Windows Analysis Report
https://bioaquatictesting-my.sharepoint.com/:f:/g/personal/securedocument_bio-aquatic_com/EqfT1pjHkSVIsZ_uZ-FoAy4BgWwRj-5I-q_oaUpvi5Mxeg?e=eaqeTT

AV Detection

Source: https://bioaquatictesting-my.sharepoint.com/:f:/g/personal/securedocument_bio-aquatic_com/EqfT1pjHkSVIsZ_uZ-FoAy4BgWwRj-5I-q_oaUpvi5Mxeg?e=eaqeTT

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Cryptography

Source: chromecache_608.1.dr

Binary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----

memstr_072cecc0-0

Phishing

Source: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/	HTTP Parser: No favicon
Source: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/	HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49752 version: TLS 1.2

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/securedocument_bio-aquatic_com/EqfT1pjHkSVIsZ_uZ-FoAy4BgWwRj-5I-q_oaUpvi5Mxeg?e=eaqeTT HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&ga=1 HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /files/odsp-web-prod_2024-10-11.005/odblightspeedwebpack/plt.listviewdataprefetch.js HTTP/1.1Host: res-2.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://bioaquatictesting-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bioaquatictesting-my.sharepoint.com/personal/securedocument_bio-aquatic_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KbLBZaSFx4GZ5RC&MD=zaWpSOkc HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&ga=1 HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KbLBZaSFx4GZ5RC&MD=zaWpSOkc HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_api/v2.1/graphql HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&TryNewExperienceSingle=TRUE HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/securedocument_bio-aquatic_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=true HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://bioaquatictesting-my.sharepoint.com/personal/securedocument_bio-aquatic_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1730271948_ef6d5f77f53ee0995ffb822849d4e41231eb693fcd5bcd06f8a01faee3198610&P1=1730239537&P2=-149452251&P3=1&P4=s5Rua3zKoQMriF9ENufenKumHtecir2zTpedCPgvmWPk30BGUoP0SJxk0WSaJE0GbfsC90vc72K8T%2BDYSMDv7uyoKxYz4XhUcovwPMNY6BkZZu4A6kywgdA57b0l7igEozqfXilLNA%2F%2B6vwa5vxHZr9TEjoe%2BUlnhoSogvZMROmrvrnYqAmTK06alGZbV5TL4lG38j01mg21Hc18RaOqe%2BaR8LW5rURe8iau9EMm27t0gV2UHl2ph%2B3TUSRwu4oIFATq0ewr6Cj2Gg9WpNGEkZQbedOaAYGuV%2Fp0uRZ4Dybrv%2BuazooVGFx9NHUDklx81uLimKm6V5BL3F4ikOlDYw%3D%3D&size=M&accountname=securedocument%40bio-aquatic.com HTTP/1.1Host: bioaquatictesting.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ecf9f5d4.5488c3d0d3cad43764af2694.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1730271948_ef6d5f77f53ee0995ffb822849d4e41231eb693fcd5bcd06f8a01faee3198610&P1=1730239537&P2=-149452251&P3=1&P4=s5Rua3zKoQMriF9ENufenKumHtecir2zTpedCPgvmWPk30BGUoP0SJxk0WSaJE0GbfsC90vc72K8T%2BDYSMDv7uyoKxYz4XhUcovwPMNY6BkZZu4A6kywgdA57b0l7igEozqfXilLNA%2F%2B6vwa5vxHZr9TEjoe%2BUlnhoSogvZMROmrvrnYqAmTK06alGZbV5TL4lG38j01mg21Hc18RaOqe%2BaR8LW5rURe8iau9EMm27t0gV2UHl2ph%2B3TUSRwu4oIFATq0ewr6Cj2Gg9WpNGEkZQbedOaAYGuV%2Fp0uRZ4Dybrv%2BuazooVGFx9NHUDklx81uLimKm6V5BL3F4ikOlDYw%3D%3D&size=M&accountname=securedocument%40bio-aquatic.com HTTP/1.1Host: bioaquatictesting.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true&siteConfigRace=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/avtok/0x4AAAAAAAyqhdsS748m01Iy/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da62f46ce314696&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/avtok/0x4AAAAAAAyqhdsS748m01Iy/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/avtok/0x4AAAAAAAyqhdsS748m01Iy/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ecf9f5d4.5488c3d0d3cad43764af2694.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da62f46ce314696&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ecf9f5d4.5488c3d0d3cad43764af2694.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1998701899:1730234443:Lwng_uon9EBlqVf_OwLTCeaoBddYvZZMnG7SnJ47QYs/8da62f46ce314696/EO0cJRx97HDDZuUel89VEbDMwCOeAGslO55MJMWuQrA-1730236565-1.1.1.1-tRUrelRR2SbLwLh6vk60CiYzh9YugjlJrNK38KKD5xtqpaUyHbsojPyB1iL63eLU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8da62f46ce314696/1730236567653/AQ_jg06ejatCKms HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/avtok/0x4AAAAAAAyqhdsS748m01Iy/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8da62f46ce314696/1730236567653/8ecd4f25404bcf125d69fcf8a87fc286caf76e5a5dab48c4b3939caab3d2b433/oWTYv0K7VjGtnqP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/avtok/0x4AAAAAAAyqhdsS748m01Iy/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8da62f46ce314696/1730236567653/AQ_jg06ejatCKms HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1998701899:1730234443:Lwng_uon9EBlqVf_OwLTCeaoBddYvZZMnG7SnJ47QYs/8da62f46ce314696/EO0cJRx97HDDZuUel89VEbDMwCOeAGslO55MJMWuQrA-1730236565-1.1.1.1-tRUrelRR2SbLwLh6vk60CiYzh9YugjlJrNK38KKD5xtqpaUyHbsojPyB1iL63eLU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1998701899:1730234443:Lwng_uon9EBlqVf_OwLTCeaoBddYvZZMnG7SnJ47QYs/8da62f46ce314696/EO0cJRx97HDDZuUel89VEbDMwCOeAGslO55MJMWuQrA-1730236565-1.1.1.1-tRUrelRR2SbLwLh6vk60CiYzh9YugjlJrNK38KKD5xtqpaUyHbsojPyB1iL63eLU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?udjgtgaa HTTP/1.1Host: mercyassurance.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Byb2ZpbGVmb3Jkb2Nkb2Muc2l0ZS8iLCJkb21haW4iOiJwcm9maWxlZm9yZG9jZG9jLnNpdGUiLCJrZXkiOiJBYU9ETkRCVEFkNlUiLCJxcmMiOm51bGwsImlhdCI6MTczMDIzNjU3NywiZXhwIjoxNzMwMjM2Njk3fQ.vLn_DbjbAUhewfzbA__di56NFn2NPKqdCTyfc9zFG-8 HTTP/1.1Host: profilefordocdoc.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?udjgtgaa HTTP/1.1Host: mercyassurance.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: profilefordocdoc.siteConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=AaODNDBTAd6U; qPdM.sig=IiJPDADbxZ7oBnXlcEbI6rO1GD8
Source: global traffic	HTTP traffic detected: GET /?udjgtgaa=9a39987b0b60fec5006df30a8df8a3c8aa154aaca41dbce7edab646c5141f50fab7c3c72e42c2dc3994509c6bb7161d84e8ed17dca7526c9bfd6cd2b5d243e03 HTTP/1.1Host: mercyassurance.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=o2hsc65PtjlV; qPdM.sig=e2dgsoICds21wEzeCb9lf2j5W08
Source: global traffic	HTTP traffic detected: GET /mail/ HTTP/1.1Host: profilefordocdoc.siteConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=AaODNDBTAd6U; qPdM.sig=IiJPDADbxZ7oBnXlcEbI6rO1GD8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?becfa8bc415428344db40631b306b365 HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://bioaquatictesting-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?b78390c9e3d8e295b99594d42d0e8b5c HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://bioaquatictesting-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?becfa8bc415428344db40631b306b365 HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?b78390c9e3d8e295b99594d42d0e8b5c HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a0612edc05412c5bcc3585a5aa793a37 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://bioaquatictesting-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?669b15a5e7af14e37d390cbe13e8e087 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://bioaquatictesting-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a0612edc05412c5bcc3585a5aa793a37 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?669b15a5e7af14e37d390cbe13e8e087 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: bioaquatictesting-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: bioaquatictesting.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: ecf9f5d4.5488c3d0d3cad43764af2694.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: mercyassurance.site
Source: global traffic	DNS traffic detected: DNS query: profilefordocdoc.site
Source: global traffic	DNS traffic detected: DNS query: c0149d99fde159617d8e36f080b49aff.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com

Source: unknown

HTTP traffic detected: POST /personal/securedocument_bio-aquatic_com/_api/v2.1/graphql HTTP/1.1Host: bioaquatictesting-my.sharepoint.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json;odata=verboseContent-Type: application/json;odata=verboseX-ServiceWorker-Strategy: CacheFirstsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://bioaquatictesting-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bioaquatictesting-my.sharepoint.com/personal/securedocument_bio-aquatic_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fsecuredocument%5Fbio%2Daquatic%5Fcom%2FDocuments%2FKravis%20Center%20for%20the%20Performing%20Arts&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzk4MDUzMjk1N2IzY2RhOWY5Zjk2ZDJlNzEzNmRmZjliODZmNDJkOGMxNWE4MWQ0N2IyMGI2ZGY2MmNlZjk4ZTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jOTgwNTMyOTU3YjNjZGE5ZjlmOTZkMmU3MTM2ZGZmOWI4NmY0MmQ4YzE1YTgxZDQ3YjIwYjZkZjYyY2VmOThlNiwxMzM3NDcxMDQwMzAwMDAwMDAsMCwxMzM3NDc5NjUwMzkwOTkxMDEsMC4wLjAuMCwyNTgsNjQ5OWU2MGYtYzU1MC00NzY1LWE0OGYtZWE2MmZlNzNiNjc3LCwsZWFjNDVlYTEtYTBlOS02MDAwLWNhMzAtZTdlNWMyNWFjYjZlLGVhYzQ1ZWExLWEwZTktNjAwMC1jYTMwLWU3ZTVjMjVhY2I2ZSx3UjUzVzFlZ2FVdWNhV3FPeHUzeTZ3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTM0OTcsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEZyMnBFRUxtcWxMWHVKNm9RYmZZWFZRYXlXaHFPQ2xQY2VKdXBOUnVkK1c3ZlUvN1IyYW9vY2UyOGZjcXo5MG9XREZUU3pvckxtU0FHNFdsZ0trWEZrMzRrVksxcWFnWU53Y0ExRGNpU0dBZk4zVUc5U2JuU0Z2N3VsSWoyYmlNbVpkTGErTm1tMkZlZ2ZiQTYvenV1cEpIeWhRWHNUaWdkMTZBY2dRNDBJdmsxS3ZRTW0vRy82cThXSXAxcmVLZXZ4SmgzcENSdTlCeFoxUm1yUmlBSzlXZENQSGprSGtVTDUzaExPcGh0Y2p4Y3ZNQnBsNUF0NythK2JXZXRaN0hWcnV2Zm1mZ0tFcmdrSnBPakd2T3dmWm9EOEF1ZDgwcEZtVUJSMVFJTStvQm5rMVVHOTc5Yi9IdHgzVHR5aEZJOEhuWHh5dmpUU3psSVFIUHJnZTR3dz09PC9TUD4=; FeatureOverrides_experiments=[]

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 21:16:08 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: rthVfB02fpQZMKQIovQhSmu06EXyzviNfXU=$InfcJVuQinjidj7yServer: cloudflareCF-RAY: 8da62f5b3a462857-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 21:16:12 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 6std16WfmnB3BKu6x5T7OMjF1UZ8zZUGhTg=$wu1qZpVc1/yrPdvKcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8da62f728de46c68-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 21:16:16 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: UPAGa/wn7F3xYtQPa+BsLlq4+uNqcMj/O2g=$pqGx2JSeMKgbAkpLServer: cloudflareCF-RAY: 8da62f8ae81eeb16-DFWalt-svc: h3=":443"; ma=86400

Source: chromecache_745.1.dr, chromecache_617.1.dr, chromecache_513.1.dr, chromecache_509.1.dr, chromecache_755.1.dr, chromecache_709.1.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_712.1.dr, chromecache_685.1.dr, chromecache_475.1.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_525.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_516.1.dr, chromecache_716.1.dr, chromecache_541.1.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_516.1.dr, chromecache_716.1.dr, chromecache_541.1.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_578.1.dr, chromecache_608.1.dr, chromecache_737.1.dr, chromecache_736.1.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_516.1.dr, chromecache_541.1.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: chromecache_516.1.dr, chromecache_716.1.dr, chromecache_541.1.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_532.1.dr, chromecache_640.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_516.1.dr, chromecache_515.1.dr, chromecache_716.1.dr, chromecache_541.1.dr, chromecache_544.1.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_608.1.dr, chromecache_737.1.dr, chromecache_736.1.dr	String found in binary or memory: https://mercyassurance.site/?udjgtgaa
Source: chromecache_532.1.dr, chromecache_640.1.dr	String found in binary or memory: https://microsoft.spfx3rdparty.com
Source: chromecache_516.1.dr, chromecache_515.1.dr, chromecache_716.1.dr, chromecache_541.1.dr, chromecache_544.1.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_668.1.dr, chromecache_746.1.dr, chromecache_716.1.dr, chromecache_673.1.dr	String found in binary or memory: https://onedrive.cloud.microsoft
Source: chromecache_668.1.dr, chromecache_746.1.dr, chromecache_716.1.dr, chromecache_673.1.dr	String found in binary or memory: https://onedrive.dev.cloud.microsoft
Source: chromecache_583.1.dr, chromecache_529.1.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_532.1.dr, chromecache_640.1.dr	String found in binary or memory: https://onedrive.live.com/sa
Source: chromecache_516.1.dr, chromecache_716.1.dr, chromecache_541.1.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_602.1.dr	String found in binary or memory: https://profilefordocdoc.site/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3By
Source: chromecache_708.1.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_516.1.dr, chromecache_541.1.dr	String found in binary or memory: https://res-1-sdf.cdn.office.net
Source: chromecache_583.1.dr, chromecache_516.1.dr, chromecache_541.1.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_652.1.dr, chromecache_717.1.dr, chromecache_507.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_583.1.dr, chromecache_661.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_661.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-11.005/stsserviceworkerprefetch/stsservicew
Source: chromecache_598.1.dr, chromecache_484.1.dr, chromecache_661.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-18.010/
Source: chromecache_661.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-18.010/spserviceworker.js
Source: chromecache_598.1.dr, chromecache_484.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-10-18.010/spwebworker.js
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-3b870ca1
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-b7da68fc
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-ab227069
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-97518b2a
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-93de749b
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-447adea9
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-9ea4d016
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-6a7224b3
Source: chromecache_583.1.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-644642c2
Source: chromecache_583.1.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-10-11.005/
Source: chromecache_583.1.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_583.1.dr, chromecache_661.1.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_516.1.dr, chromecache_541.1.dr	String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_516.1.dr, chromecache_541.1.dr	String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_583.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_628.1.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_516.1.dr, chromecache_668.1.dr, chromecache_716.1.dr, chromecache_541.1.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_721.1.dr, chromecache_740.1.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_529.1.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_583.1.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_529.1.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_583.1.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49752 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal48.win@22/484@60/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1720,i,11745549811523308955,2484393396440175979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bioaquatictesting-my.sharepoint.com/:f:/g/personal/securedocument_bio-aquatic_com/EqfT1pjHkSVIsZ_uZ-FoAy4BgWwRj-5I-q_oaUpvi5Mxeg?e=eaqeTT"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1720,i,11745549811523308955,2484393396440175979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Malware Analysis System Evasion

Source: chromecache_582.1.dr, chromecache_481.1.dr, chromecache_574.1.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_582.1.dr, chromecache_481.1.dr, chromecache_574.1.dr	Binary or memory string: ",DisconnectVirtualMachine:"