Windows Analysis Report
https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK

Overview

General Information

Sample URL:	https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK
Analysis ID:	1500046
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Downloads suspicious files via Chrome

Phishing site or detected (based on various text indicators)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

HTML page contains hidden javascript code

May sleep (evasive loops) to hinder dynamic analysis

Classification

Signatures

Phishing

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.1

OCR Text: OneDrive Download Sort v El Details My files > ConsultTrueNorth Name v Activity Modified Modified By File size v Sharing Josh Gooch - ACCESS HERE TO REVIEW DOCUMENT.url hours ago 135 bytes shared

HTML page contains hidden javascript code

Source: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1

HTTP Parser: Base64 decoded: +)\.\d+))/.test(navigator.userAgent) || /[?&]env=TeamsWebView/.test(location.search) || /Teams\/((?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+))(?:\/(\\d+))?/.test(navigator.userAgent) || window.name ...

Source: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1

HTTP Parser: No favicon

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Source: unknown	HTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.7:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.7:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.7:49788 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 52.191.219.104
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64

Source: global traffic	DNS traffic detected: DNS query: netorgft13995914-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: southcentralus0-0.pushnp.svc.ms
Source: global traffic	DNS traffic detected: DNS query: netorgft13995914.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: southcentralus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: 41a4cc518a477116c4e9be60eb5c38f4.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ofc-mira.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net

Source: chromecache_600.2.dr, chromecache_485.2.dr, chromecache_633.2.dr, chromecache_611.2.dr, chromecache_728.2.dr, chromecache_609.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_602.2.dr, chromecache_578.2.dr, chromecache_667.2.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_609.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_756.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_756.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_756.2.dr, chromecache_743.2.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: 7za.exe, 0000000A.00000003.1788975112.0000000000750000.00000004.00000800.00020000.00000000.sdmp, 7za.exe, 0000000A.00000003.1788935868.0000000000770000.00000004.00000800.00020000.00000000.sdmp, ACCESS HERE TO REVIEW DOCUMENT.url.10.dr, chromecache_747.2.dr, 24edf70e-e691-4250-8a16-95d46e9cc80d.tmp.0.dr	String found in binary or memory: https://imosevero.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPWRIZFFiVU09JnVpZD1VU0VSMTkwODIwMjRVMDAwODE5MTY=N01
Source: chromecache_756.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_740.2.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_644.2.dr, chromecache_756.2.dr, chromecache_653.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_644.2.dr, chromecache_756.2.dr, chromecache_653.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_561.2.dr, chromecache_628.2.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_756.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_743.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_756.2.dr, chromecache_743.2.dr	String found in binary or memory: https://res-1-sdf.cdn.office.net
Source: chromecache_756.2.dr, chromecache_628.2.dr, chromecache_743.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_606.2.dr, chromecache_540.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25207.12004/1033/initstrings.js
Source: chromecache_540.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25207.12004/blank.js
Source: chromecache_606.2.dr, chromecache_540.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25207.12004/init.js
Source: chromecache_606.2.dr, chromecache_540.2.dr	String found in binary or memory: https://res-1.cdn.office.net/bld/_layouts/15/16.0.25207.12004/theming.js
Source: chromecache_672.2.dr, chromecache_676.2.dr, chromecache_740.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_620.2.dr, chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.003/
Source: chromecache_620.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.003/stsserviceworkerprefetch/stsservicew
Source: chromecache_524.2.dr, chromecache_748.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.004/
Source: chromecache_524.2.dr, chromecache_748.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.004/spwebworker.js
Source: chromecache_620.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.005/
Source: chromecache_620.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.005/spserviceworker.js
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-d3ce1c23
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-f4331117
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-2306eec9
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-9f1598dd
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-153996e1
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-da617bab
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-361c9c69
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-e9cf7774
Source: chromecache_628.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-2d58ae90
Source: chromecache_628.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-08-16.003/
Source: chromecache_606.2.dr	String found in binary or memory: https://res.cdn.office.net/teams-js/2.21.0/js/MicrosoftTeams.min.js
Source: chromecache_628.2.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_628.2.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_756.2.dr, chromecache_743.2.dr	String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_756.2.dr, chromecache_743.2.dr	String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_628.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_647.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_756.2.dr, chromecache_493.2.dr, chromecache_743.2.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_586.2.dr, chromecache_574.2.dr, chromecache_474.2.dr, chromecache_585.2.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_561.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_628.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_561.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_628.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: C:\Windows\SysWOW64\unarchiver.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4540:120:WilError_03

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1672,i,16938027763165024033,16628770741587318874,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ConsultTrueNorth.zip"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\n33vytxi.zmz" "C:\Users\user\Downloads\ConsultTrueNorth.zip"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1672,i,16938027763165024033,16628770741587318874,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ConsultTrueNorth.zip"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\n33vytxi.zmz" "C:\Users\user\Downloads\ConsultTrueNorth.zip"	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 1340000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 3390000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 15A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/v2.1/graphql HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&RootFolder=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1724806867_ac1f2e6c175bb0555ce7c3f9dfcda2ba64753d3b1b8c137b388f6d320b06fb94&P1=1724784807&P2=-149452251&P3=1&P4=GdjQ6b8g14Vmecg8Yzi%2BLwSuE%2BLsYlmrZpNuorOPLr21BC53LNLdrvW0yYgF2cbAmfgmrPxvQ4c9Gu%2B%2BAILAY1EguFZMMqQ1ZNarCTNyn0WfzrvtG3pv7hqzjOTzkhS%2B8PkahzdBNfz7m7wDocoqDeTg2YaYQdyIqpD4VSDbzAwESAFBQ3O1MgPpT12y8IV4UQ5QpPqgaOyKmNuNVVKXT%2BVryqPV%2BjENt8rNyzzuJOJ0iz0yd5bf4B1oFy4l7XrFQEO8lXpi2wmFhdrN85BAGIw5C%2B8m%2Fm2pz68Gtw0VUGvdjbT0x6uPdVuRHMyrUtI99XbsWFOvFaZzGiGCzwCwNQ%3D%3D&size=M&accountname=joshg%40tekton-builder.com HTTP/1.1Host: netorgft13995914.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1724806867_ac1f2e6c175bb0555ce7c3f9dfcda2ba64753d3b1b8c137b388f6d320b06fb94&P1=1724784807&P2=-149452251&P3=1&P4=GdjQ6b8g14Vmecg8Yzi%2BLwSuE%2BLsYlmrZpNuorOPLr21BC53LNLdrvW0yYgF2cbAmfgmrPxvQ4c9Gu%2B%2BAILAY1EguFZMMqQ1ZNarCTNyn0WfzrvtG3pv7hqzjOTzkhS%2B8PkahzdBNfz7m7wDocoqDeTg2YaYQdyIqpD4VSDbzAwESAFBQ3O1MgPpT12y8IV4UQ5QpPqgaOyKmNuNVVKXT%2BVryqPV%2BjENt8rNyzzuJOJ0iz0yd5bf4B1oFy4l7XrFQEO8lXpi2wmFhdrN85BAGIw5C%2B8m%2Fm2pz68Gtw0VUGvdjbT0x6uPdVuRHMyrUtI99XbsWFOvFaZzGiGCzwCwNQ%3D%3D&size=M&accountname=joshg%40tekton-builder.com HTTP/1.1Host: netorgft13995914.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=h9vFyUYAyhgZCsT0jbIsLA%3D%3DTAG491 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG491 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=GfMZmvgYSV9PGARKaos1xjPXKxz_cKD6zWz-wN4HKjZ6Uz6RATElP8OduHz4840ON9ZS8CEHZZhT2RwwN-VXkgqZFt0Z25aed7Y3RQSFQ1YwNjs5KobBOINgrf4sbQuoR1VCOEDYdWhrU7Kt_Od32bkALNNbT20xZpBHLi-PUQ_lEyrA0lgDYV4euoc-MJSp0&t=7a0cc936 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=P1N6w9s0PHnCWAuabGFvNN7zS3Gccqb-c4GfpjoYj9Wj8Wjrntp2xCJFzBsCEExHCWLKg7_YYYlY87MKdEkKC2Wz_BLkbsFmug4Nl8e7K4-3xC-S2ZjDFaNuHW78IZPcktOaVHrNsVlr8IopyMG7fH7v97Xlhbh-Xc7KZVKuHDFnMsZTAWWV2iY038xxGg8_0&t=7a0cc936 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=DTGb1Rcg6R11FpJMdu4qP3ybHWQgFLYKPidq_KFy63gQ82-UT1Wlbtw4mEM61zVA5amxqcUF-ZnzaVDZEp5hqU9gsUwnOEPkWncqlNc2hEg1&t=638588829843638381 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=P1N6w9s0PHnCWAuabGFvNN7zS3Gccqb-c4GfpjoYj9Wj8Wjrntp2xCJFzBsCEExHCWLKg7_YYYlY87MKdEkKC2Wz_BLkbsFmug4Nl8e7K4-3xC-S2ZjDFaNuHW78IZPcktOaVHrNsVlr8IopyMG7fH7v97Xlhbh-Xc7KZVKuHDFnMsZTAWWV2iY038xxGg8_0&t=7a0cc936 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=GfMZmvgYSV9PGARKaos1xjPXKxz_cKD6zWz-wN4HKjZ6Uz6RATElP8OduHz4840ON9ZS8CEHZZhT2RwwN-VXkgqZFt0Z25aed7Y3RQSFQ1YwNjs5KobBOINgrf4sbQuoR1VCOEDYdWhrU7Kt_Od32bkALNNbT20xZpBHLi-PUQ_lEyrA0lgDYV4euoc-MJSp0&t=7a0cc936 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=DTGb1Rcg6R11FpJMdu4qP3ybHWQgFLYKPidq_KFy63gQ82-UT1Wlbtw4mEM61zVA5amxqcUF-ZnzaVDZEp5hqU9gsUwnOEPkWncqlNc2hEg1&t=638588829843638381 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=h9vFyUYAyhgZCsT0jbIsLA%3D%3DTAG491 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0f0eb62a1480c8be8a9fa12ef82cb7a1 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d0dbc9946eebec58f3c063e977c3b736 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0f0eb62a1480c8be8a9fa12ef82cb7a1 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d0dbc9946eebec58f3c063e977c3b736 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d92a198abb302ad77615ff11c21897e2 HTTP/1.1Host: tr-ofc-mira.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d92a198abb302ad77615ff11c21897e2 HTTP/1.1Host: tr-ofc-mira.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?eebe28b65091943d07c99e813b388b3d HTTP/1.1Host: tr-ofc-mira.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?eebe28b65091943d07c99e813b388b3d HTTP/1.1Host: tr-ofc-mira.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnetorgft13995914%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1&correlation=86734aa1%2De093%2D6000%2D2b60%2D29130770b706 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/errordisplay.css?rev=0exfFR1nIzLRO1bRiOlTVA%3D%3DTAG491 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnetorgft13995914%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1&correlation=86734aa1%2De093%2D6000%2D2b60%2D29130770b706Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=GfMZmvgYSV9PGARKaos1xjPXKxz_cKD6zWz-wN4HKjZ6Uz6RATElP8OduHz4840ON9ZS8CEHZZhT2RwwN-VXkgqZFt0Z25aed7Y3RQSFQ1YwNjs5KobBOINgrf4sbQuoR1VCOEDYdWhrU7Kt_Od32bkALNNbT20xZpBHLi-PUQ_lEyrA0lgDYV4euoc-MJSp0&t=74258c30 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnetorgft13995914%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1&correlation=86734aa1%2De093%2D6000%2D2b60%2D29130770b706Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMwMTAwMDAwMDAsMCwxMzM2OTM0MjQwMjAyMDExOTksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsN2I3MzRhYTEtNzAxNC02MDAwLTRkM2ItZmRjYTIxNTU1ZDBhLDdiNzM0YWExLTcwMTQtNjAwMC00ZDNiLWZkY2EyMTU1NWQwYSx2Wi9odjBRNSswYWZ4TTVUUzNEQ1h3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLFJzK2V0YUdOVWhnYk56aHlnSVdpdVpFSmdDMXNHTEgxRkNIOHpIUkVRdjdZTUdiR2xhbWNZZWMyMUN4ekprckxnSVBSUWZ2UXcvV21qemV6MDRuZ1NYdXJMZ0pDaXRSYzE0RmFGTEdseWY4SlVLOStMYWJnV1BabWJVaTZBTEhsZm9lL3Ava1FCYXB2UjVZTzc3TTdVbWZpSmQ1bkVXMityRjVCSHNiTFZRQW1HdjRVWHNSYm83emJTQ1l3dFFPYjErdlhlc2RjaHZmenBYT3lmaUx6MU1FdmhGaEVlRjZiblJKYXp3enFTem1LL1Fsbm0xdWUzUU8rUlMvaXpObVUwMEg0UCtjUzI5QWdKUUlNNTNOS1pJWERWWis3RU45T1BnWFR4eENhS0pEWTdFY1lQY0VraVpUbkhFamJFSGxHZDVQMi9KYmN0c3haSFVjcG1BUTdOZz09PC9TUD4=; FeatureOverrides_experiments=[]; MicrosoftApplicationsTelemetryDeviceId=34337e3f-c4cf-4a7d-add0-60d71a04b829; ai_session=53mYX2AcFiKGQC8mw4+7+Q\|1724782414306\|1724782414441; MSFPC=GUID=71aba8a3ed364b97854dc851bac67625&HASH=71ab&LV=202408&V=4&LU=1724782419619; WSS_FullScreenMode=false

Source: chromecache_739.2.dr, chromecache_557.2.dr, chromecache_662.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_739.2.dr, chromecache_557.2.dr, chromecache_662.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.138.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.110.17.24	mira-ofc.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.98.179.66	mira-ooc.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.110.6.57	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.99.150.18	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
mira-ooc.tm-4.office.com	52.98.179.66	true
www.google.com	142.250.186.68	true
mira-ofc.tm-4.office.com	52.110.17.24	true
netorgft13995914-my.sharepoint.com	unknown	unknown
netorgft13995914.sharepoint.com	unknown	unknown
r4.res.office365.com	unknown	unknown
southcentralus0-0.pushnp.svc.ms	unknown	unknown
southcentralus1-mediap.svc.ms	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
tr-ooc-atm.office.com	unknown	unknown
spo.nel.measure.office.net	unknown	unknown
41a4cc518a477116c4e9be60eb5c38f4.fp.measure.office.com	unknown	unknown
tr-ofc-mira.office.com	unknown	unknown
upload.fp.measure.office.com	unknown	unknown
config.fp.measure.office.com	unknown	unknown

ID:	1500046
Product:	CloudBasic
Start time:	20:12:12
Start date:	27.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK