Windows Analysis Report
nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..eml

Overview

General Information

Sample name: nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..eml
Analysis ID: 1500047
MD5: 93746131540acda22bb477c576534fc1
SHA1: 6bd2ff1375841290067f92862159b0b2991840b8
SHA256: ff9f025ecebad0108ca9e04c7ac9b34495cd29ff5dac4712ce2416805610946e
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Downloads suspicious files via Chrome
Phishing site or detected (based on various text indicators)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Phishing
barindex
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 0.1 OCR Text: Download Sort v El Details My files > ConsultTrueNorth Name v Modified Modified By File Size Sharing X Josh Gooch - ACCESS HERE TO REVIEW DOCUMENT.url 3 hours ago 135 bytes o, Shared
Source: Chrome DOM: 0.2 OCR Text: Microsoft 365 Download Sort v El Details My files ConsultTrueNorth Name v Modified Modified By File Size Sharing X Josh Gooch - ACCESS HERE TO REVIEW DOCUMENT.url 3 hours ago 135 bytes o, Shared
Source: Chrome DOM: 0.3 OCR Text: OneDrive Download Sort v El Details My files > ConsultTrueNorth Name v Modified Modified By File Size Sharing X Josh Gooch - ACCESS HERE TO REVIEW DOCUMENT.url 3 hours ago 135 bytes o, Shared
Source: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1 HTTP Parser: No favicon
Source: https://google.com/404/ HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.8:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.8:49890 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.136.10 13.107.136.10
Source: Joe Sandbox View IP Address: 52.98.152.178 52.98.152.178
Source: Joe Sandbox View IP Address: 40.99.150.50 40.99.150.50
Source: Joe Sandbox View IP Address: 52.98.179.146 52.98.179.146
Source: Joe Sandbox View IP Address: 52.98.242.242 52.98.242.242
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OgZdc5Cloe6YL3G&MD=UGykDFhF HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/v2.1/graphql HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&RootFolder=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1724806867_ac1f2e6c175bb0555ce7c3f9dfcda2ba64753d3b1b8c137b388f6d320b06fb94&P1=1724784807&P2=-149452251&P3=1&P4=GdjQ6b8g14Vmecg8Yzi%2BLwSuE%2BLsYlmrZpNuorOPLr21BC53LNLdrvW0yYgF2cbAmfgmrPxvQ4c9Gu%2B%2BAILAY1EguFZMMqQ1ZNarCTNyn0WfzrvtG3pv7hqzjOTzkhS%2B8PkahzdBNfz7m7wDocoqDeTg2YaYQdyIqpD4VSDbzAwESAFBQ3O1MgPpT12y8IV4UQ5QpPqgaOyKmNuNVVKXT%2BVryqPV%2BjENt8rNyzzuJOJ0iz0yd5bf4B1oFy4l7XrFQEO8lXpi2wmFhdrN85BAGIw5C%2B8m%2Fm2pz68Gtw0VUGvdjbT0x6uPdVuRHMyrUtI99XbsWFOvFaZzGiGCzwCwNQ%3D%3D&size=M&accountname=joshg%40tekton-builder.com HTTP/1.1Host: netorgft13995914.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OgZdc5Cloe6YL3G&MD=UGykDFhF HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1724806867_ac1f2e6c175bb0555ce7c3f9dfcda2ba64753d3b1b8c137b388f6d320b06fb94&P1=1724784807&P2=-149452251&P3=1&P4=GdjQ6b8g14Vmecg8Yzi%2BLwSuE%2BLsYlmrZpNuorOPLr21BC53LNLdrvW0yYgF2cbAmfgmrPxvQ4c9Gu%2B%2BAILAY1EguFZMMqQ1ZNarCTNyn0WfzrvtG3pv7hqzjOTzkhS%2B8PkahzdBNfz7m7wDocoqDeTg2YaYQdyIqpD4VSDbzAwESAFBQ3O1MgPpT12y8IV4UQ5QpPqgaOyKmNuNVVKXT%2BVryqPV%2BjENt8rNyzzuJOJ0iz0yd5bf4B1oFy4l7XrFQEO8lXpi2wmFhdrN85BAGIw5C%2B8m%2Fm2pz68Gtw0VUGvdjbT0x6uPdVuRHMyrUtI99XbsWFOvFaZzGiGCzwCwNQ%3D%3D&size=M&accountname=joshg%40tekton-builder.com HTTP/1.1Host: netorgft13995914.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /n/?c3Y9bzM2NV8xX25vbSZyYW5kPWRIZFFiVU09JnVpZD1VU0VSMTkwODIwMjRVMDAwODE5MTY=N0123N[EMail] HTTP/1.1Host: imosevero.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?c14aed779e84dcfefcd608fc5d5363bd HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?97d59ca9a9f67daf4a7703d29ba141a8 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?c14aed779e84dcfefcd608fc5d5363bd HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?97d59ca9a9f67daf4a7703d29ba141a8 HTTP/1.1Host: tr-ooc-atm.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?c92ddc14e5febb484d24848711b63f85 HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?cac44546b317890127a393861e223dab HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://netorgft13995914-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft13995914-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?c92ddc14e5febb484d24848711b63f85 HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apc/trans.gif?cac44546b317890127a393861e223dab HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/joshg_tekton-builder_com1/_layouts/15/AccessDenied.aspx?correlation=96734aa1%2D3089%2D6000%2D2b60%2D259dfcffb5b3 HTTP/1.1Host: netorgft13995914-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU5N2EwODQ1NzNhOWZkZWE4MWVhMDIzOTAwZmI2OGNiNTI2ODU5MjY4NmI4OTBlMjRiZTc2MDBkNTljMTRjOTcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTk3YTA4NDU3M2E5ZmRlYTgxZWEwMjM5MDBmYjY4Y2I1MjY4NTkyNjg2Yjg5MGUyNGJlNzYwMGQ1OWMxNGM5NywxMzM2OTI1NjMzNjAwMDAwMDAsMCwxMzM2OTM0MjQzNjk5MjcyNzksMC4wLjAuMCwyNTgsNDM1MTZlZjMtNDQyNS00YjY4LWJkMTItZTlhODNkNjgyYTgxLCwsODM3MzRhYTEtNzA5Ni02MDAwLTRkM2ItZjRmZmVmMDg1MTA3LDgzNzM0YWExLTcwOTYtNjAwMC00ZDNiLWY0ZmZlZjA4NTEwNywrL0VVRklMMGFrdU9BREpyaHY0YXhnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE2NDAsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLEFBNWhqTzBYK2N6ZW9YSUt3ODBNUWw1Y1ZvaFJXa2RaT2Eyck9GZ1ZqbUp0ODgrWVhNMHBrSG5IcDB3NDVac0YycG1ScUI1N0xrbFNnWUtkMzU4U0tVU3ZsTGJ5TTBPM1cveTUrQ1Q3ZzhtbWdsZWZNQ1dudzlkampYZW9yTkFyNXdQSnNjWk5hUWU5aXF0T2NnWFhaODJVTGJxTTQ5bEN4dnpCNWFaazE0VERZb3JRdDFTMjFNeGhoVFFaWDN6SWdvSHpDbkM0djJVdTh6eGMzYzA3WHlrMkYxb1B5NUpDQUFrelNTZ1krWENKdmtscXBzdzlqZmRQOXRsSHFUMEFiSWloM0g2QytPNFR1azdGYXlmSWN1MW5NRXo3NEdocGx6cEF0UG51RUhLR0JScExvVXFrWnZaUGZIVW9mZi9xbVU0L2l5SExaeGt4R2xnMGIvdVEvUT09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic DNS traffic detected: DNS query: netorgft13995914-my.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: southcentralus0-0.pushnp.svc.ms
Source: global traffic DNS traffic detected: DNS query: netorgft13995914.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: southcentralus1-mediap.svc.ms
Source: global traffic DNS traffic detected: DNS query: imosevero.com
Source: global traffic DNS traffic detected: DNS query: google.com
Source: global traffic DNS traffic detected: DNS query: 3e48341a82ff9cd91e0c9adb91a71e2f.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global traffic DNS traffic detected: DNS query: outlook.office.com
Source: global traffic DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Tue, 27 Aug 2024 18:14:31 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_840.6.dr, chromecache_710.6.dr, chromecache_737.6.dr, chromecache_708.6.dr, chromecache_697.6.dr, chromecache_583.6.dr String found in binary or memory: http://fb.me/use-check-prop-types
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_773.6.dr, chromecache_674.6.dr, chromecache_700.6.dr String found in binary or memory: http://www.contoso.com
Source: chromecache_697.6.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://1drv.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.aadrm.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.aadrm.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.store.office.com/app/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.cortana.ai
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.diagnostics.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.microsoftstream.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.office.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.onedrive.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://api.scheduler.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://app.powerbi.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://augloop.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://augloop.office.com/v2
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://canary.designerapp.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.entity.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://centralus1-mediad.svc.ms
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: chromecache_614.6.dr, chromecache_870.6.dr, chromecache_855.6.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/web/policies
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://config.edge.skype.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cortana.ai
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cortana.ai/api
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://cr.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://d.docs.live.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://designerapp.azurewebsites.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dev.cortana.ai
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://devnull.onenote.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://directory.services.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ecs.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://edge.skype.com/registrar/prod
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://edge.skype.com/rps
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_844.6.dr, chromecache_585.6.dr String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://graph.ppe.windows.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://graph.windows.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://graph.windows.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ic3.teams.office.com
Source: ConsultTrueNorth.zip.crdownload.5.dr, chromecache_703.6.dr String found in binary or memory: https://imosevero.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPWRIZFFiVU09JnVpZD1VU0VSMTkwODIwMjRVMDAwODE5MTY=N01
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://invites.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://lifecycle.office.com
Source: chromecache_823.6.dr String found in binary or memory: https://lists.live.com/
Source: chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://livefilestore.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.microsoftonline.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.microsoftonline.com/organizations
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.windows.local
Source: chromecache_852.6.dr String found in binary or memory: https://login.windows.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://make.powerautomate.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://management.azure.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://management.azure.com/
Source: chromecache_759.6.dr, chromecache_749.6.dr, chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://media.cloudapp.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.action.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.engagement.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://messaging.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ncus.contentsync.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ncus.pagecontentsync.
Source: nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..eml, ~WRS{4CD5F857-B678-4B72-A25D-99B4F64BD354}.tmp.0.dr String found in binary or memory: https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_
Source: chromecache_759.6.dr, chromecache_749.6.dr, chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officeapps.live.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officepyservice.office.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://onedrive.live.com
Source: chromecache_658.6.dr, chromecache_731.6.dr String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://otelrules.azureedge.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://otelrules.svc.static.microsoft
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: chromecache_634.6.dr, chromecache_600.6.dr, chromecache_873.6.dr, chromecache_884.6.dr String found in binary or memory: https://outlook.office.com/search
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office365.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office365.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://outlook.office365.com/connectors
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pages.store.office.com/review/query
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://portal.office.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://powerlift.acompli.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://pushchannel.1drv.ms
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: chromecache_583.6.dr String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_870.6.dr, chromecache_855.6.dr String found in binary or memory: https://res-1-sdf.cdn.office.net
Source: chromecache_731.6.dr, chromecache_870.6.dr, chromecache_855.6.dr String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_852.6.dr, chromecache_782.6.dr, chromecache_778.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_731.6.dr, chromecache_719.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.003/
Source: chromecache_719.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.003/stsserviceworkerprefetch/stsservicew
Source: chromecache_860.6.dr, chromecache_622.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.004/
Source: chromecache_860.6.dr, chromecache_622.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.004/spwebworker.js
Source: chromecache_719.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.005/
Source: chromecache_719.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.005/spserviceworker.js
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-d3ce1c23
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-f4331117
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-2306eec9
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-9f1598dd
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-153996e1
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-da617bab
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-361c9c69
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-e9cf7774
Source: chromecache_731.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-2d58ae90
Source: chromecache_731.6.dr String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-08-16.003/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://res.cdn.office.net
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://service.powerapps.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://settings.outlook.com
Source: chromecache_731.6.dr String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_731.6.dr, chromecache_719.6.dr String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: chromecache_870.6.dr, chromecache_855.6.dr String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_870.6.dr, chromecache_855.6.dr String found in binary or memory: https://shellprod.msocdn.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: chromecache_731.6.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://staging.cortana.ai
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_752.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr, chromecache_870.6.dr, chromecache_592.6.dr, chromecache_855.6.dr String found in binary or memory: https://substrate.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: chromecache_565.6.dr, chromecache_681.6.dr, chromecache_682.6.dr, chromecache_669.6.dr String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://tasks.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://templatesmetadata.office.net/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://webshell.suite.office.com
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://wus2.contentsync.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://wus2.pagecontentsync.
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_658.6.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_731.6.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_658.6.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_731.6.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive
Source: B888F789-B398-426F-B9A3-07E0FBE3EC98.0.dr String found in binary or memory: https://www.yammer.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.8:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.8:49890 version: TLS 1.2

System Summary
barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File dump: C:\Users\user\Downloads\ConsultTrueNorth.zip (copy) Jump to dropped file
Source: classification engine Classification label: mal48.phis.winEML@21/588@54/12
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1413340143-2564.etl Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4CC444FA-4817-4491-9D2F-98276EAE2933" "E21FBA3F-8218-4F2B-8FD4-DC2A9C419541" "2564" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,4171209000397206722,2059583826206299065,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4CC444FA-4817-4491-9D2F-98276EAE2933" "E21FBA3F-8218-4F2B-8FD4-DC2A9C419541" "2564" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,4171209000397206722,2059583826206299065,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File Volume queried: C:\Windows\SysWOW64 FullSizeInformation Jump to behavior
Source: chromecache_894.6.dr, chromecache_767.6.dr, chromecache_655.6.dr, chromecache_851.6.dr Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_894.6.dr, chromecache_767.6.dr, chromecache_655.6.dr, chromecache_851.6.dr Binary or memory string: ",DisconnectVirtualMachine:"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500047 Sample: nested-ConsultTrustNorth-pa... Startdate: 27/08/2024 Architecture: WINDOWS Score: 48 32 Downloads suspicious files via Chrome 2->32 34 Phishing site or detected (based on various text indicators) 2->34 7 OUTLOOK.EXE 54 123 2->7         started        process3 process4 9 chrome.exe 23 7->9         started        13 ai.exe 7->13         started        dnsIp5 20 192.168.2.18 unknown unknown 9->20 22 192.168.2.8, 138, 443, 49706 unknown unknown 9->22 24 239.255.255.250 unknown Reserved 9->24 18 C:\Users\user\...\ConsultTrueNorth.zip (copy), Zip 9->18 dropped 15 chrome.exe 9->15         started        file6 process7 dnsIp8 26 dual-spo-0005.spo-msedge.net 13.107.136.10, 443, 49735, 49736 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 15->26 28 40.99.150.50, 443, 49981, 49985 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 15->28 30 25 other IPs or domains 15->30
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.185.206
 google.com United States
15169 GOOGLEUS false
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.98.152.178
 mira-ooc.tm-4.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.99.150.50
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.98.179.146
 FRA-efz.ms-acdc.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.217.18.4
 www.google.com United States
15169 GOOGLEUS false
52.98.242.242
 ooc-g2.tm-4.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.185.132
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
94.46.22.222
 imosevero.com Portugal
24768 ALMOUROLTECPT false

Private

IP
192.168.2.8
192.168.2.18

Contacted Domains

Name IP Active
ooc-g2.tm-4.office.com 52.98.242.242 true
dual-spo-0005.spo-msedge.net 13.107.136.10 true
google.com 142.250.185.206 true
mira-ooc.tm-4.office.com 52.98.152.178 true
www.google.com 172.217.18.4 true
FRA-efz.ms-acdc.office.com 52.98.179.146 true
imosevero.com 94.46.22.222 true
3e48341a82ff9cd91e0c9adb91a71e2f.fp.measure.office.com unknown unknown
netorgft13995914-my.sharepoint.com unknown unknown
netorgft13995914.sharepoint.com unknown unknown
r4.res.office365.com unknown unknown
outlook.office.com unknown unknown
southcentralus0-0.pushnp.svc.ms unknown unknown
southcentralus1-mediap.svc.ms unknown unknown
tr-ooc-atm.office.com unknown unknown
m365cdn.nel.measure.office.net unknown unknown
spo.nel.measure.office.net unknown unknown
upload.fp.measure.office.com unknown unknown
config.fp.measure.office.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fjoshg%5Ftekton%2Dbuilder%5Fcom1%2FDocuments%2FConsultTrueNorth&ga=1 false
    		unknown
    https://netorgft13995914-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx false
    • Avira URL Cloud: safe
    		 unknown
    https://outlook.office.com/apc/trans.gif?c92ddc14e5febb484d24848711b63f85 false
    • Avira URL Cloud: safe
    		 unknown
    about:blank false
    • Avira URL Cloud: safe
    		 unknown
    https://tr-ooc-atm.office.com/apc/trans.gif?c14aed779e84dcfefcd608fc5d5363bd false
    • Avira URL Cloud: safe
    		 unknown
    https://www.google.com/favicon.ico false
    • Avira URL Cloud: safe
    		 unknown
    https://tr-ooc-atm.office.com/apc/trans.gif?97d59ca9a9f67daf4a7703d29ba141a8 false
    • Avira URL Cloud: safe
    		 unknown
    https://netorgft13995914-my.sharepoint.com/personal/joshg_tekton-builder_com1/_api/v2.1/graphql false
    • Avira URL Cloud: safe
    		 unknown
    https://imosevero.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPWRIZFFiVU09JnVpZD1VU0VSMTkwODIwMjRVMDAwODE5MTY=N0123N[EMail] false
    • Avira URL Cloud: safe
    		 unknown
    https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bK false
    • Avira URL Cloud: safe
    		 unknown