22 HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fneweranet0-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!8LVLDi5f_ESbIAFRkBb_wuVRh8JOqJNMty5azIcUhKaoh_V28urHQpwy_nU-LkKj%2Fitems%2F01Z3M5PR5D36TZOXWFAVBIEQGHQ734MSXQ%3Fversion%3DPublished&access_token=v1.eyJzaXRlaWQiOiIwZTRiYjVmMC01ZjJlLTQ0ZmMtOWIyMC0wMTUxOTAxNmZmYzIiLCJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV3ZXJhbmV0MC1teS5zaGFyZXBvaW50LmNvbUBkM2VlM2ZlZC1iNTVlLTQ5MzItYTM1NC1kOTI1ZGY1YzUwZGMiLCJleHAiOiIxNzI5ODE0NDAwIn0.CiMKCXNoYXJpbmdpZBIWTEw2S1pjVE1wa21YSjhKN2pFUFRnQQoICgNzdHASAXQKCgoEc25pZBICMzMSBgjk0zoQARoOMTczLjI1NC4yNTAuNzEiFG1pY3Jvc29mdC5zaGFyZXBvaW50KixBZUtpcUtkQzlVWTZsRUI4NGNqWk0wcENDSUxIYkQ1VWRzU0M2T0JQVlFNPTB4OAFKEGhhc2hlZHByb29mdG9rZW5iBHRydWVyYTBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2F6ATDCAWEwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMzMWE1ODYyMjBiOWUwNGFmYTdlNzE1NmE1MTg0MjYxMDU1YmQwNjI2ZGY2NzNiNzU3YzJlMDE5MDU0ZTVjZGNh.yl5HZkEsm_ow_vppRAjzfi8r6BwAi_Xw31TOI03w2DE&cTag=%22c%3A%7B97A7DFA3-C55E-4205-8240-C787F7C64AF0%7D%2C1%22&encodeFailures=1&width=1024&height=1024&srcWidth=&srcHeight= HTTP/1.1Host: eastus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cb2331df86b1f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cb2331df86b1f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 16b69e33.0cced60565238cd25cf4ed69.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cb2331df86b1f/1729801528446/hcPEVoAvcEGg0wO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cb2331df86b1f/1729801528446/hcPEVoAvcEGg0wO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7cb2331df86b1f/1729801528447/391605ba286f68df98208250e68f4a7c199b65305b6bf46bcc94639ac53eff8a/0QN79Uyf2HmXA8s HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5g0na/0x4AAAAAAAyORc_In180R-LS/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/860153270:1729797391:jSfkloMEoVcXzBqBe6pqzmYIrbImU0SmQd4TN3Y8rOg/8d7cb2331df86b1f/6FTJdsMzzg5YAgkR..N3R7KD85a.rxxZ4pKN17m3kig-1729801526-1.1.1.1-Nbe4ApgCuZmKnISEeTthvu1gKWHODS2KTHtZ2gi8jb0.55WsyEVUZX87SXscGIhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e07ac061066ba18fa7b97e0654d9436d HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://16b69e33.0cced60565238cd25cf4ed69.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a106a24b73a74db3515ad939e5c8514e HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e07ac061066ba18fa7b97e0654d9436d HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2lsbG11aW5hLmNvbS8iLCJkb21haW4iOiJpbGxtdWluYS5jb20iLCJrZXkiOiJ5b0ZIdUhkYmwwSkQiLCJxcmMiOm51bGwsImlhdCI6MTcyOTgwMTUzNywiZXhwIjoxNzI5ODAxNjU3fQ.PK95BSyiMKiF5a86WrEL7drHWXsczyR6u2cQfqHIqzY HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a106a24b73a74db3515ad939e5c8514e HTTP/1.1Host: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d122ac44a142fefe436766869baa8b3a HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cczaakcn=43dbe3be4ea967c921c47015dd2c2e1f2a0e66058ac6ba426a316aefef278ea9ee62cacb932202fa4171e55cbd45642a89b017c550b4e8050061aca0f37d9a8c HTTP/1.1Host: qiagens.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=szxDkrNuQv0A; qPdM.sig=1YyWiNBeal69nqLvlxv-GzQWd1A
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk
Source: global traffic	HTTP traffic detected: GET /?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ HTTP/1.1Host: illmuina.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e32f41ff628254f2ac48073f90e481c2 HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d122ac44a142fefe436766869baa8b3a HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?bad6a97330817a280d386a4cd95a0ef9 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e32f41ff628254f2ac48073f90e481c2 HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ed125d994abdc805a9f496f9e5fb5601 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://neweranet0-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://neweranet0-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?bad6a97330817a280d386a4cd95a0ef9 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ed125d994abdc805a9f496f9e5fb5601 HTTP/1.1Host: teams.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=true HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8y
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; fpc=AgCPfKbr1T5Hu-oyrvKseDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeT_4n64Z3iEimSIqQf3UUK3HiHIYF4YLtNpbIg5lv_iHQ3isocj0tvAybCwTM_xLrRyfdF9rmh5jbx9GIUlZAe8yaB3FBautUBtm5D4QHQ-q98xtjwE84-PucrBR_af_WsuovGdIGcUUfdrFcO2jMtaULIb68AJ8nZmZP09T5P_ogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://illmuina.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /personal/malahmar_neweranet_com/_layouts/15/AccessDenied.aspx?correlation=1e265da1%2D7085%2D6000%2Daa0e%2D1d0352a4af7e HTTP/1.1Host: neweranet0-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzMxYTU4NjIyMGI5ZTA0YWZhN2U3MTU2YTUxODQyNjEwNTViZDA2MjZkZjY3M2I3NTdjMmUwMTkwNTRlNWNkY2EsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzFhNTg2MjIwYjllMDRhZmE3ZTcxNTZhNTE4NDI2MTA1NWJkMDYyNmRmNjczYjc1N2MyZTAxOTA1NGU1Y2RjYSwxMzM3NDI3NTM4MjAwMDAwMDAsMCwxMzM3NDM2MTQ4MjUwMjE0ODYsMC4wLjAuMCwyNTgsZDNlZTNmZWQtYjU1ZS00OTMyLWEzNTQtZDkyNWRmNWM1MGRjLCwsMGMyNjVkYTEtYjA4MS02MDAwLWFhMGUtMWFiNTc0MmU5NjI2LDBjMjY1ZGExLWIwODEtNjAwMC1hYTBlLTFhYjU3NDJlOTYyNixMTDZLWmNUTXBrbVhKOEo3akVQVGdBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MjYsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLGNPUStvdXpteUIzb2EyZ2Fob3BLWktnend3WlN2eGFvdk1VZFVzUDBqTGlhb2xZcDNSOUk4d0dMYmhOMkw4VFo3c1psREk1TmRjWFlUM0tMd1p2VmdUVE95M2t0emwrRjdJY1lNZHNyck9zWWoxQ0FkMnNQUisvekVqL1d0czRVRUx0UE5vSklEekZqUW1NN1dvTWQ4TnNscE1xMEJWT1A2cGkrUC9hRnBmMkxuMnpiTEkrSzBDb1BxelRSK25rUHRKakIvRUU1V3RrMXJ6WWR2L1ZiQ3dhcGR5OW14Mmw2ZHRvMGprT0RBM0ErSi9VaE45a3JmSkUyV04wck1mRGxFRGtld0dIemZnNjFLUkFvN0UwaTNaeEtPTkltZm9lNlBKRC9wTkg5NEsraUw2d3o0cWZuYXlPR0pURnRDQnVyUjlCTCtScXNTanliTUo1RlNrcUY0QT09PC9TUD4=; FeatureOverrides_experiments=[]; ai_session=aLJsOtZty6NoJa4JKf5lA0\|1729801509900\|1729801509900; MSFPC=GUID=f09e73372e0b4b43b7740e7c80cbfe4c&HASH=f09e&LV=202410&V=4&LU=1729801514528
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: illmuina.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://illmuina.com/?fwrvtcrft=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9N2YxMjVkMGMtMTJjMy1jMjQyLTRmMmQtZWUxOTBkYzM0NWUwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY1Mzk4MzQwNTg3NzYwMS5lMjE1ZTg3MC1lYzAzLTQyMTgtYWZlZC0xZGQxODc5ZGNmNjMmc3RhdGU9RGN0QkVvQWdDRUJScmVrNEpFZ0tIc2NSM0xicy1yRjRmX2R6U3VrTVI4Z1lTZEpaZS1PaF9HQlRrWTUwZTZYbUtnaS1rT0dwcERDM0c1QVpxUXhidTNPTzl5cnZOOHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: illmuina.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=yoFHuHdbl0JD; qPdM.sig=ftxlg5-8Y92RYEos_rkJ06rZZVk; ClientId=82BAD7D4CAEA497B9374A35DC465C261; OIDC=1; OpenIdConnect.nonce.v3.sup9B6ZEUsfA82mDnA5liMJB_XpZiMb_G1Brp3kZB_Y=638653983405877601.e215e870-ec03-4218-afed-1dd1879dcf63; X-OWA-RedirectHistory=ArLym14BYalLB2r03Ag; esctx-8MIMiSwtbyw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFe2gwjjiRCVT1LWwjmzTT1QgTbM-Bzqbsg5T4ZLuMQW0vllIo9WkeGjt5iA3GGYPV8hsSgcsiZXxsBdzaJSe0Sr-TXSUofnsQumjHkNzCBJcf_enS_g1F9-GbPNih-taoscS4M79fe0UqvD6jz-ldajyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFe_d_ZamHgqmQPbzChEFdnRul5z2P4xuxJPLPEKM9yDKTsFGLTBulxNX1meyflWuA1eFsUlfMHbGqLzIy0u5PUAt487n8uPghai5EoxbR15BYgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeXaU5A4OdmLO3MFXqa3nxAx6eKNVzpX4R62ESrsrTIAb8HIjIQjDtpi-7AhU0iFRmn2DIwQQ_Wn981piUa5b-gBZFMIbf5igaZGcEv5AZH_WxCTTEZU3ejIKAU74IeDyQ9fQfCWjlGLIKFiYAPD2RYtz_Ek-n7leL8F9aSK8WHbQgAA; esctx-AlSDhilpH1M=AQABCQEAAADW6jl31mB3T7ugrWTT8pFexv6Dqi8kY4OzDpa4X_SIO-df5u3FX4_16MfOUZP8Rh_Rg_DVoyjgx8D5YM4WYc0qck88FLBQfHxk6wvksxXQKzBk-hxThjxamkIEkJri4SiPE7uM-nr2Asic_FYAG004qwXydI8tG8MXpkn4K12zdSAA; fpc=AgCPfKbr1T5Hu-oyrvKseDKerOTJAQAAAEmkrN4OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: neweranet0.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: eastus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: 16b69e33.0cced60565238cd25cf4ed69.workers.dev
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: a599989aa37d0cdcb2026ebacbf01376.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: qiagens.com
Source: global traffic	DNS traffic detected: DNS query: illmuina.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office.com
Source: global traffic	DNS traffic detected: DNS query: teams.cloud.microsoft
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:29 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: +3fDKCR9uk28LFlKHqxlWFlFyNqvYwZiPg8=$iDHoguPNI6zuZ0U1cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7cb2490b52eaac-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:33 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: WyzUGH+epEIVUvClRAVTXWfiGQM4fEMgQcE=$CHfD16/al+PaVcGlServer: cloudflareCF-RAY: 8d7cb25facb8e7eb-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:25:36 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: VyZTowY/P30o1GTUde4v/RuJV0x9pgSO7xc=$OAGLmXLVafmvW7Lrcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8d7cb2754b39e98f-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 7637b141-23cc-4a1e-9f53-bcf61ef18100x-ms-ests-server: 2.1.19184.6 - NCUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Thu, 24 Oct 2024 20:25:44 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_1250.17.dr, chromecache_816.17.dr, chromecache_839.17.dr, chromecache_1231.17.dr, chromecache_1176.17.dr, chromecache_1235.17.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_883.17.dr	String found in binary or memory: http://feross.org
Source: chromecache_1255.17.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_1198.17.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_1041.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_901.17.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: chromecache_1130.17.dr, chromecache_1253.17.dr	String found in binary or memory: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/)
Source: chromecache_1206.17.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_1206.17.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_918.17.dr, chromecache_1223.17.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_1010.17.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: chromecache_809.17.dr	String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: chromecache_883.17.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_867.17.dr, chromecache_1254.17.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_1146.17.dr	String found in binary or memory: https://illmuina.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2lsbG11aW5hL
Source: chromecache_1133.17.dr, chromecache_874.17.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_978.17.dr	String found in binary or memory: https://lists.live.com/
Source: chromecache_1206.17.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_1028.17.dr, chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_1028.17.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_1206.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_852.17.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: chromecache_1196.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_914.17.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	String found in binary or memory: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br
Source: chromecache_1206.17.dr, chromecache_1031.17.dr, chromecache_977.17.dr, chromecache_852.17.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_1206.17.dr, chromecache_1121.17.dr, chromecache_1241.17.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_1206.17.dr, chromecache_1121.17.dr, chromecache_1241.17.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_1228.17.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_877.17.dr, chromecache_1060.17.dr	String found in binary or memory: https://onedrive.live.com/sa
Source: chromecache_1156.17.dr, chromecache_903.17.dr, chromecache_1007.17.dr, chromecache_817.17.dr	String found in binary or memory: https://outlook.office.com/search
Source: chromecache_1206.17.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_918.17.dr	String found in binary or memory: https://qiagens.com/?cczaakcn
Source: chromecache_1188.17.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_838.17.dr, chromecache_1085.17.dr, chromecache_1209.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_798.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/
Source: chromecache_798.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.008/spwebworker.js
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-3b870ca1
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-b7da68fc
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-ab227069
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-97518b2a
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-93de749b
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-447adea9
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-9ea4d016
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-6a7224b3
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-644642c2
Source: chromecache_1228.17.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_1228.17.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_1228.17.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_1228.17.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_1206.17.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_900.17.dr, chromecache_1237.17.dr, chromecache_1213.17.dr, chromecache_1020.17.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_1228.17.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_1228.17.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49957 version: TLS 1.2

Document contains embedded VBA macros

Source: chromecache_1232.17.dr	OLE indicator, VBA macros: true
Source: chromecache_885.17.dr	OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: chromecache_1232.17.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chromecache_885.17.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal72.phis.winPDF@35/836@69/16

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/etd2wgqoomlancpcjokati0br6hyyfmab6miwzmzjef3xw?e=8rf3az
Source: chromecache_1130.17.dr	Initial sample: https://16b69e33.0cced60565238cd25cf4ed69.workers.dev/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6632

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 16-24-30-000.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1548,i,196938426665746239,18177206994314547253,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2032,i,248921863120407722,16504755158596381138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://neweranet0-my.sharepoint.com/:f:/g/personal/malahmar_neweranet_com/Etd2wgQOOMlAnCPcJokAti0Br6HyyfMaB6MiwzMZjEF3xw?e=8rf3aZ	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1548,i,196938426665746239,18177206994314547253,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2032,i,248921863120407722,16504755158596381138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JS count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_1253.17.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_1253.17.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: chromecache_1130.17.dr	Initial sample: PDF keyword /JS count = 0
Source: chromecache_1130.17.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: bc3c228ad2c13f96cb14375c3860e802.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: chromecache_1253.17.dr

Initial sample: PDF keyword obj count = 71

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document	LLM: Page contains button: 'View or Download Document' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'view or download document'
Source: https://neweranet0-my.sharepoint.com/personal/malahmar_neweranet_com/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445%2FView%20docs%2Epdf&parent=%2Fpersonal%2Fmalahmar%5Fneweranet%5Fcom%2FDocuments%2FRfq82020%2D382039302%2D42445	LLM: Page contains button: 'View docs.pdf' Source: '2.2.pages.csv'

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1253
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1130	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 1253	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: chromecache_794.17.dr, chromecache_954.17.dr, chromecache_969.17.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_794.17.dr, chromecache_954.17.dr, chromecache_969.17.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

ID:	1541503
Product:	CloudBasic
Start time:	22:23:48
Start date:	24.10.2024
Sample:	bc3c228ad2c13f96cb14375c3860e802.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5448dddeb4ccaa5cf39694f5c28a4b76
SHA1:	a64f68d8253c21beb398272f795aaa62db4de3f4
SHA256:	3d54f8929f551c67e0bec56d1a7c13be514b799da109ab85f3edb06681a32e2a
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf