Windows Analysis Report
https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v

Overview

General Information

Sample URL:	https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v
Analysis ID:	1520800
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Downloads suspicious files via Chrome

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Drops PE files

Drops PE files to the windows directory (C:\Windows)

HTML body contains low number of good links

HTML title does not match URL

HTTP GET or POST without a user agent

PE file contains more sections than normal

PE file contains sections with non-standard names

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:61589 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.112.67:443 -> 192.168.2.5:57817 version: TLS 1.2

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 41MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:61446 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:57166 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: newmexicogov-my.sharepoint.com to https://login.microsoftonline.com:443/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5fid=00000003%2d0000%2d0ff1%2dce00%2d000000000000&response%5fmode=form%5fpost&response%5ftype=code%20id%5ftoken&resource=00000003%2d0000%2d0ff1%2dce00%2d000000000000&scope=openid&nonce=2f80e471d14378ccaebf6d292a9eb70379b29120ba11d435%2d67b9e578ab8058839cec01ce628f3678af57dd2625442575c2819bfe5d02fee5&redirect%5furi=https%3a%2f%2fnewmexicogov%2dmy%2esharepoint%2ecom%2f%5fforms%2fdefault%2easpx&state=od0w&claims=%7b%22id%5ftoken%22%3a%7b%22xms%5fcc%22%3a%7b%22values%22%3a%5b%22cp1%22%5d%7d%7d%7d&wsucxt=1&cobrandid=11bd8083%2d87e0%2d41b5%2dbb78%2d0bc43c8a8e8a&client%2drequest%2did=dc7654a1%2d7000%2d6000%2d933a%2d41a164d2bcf0

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1727470512019Host: self.events.data.microsoft.comContent-Length: 7974Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/v2.1/graphql HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=syCsAfGM3tsTtze&MD=ZBXsXMfd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1727504824_af0c0b70dd4e3907e416184d3fe16876bbd08ae5aa10805173199c1dd424735c&P1=1727472235&P2=-149452251&P3=1&P4=leKsXLZ2bi2%2B5r2qeXinSOrEgfWlV9ru9M9EzwHZ0ToYD9FPK2wRodQd3iyOFdgjTwwZ2epT0D3ZB%2BrDKEo6%2FcJbkNgq7MkTVoj3xHumzOGR1Ky03kHCtCmT5E33mYjn42ldwmDs3bR5QMCryoi37KSlkfQ%2Bgnxc0lgV6XX9NbmLaz6B1g%2FU2D6kqXH%2Fxoz1mDPziJOEvuXhhOPxtm9l6uqOOW0c%2BktmHQU0hV66CgMxo%2BjCysVD4O3phVYJp6Of2nhEAux2ijLXm7CG9SeXdZQlLzpF2PMtZxY5oA2mpvL5Cko0Ry61Ol%2FQ3R2RBVpjOw4tsy75%2BEPE5%2FW%2BlF191A%3D%3D&size=M&accountname=christine.fuller%40newmexicogov.onmicrosoft.com HTTP/1.1Host: newmexicogov.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1727504824_af0c0b70dd4e3907e416184d3fe16876bbd08ae5aa10805173199c1dd424735c&P1=1727472235&P2=-149452251&P3=1&P4=leKsXLZ2bi2%2B5r2qeXinSOrEgfWlV9ru9M9EzwHZ0ToYD9FPK2wRodQd3iyOFdgjTwwZ2epT0D3ZB%2BrDKEo6%2FcJbkNgq7MkTVoj3xHumzOGR1Ky03kHCtCmT5E33mYjn42ldwmDs3bR5QMCryoi37KSlkfQ%2Bgnxc0lgV6XX9NbmLaz6B1g%2FU2D6kqXH%2Fxoz1mDPziJOEvuXhhOPxtm9l6uqOOW0c%2BktmHQU0hV66CgMxo%2BjCysVD4O3phVYJp6Of2nhEAux2ijLXm7CG9SeXdZQlLzpF2PMtZxY5oA2mpvL5Cko0Ry61Ol%2FQ3R2RBVpjOw4tsy75%2BEPE5%2FW%2BlF191A%3D%3D&size=M&accountname=christine.fuller%40newmexicogov.onmicrosoft.com HTTP/1.1Host: newmexicogov.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=SxNVhhsKiA7eZ0LTpwVft13qhsFBpH833anZIeLlBSiDYrtx3XVuqV7eFeOEIZ3XRvkPPXVqYjAy29qmD1cNRNHZqrFezYI8vbR5k4bHGbV_9ZabhtoUFTZh4lZdp9CqqGu6nBd7_sWJAVg1JlEeHToMWOJ8Ri_bulLqxdlO66sxPoiHO73Vs96BxKNTUq3Z0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wCBesixOviGSfHchxwx1jOTfVwwX4WenbNI2pYkPs-RLwvnho37NJpuVh_0lUKuqTCIcvbvJ2P_NQIcGgPwcNPp1BvklriR1vJsFuZRwk0jZ3wCEXnlklu4r0N42-zaZ7c09l5DZpONkUWT65GaK6TCBTTkXVRKA0MYAPd-4A26Li9gKrK0Qjeoi0qYNAyqI0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=_fraZ9t1i_mvPDGy-YhzmmVETL6GGPe_z4YReCbhtAqTfWf2G664NYIKJJGAw8QGJyB5O0ta_jM0TCeE18oAE-nx2E21WpzO67iCHDTQZrw1&t=638588829843638381 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wCBesixOviGSfHchxwx1jOTfVwwX4WenbNI2pYkPs-RLwvnho37NJpuVh_0lUKuqTCIcvbvJ2P_NQIcGgPwcNPp1BvklriR1vJsFuZRwk0jZ3wCEXnlklu4r0N42-zaZ7c09l5DZpONkUWT65GaK6TCBTTkXVRKA0MYAPd-4A26Li9gKrK0Qjeoi0qYNAyqI0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=SxNVhhsKiA7eZ0LTpwVft13qhsFBpH833anZIeLlBSiDYrtx3XVuqV7eFeOEIZ3XRvkPPXVqYjAy29qmD1cNRNHZqrFezYI8vbR5k4bHGbV_9ZabhtoUFTZh4lZdp9CqqGu6nBd7_sWJAVg1JlEeHToMWOJ8Ri_bulLqxdlO66sxPoiHO73Vs96BxKNTUq3Z0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=_fraZ9t1i_mvPDGy-YhzmmVETL6GGPe_z4YReCbhtAqTfWf2G664NYIKJJGAw8QGJyB5O0ta_jM0TCeE18oAE-nx2E21WpzO67iCHDTQZrw1&t=638588829843638381 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c6c1de76f060b8c160e9593b2ba7429 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?55be8d850fc3ce40c8f75fa7374678b5 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c6c1de76f060b8c160e9593b2ba7429 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?55be8d850fc3ce40c8f75fa7374678b5 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?9b7a89c6a2d1768633275ad295a2e618 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?7d9243ed6a6540f15e5aaab13455ed30 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?9b7a89c6a2d1768633275ad295a2e618 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6e981851bd71f170c044d14a5c2789f7 HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?7d9243ed6a6540f15e5aaab13455ed30 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?395b9bbeed0dcd43a54ceaa2b226756f HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6e981851bd71f170c044d14a5c2789f7 HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?395b9bbeed0dcd43a54ceaa2b226756f HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bb HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/errordisplay.css?rev=0exfFR1nIzLRO1bRiOlTVA%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=falseRange: bytes=293100-293100If-Range: "f35f2e6c1fdb1:0"
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=falseRange: bytes=293100-341639If-Range: "f35f2e6c1fdb1:0"
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/BlueArrow.gif HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/BlueArrow.gif HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=syCsAfGM3tsTtze&MD=ZBXsXMfd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?correlation=dc7654a1%2D70e8%2D6000%2D933a%2D4a8901c49193 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: loginAsDifferentAttemptCount=0; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NYOq2fDe1oxwnDLZymVRM1rroQIKyR77282xhL1AkliQWzvzqI2090OUwL8UgpEwLxGArD1nbbYnLZJsGIrSt7Va8VERL7YFaY0DUaAPrtxfTsPHv5VCcGd37c3L9yv9JfDSYO2hZRYb0H0j+3yXH8adLWBst4Na5YnRAL77HHpoz9nody0+gMy08YayjDBC+UI2LNITPEjDiwHfssP6ECfLXNlcE6xUZhO+eJZYAAAA=; RpsContextCookie=UHJldmlvdXNSZXF1ZXN0Q29ycmVsYXRpb25JZD1kYzc2NTRhMSUyRDcwMDAlMkQ2MDAwJTJEOTMzYSUyRDQxYTE2NGQyYmNmMCZTb3VyY2U9aHR0cHMlM0ElMkYlMkZuZXdtZXhpY29nb3YlMkRteSUyRXNoYXJlcG9pbnQlMkVjb20lMkZwZXJzb25hbCUyRmNocmlzdGluZSU1RmZ1bGxlciU1Rm5ld21leGljb2dvdiU1Rm9ubWljcm9zb2Z0JTVGY29tJlJldHVyblVybD1odHRwcyUzQSUyRiUyRm5ld21leGljb2dvdiUyRG15JTJFc2hhcmVwb2ludCUyRWNvbSUyRnBlcnNvbmFsJTJGY2hyaXN0aW5lJTVGZnVsbGVyJTVGbmV3bWV4aWNvZ292JTVGb25taWNyb3NvZnQlNUZjb20=
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_54b287bb6b3cdb3a7698.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_54b287bb6b3cdb3a7698.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=S HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=M HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=L HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx?odsp-web-prod_2024-09-06.004 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wg
Source: global traffic	HTTP traffic detected: GET /teams-js/2.0.0/js/MicrosoftTeams.min.js HTTP/1.1Host: res.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: newmexicogov-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: newmexicogov.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: centralus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ofc-afdwac.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/v2.1/graphql HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json;odata=verboseContent-Type: application/json;odata=verboseX-ServiceWorker-Strategy: CacheFirstsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=

Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: manifest.json3.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: OneDrive_2024-09-27.zip.crdownload.0.dr	String found in binary or memory: https://dvr-newmexicogov.access1drive.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)

Source: unknown	Network traffic detected: HTTP traffic on port 61522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 57296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57247
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57249
Source: unknown	Network traffic detected: HTTP traffic on port 61545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57252
Source: unknown	Network traffic detected: HTTP traffic on port 61539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57817
Source: unknown	Network traffic detected: HTTP traffic on port 61504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61563 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61517
Source: unknown	Network traffic detected: HTTP traffic on port 57301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61519
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61525
Source: unknown	Network traffic detected: HTTP traffic on port 57300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61529
Source: unknown	Network traffic detected: HTTP traffic on port 57243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 61487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57289
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61538
Source: unknown	Network traffic detected: HTTP traffic on port 57175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 57221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61530
Source: unknown	Network traffic detected: HTTP traffic on port 61538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57207
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57205
Source: unknown	Network traffic detected: HTTP traffic on port 61558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 61493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57214
Source: unknown	Network traffic detected: HTTP traffic on port 57234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57220
Source: unknown	Network traffic detected: HTTP traffic on port 57240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 57200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 57817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57229
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57227
Source: unknown	Network traffic detected: HTTP traffic on port 57233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57234
Source: unknown	Network traffic detected: HTTP traffic on port 57289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 57295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57237
Source: unknown	Network traffic detected: HTTP traffic on port 57239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57241
Source: unknown	Network traffic detected: HTTP traffic on port 61494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 57372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61589
Source: unknown	Network traffic detected: HTTP traffic on port 61474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61481
Source: unknown	Network traffic detected: HTTP traffic on port 61485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61475
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61492
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57306
Source: unknown	Network traffic detected: HTTP traffic on port 61589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57304
Source: unknown	Network traffic detected: HTTP traffic on port 57252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 57849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 57824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57200
Source: unknown	Network traffic detected: HTTP traffic on port 61473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61494
Source: unknown	Network traffic detected: HTTP traffic on port 61530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61498
Source: unknown	Network traffic detected: HTTP traffic on port 57229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57297
Source: unknown	Network traffic detected: HTTP traffic on port 61481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61542
Source: unknown	Network traffic detected: HTTP traffic on port 61535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61558
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61553
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61554
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61555
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57193
Source: unknown	Network traffic detected: HTTP traffic on port 57220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61563
Source: unknown	Network traffic detected: HTTP traffic on port 57247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61517 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:61589 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.112.67:443 -> 192.168.2.5:57817 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\OneDrive_2024-09-27.zip (copy)

Jump to dropped file

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\cr_en-us_500000_index.bin	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\download_file_types.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\crl-set	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\module_list_proto	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_6076_260883701

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.0.dr

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: mal52.win@36/46@72/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,464575565560587866,3599947204452544579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,464575565560587866,3599947204452544579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.98.253.50	FRA-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.9.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.0.2	dns.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.98.252.130	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
wac-0003.wac-msedge.net	52.108.9.12	true
dual-spo-0005.spo-msedge.net	13.107.136.10	true
dns.office.com	150.171.0.2	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.164	true
FRA-efz.ms-acdc.office.com	52.98.253.50	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
sni1gl.wpc.sigmacdn.net	152.199.21.175	true
bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.com	unknown	unknown
r4.res.office365.com	unknown	unknown
tr-ofc-afdwac.office.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
newmexicogov-my.sharepoint.com	unknown	unknown
newmexicogov.sharepoint.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
spo.nel.measure.office.net	unknown	unknown
centralus1-mediap.svc.ms	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
upload.fp.measure.office.com	unknown	unknown
config.fp.measure.office.com	unknown	unknown
login.microsoftonline.com	unknown	unknown
tr-ooc-acdc.office.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://newmexicogov-my.sharepoint.com/_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG138	false	unknown
https://tr-ofc-afdwac.office.com/apc/trans.gif?395b9bbeed0dcd43a54ceaa2b226756f	false	unknown
https://newmexicogov-my.sharepoint.com/ScriptResource.axd?d=wCBesixOviGSfHchxwx1jOTfVwwX4WenbNI2pYkPs-RLwvnho37NJpuVh_0lUKuqTCIcvbvJ2P_NQIcGgPwcNPp1BvklriR1vJsFuZRwk0jZ3wCEXnlklu4r0N42-zaZ7c09l5DZpONkUWT65GaK6TCBTTkXVRKA0MYAPd-4A26Li9gKrK0Qjeoi0qYNAyqI0&t=7a0cc936	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/userphoto.aspx?size=S	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1	false	unknown
https://bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.com/apc/trans.gif?55be8d850fc3ce40c8f75fa7374678b5	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/CSPReporting.aspx	false	unknown
https://tr-ooc-acdc.office.com/apc/trans.gif?9b7a89c6a2d1768633275ad295a2e618	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bb	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D	false	unknown
https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?correlation=dc7654a1%2D70e8%2D6000%2D933a%2D4a8901c49193	false	unknown
https://tr-ooc-acdc.office.com/apc/trans.gif?7d9243ed6a6540f15e5aaab13455ed30	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/images/BlueArrow.gif	false	unknown
https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/v2.1/graphql	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/userphoto.aspx?size=L	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/userphoto.aspx?size=M	false	unknown
https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v	true	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47	false	unknown
https://newmexicogov-my.sharepoint.com/_forms/default.aspx?ReturnUrl=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom	false	unknown
https://bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.com/apc/trans.gif?6c6c1de76f060b8c160e9593b2ba7429	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D	false	unknown
https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/1033/styles/errordisplay.css?rev=0exfFR1nIzLRO1bRiOlTVA%3D%3DTAG138	false	unknown
https://newmexicogov-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx?odsp-web-prod_2024-09-06.004	false	unknown
https://newmexicogov-my.sharepoint.com/WebResource.axd?d=_fraZ9t1i_mvPDGy-YhzmmVETL6GGPe_z4YReCbhtAqTfWf2G664NYIKJJGAw8QGJyB5O0ta_jM0TCeE18oAE-nx2E21WpzO67iCHDTQZrw1&t=638588829843638381	false	unknown
https://centralus1-mediap.svc.ms/transform/zip?cs=fFNQTw	false	unknown
https://tr-ofc-afdwac.office.com/apc/trans.gif?6e981851bd71f170c044d14a5c2789f7	false	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/04cdd62f-862f-4d4c-a1d9-440b676840d6/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435%2D67B9E578AB8058839CEC01CE628F3678AF57DD2625442575C2819BFE5D02FEE5&redirect%5Furi=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=dc7654a1%2D7000%2D6000%2D933a%2D41a164d2bcf0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:61589 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.112.67:443 -> 192.168.2.5:57817 version: TLS 1.2

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 41MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:61446 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:57166 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP GET or POST without a user agent

Source: global traffic

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/v2.1/graphql HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=true HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%2FNew%20Mexico%20Division%20of%20Vocational%20Rehabilitation&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=syCsAfGM3tsTtze&MD=ZBXsXMfd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1727504824_af0c0b70dd4e3907e416184d3fe16876bbd08ae5aa10805173199c1dd424735c&P1=1727472235&P2=-149452251&P3=1&P4=leKsXLZ2bi2%2B5r2qeXinSOrEgfWlV9ru9M9EzwHZ0ToYD9FPK2wRodQd3iyOFdgjTwwZ2epT0D3ZB%2BrDKEo6%2FcJbkNgq7MkTVoj3xHumzOGR1Ky03kHCtCmT5E33mYjn42ldwmDs3bR5QMCryoi37KSlkfQ%2Bgnxc0lgV6XX9NbmLaz6B1g%2FU2D6kqXH%2Fxoz1mDPziJOEvuXhhOPxtm9l6uqOOW0c%2BktmHQU0hV66CgMxo%2BjCysVD4O3phVYJp6Of2nhEAux2ijLXm7CG9SeXdZQlLzpF2PMtZxY5oA2mpvL5Cko0Ry61Ol%2FQ3R2RBVpjOw4tsy75%2BEPE5%2FW%2BlF191A%3D%3D&size=M&accountname=christine.fuller%40newmexicogov.onmicrosoft.com HTTP/1.1Host: newmexicogov.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1727504824_af0c0b70dd4e3907e416184d3fe16876bbd08ae5aa10805173199c1dd424735c&P1=1727472235&P2=-149452251&P3=1&P4=leKsXLZ2bi2%2B5r2qeXinSOrEgfWlV9ru9M9EzwHZ0ToYD9FPK2wRodQd3iyOFdgjTwwZ2epT0D3ZB%2BrDKEo6%2FcJbkNgq7MkTVoj3xHumzOGR1Ky03kHCtCmT5E33mYjn42ldwmDs3bR5QMCryoi37KSlkfQ%2Bgnxc0lgV6XX9NbmLaz6B1g%2FU2D6kqXH%2Fxoz1mDPziJOEvuXhhOPxtm9l6uqOOW0c%2BktmHQU0hV66CgMxo%2BjCysVD4O3phVYJp6Of2nhEAux2ijLXm7CG9SeXdZQlLzpF2PMtZxY5oA2mpvL5Cko0Ry61Ol%2FQ3R2RBVpjOw4tsy75%2BEPE5%2FW%2BlF191A%3D%3D&size=M&accountname=christine.fuller%40newmexicogov.onmicrosoft.com HTTP/1.1Host: newmexicogov.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/error.css?rev=tF7fyfzbaQzNoASoSDlV4A%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=SxNVhhsKiA7eZ0LTpwVft13qhsFBpH833anZIeLlBSiDYrtx3XVuqV7eFeOEIZ3XRvkPPXVqYjAy29qmD1cNRNHZqrFezYI8vbR5k4bHGbV_9ZabhtoUFTZh4lZdp9CqqGu6nBd7_sWJAVg1JlEeHToMWOJ8Ri_bulLqxdlO66sxPoiHO73Vs96BxKNTUq3Z0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wCBesixOviGSfHchxwx1jOTfVwwX4WenbNI2pYkPs-RLwvnho37NJpuVh_0lUKuqTCIcvbvJ2P_NQIcGgPwcNPp1BvklriR1vJsFuZRwk0jZ3wCEXnlklu4r0N42-zaZ7c09l5DZpONkUWT65GaK6TCBTTkXVRKA0MYAPd-4A26Li9gKrK0Qjeoi0qYNAyqI0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=_fraZ9t1i_mvPDGy-YhzmmVETL6GGPe_z4YReCbhtAqTfWf2G664NYIKJJGAw8QGJyB5O0ta_jM0TCeE18oAE-nx2E21WpzO67iCHDTQZrw1&t=638588829843638381 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=wCBesixOviGSfHchxwx1jOTfVwwX4WenbNI2pYkPs-RLwvnho37NJpuVh_0lUKuqTCIcvbvJ2P_NQIcGgPwcNPp1BvklriR1vJsFuZRwk0jZ3wCEXnlklu4r0N42-zaZ7c09l5DZpONkUWT65GaK6TCBTTkXVRKA0MYAPd-4A26Li9gKrK0Qjeoi0qYNAyqI0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=SxNVhhsKiA7eZ0LTpwVft13qhsFBpH833anZIeLlBSiDYrtx3XVuqV7eFeOEIZ3XRvkPPXVqYjAy29qmD1cNRNHZqrFezYI8vbR5k4bHGbV_9ZabhtoUFTZh4lZdp9CqqGu6nBd7_sWJAVg1JlEeHToMWOJ8Ri_bulLqxdlO66sxPoiHO73Vs96BxKNTUq3Z0&t=7a0cc936 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=_fraZ9t1i_mvPDGy-YhzmmVETL6GGPe_z4YReCbhtAqTfWf2G664NYIKJJGAw8QGJyB5O0ta_jM0TCeE18oAE-nx2E21WpzO67iCHDTQZrw1&t=638588829843638381 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/undefined/_layouts/15/onedrive.aspx?view=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c6c1de76f060b8c160e9593b2ba7429 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?55be8d850fc3ce40c8f75fa7374678b5 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c6c1de76f060b8c160e9593b2ba7429 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?55be8d850fc3ce40c8f75fa7374678b5 HTTP/1.1Host: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?9b7a89c6a2d1768633275ad295a2e618 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?7d9243ed6a6540f15e5aaab13455ed30 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?9b7a89c6a2d1768633275ad295a2e618 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6e981851bd71f170c044d14a5c2789f7 HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?7d9243ed6a6540f15e5aaab13455ed30 HTTP/1.1Host: tr-ooc-acdc.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?395b9bbeed0dcd43a54ceaa2b226756f HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6e981851bd71f170c044d14a5c2789f7 HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?395b9bbeed0dcd43a54ceaa2b226756f HTTP/1.1Host: tr-ofc-afdwac.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bb HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/errordisplay.css?rev=0exfFR1nIzLRO1bRiOlTVA%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=falseRange: bytes=293100-293100If-Range: "f35f2e6c1fdb1:0"
Source: global traffic	HTTP traffic detected: GET /_layouts/15/1033/styles/corev15.css?rev=m%2Fe%2BPmKMYmkX%2Fs1lVR9Uww%3D%3DTAG138 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=falseRange: bytes=293100-341639If-Range: "f35f2e6c1fdb1:0"
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/BlueArrow.gif HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/BlueArrow.gif HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=syCsAfGM3tsTtze&MD=ZBXsXMfd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://newmexicogov-my.sharepoint.com/personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Fnewmexicogov%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fchristine%5Ffuller%5Fnewmexicogov%5Fonmicrosoft%5Fcom&correlation=d47654a1%2D8094%2D6000%2D8705%2Db67ee5d186bbAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/christine_fuller_newmexicogov_onmicrosoft_com/_layouts/15/AccessDenied.aspx?correlation=dc7654a1%2D70e8%2D6000%2D933a%2D4a8901c49193 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: loginAsDifferentAttemptCount=0; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NYOq2fDe1oxwnDLZymVRM1rroQIKyR77282xhL1AkliQWzvzqI2090OUwL8UgpEwLxGArD1nbbYnLZJsGIrSt7Va8VERL7YFaY0DUaAPrtxfTsPHv5VCcGd37c3L9yv9JfDSYO2hZRYb0H0j+3yXH8adLWBst4Na5YnRAL77HHpoz9nody0+gMy08YayjDBC+UI2LNITPEjDiwHfssP6ECfLXNlcE6xUZhO+eJZYAAAA=; RpsContextCookie=UHJldmlvdXNSZXF1ZXN0Q29ycmVsYXRpb25JZD1kYzc2NTRhMSUyRDcwMDAlMkQ2MDAwJTJEOTMzYSUyRDQxYTE2NGQyYmNmMCZTb3VyY2U9aHR0cHMlM0ElMkYlMkZuZXdtZXhpY29nb3YlMkRteSUyRXNoYXJlcG9pbnQlMkVjb20lMkZwZXJzb25hbCUyRmNocmlzdGluZSU1RmZ1bGxlciU1Rm5ld21leGljb2dvdiU1Rm9ubWljcm9zb2Z0JTVGY29tJlJldHVyblVybD1odHRwcyUzQSUyRiUyRm5ld21leGljb2dvdiUyRG15JTJFc2hhcmVwb2ludCUyRWNvbSUyRnBlcnNvbmFsJTJGY2hyaXN0aW5lJTVGZnVsbGVyJTVGbmV3bWV4aWNvZ292JTVGb25taWNyb3NvZnQlNUZjb20=
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_54b287bb6b3cdb3a7698.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_54b287bb6b3cdb3a7698.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=S HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=M HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/userphoto.aspx?size=L HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wgDr3bTUIsSC++vHPSRpH6gGB6ge/NY
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx?odsp-web-prod_2024-09-06.004 HTTP/1.1Host: newmexicogov-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%2C61313%5D%7D&dataHost=Nucleus&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%2C%7B%22id%22%3A%22SPStart%22%7D%2C%7B%22id%22%3A%22Agreements%22%7D%5D&list=v2&prefetchListData=true&defaultBrotli=true&authenticateFast=true&inlineAuth=v2&wwData=true&enableTheming=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true&streamViewServerLoad=true&streamInlineScript=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzAyOTQ4NTdmMGU1ZDJkODRhZDdkNTQ3MjhiNTMzY2M4OTc1OTAzOWYzNGZjZjEyOGRkZDhlZDQ5MWM5ZDcxZWEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMDI5NDg1N2YwZTVkMmQ4NGFkN2Q1NDcyOGI1MzNjYzg5NzU5MDM5ZjM0ZmNmMTI4ZGRkOGVkNDkxYzlkNzFlYSwxMzM3MTk0NDEzMDAwMDAwMDAsMCwxMzM3MjAzMDIzMDI4MTMyMzYsMC4wLjAuMCwyNTgsMDRjZGQ2MmYtODYyZi00ZDRjLWExZDktNDQwYjY3Njg0MGQ2LCwsY2I3NjU0YTEtZDAyNC02MDAwLTkzM2EtNGU1YzhkMjg1ZmY3LGNiNzY1NGExLWQwMjQtNjAwMC05MzNhLTRlNWM4ZDI4NWZmNyw3MXQvbUlzVlFVdXRpQUxMVDM3aC9nLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTQwODIsYlphUGIxWnVyYlR2aFlFTGVQUllwY2dtNVN3LG52bnoveVk4UzNTandqODBWZFhRblBjZmhhYUErQUpSUWhlempsZFZZcGpEVUE2RFJETmltL3J0ZHYyY1RoVVczNGtZam0xVENTNUlSRk5SdmVpWEhIUnNIMlJSSUVOK1ZDMjNvOHB2SmIxRUQ3RksxMWlGWXkxMXZRdkZJc0FYb2JUbWZZQUJIclBMaUtDNVQwWng0WVpvWmRzL3Q4N0dFcHJUK2ZNUm5lWmh3MFhCUlhveEovc3JFRFpqZzFQUGJTbW13RlQvbGcycldrUnRzVzBuU2ZiMTVicmhZK3U5dnFUSlM2VVFkdVMyQ3M1cGJCNTZ2d3F6T3FiWUllc1VBZlNGcGF6RVV2aGREa0trSnFkdmxzQUk2dy95akltUEVTQWk4SUFkVTJHZzRucHZDWDM3MitpV0tEdlNZUTB4Vmw2YkVjZ0JqcytaMUZuSWVQWC83Zz09PC9TUD4=; FeatureOverrides_experiments=[]; WSS_FullScreenMode=false; nSGt-2F80E471D14378CCAEBF6D292A9EB70379B29120BA11D435=gYEwMDYzRTI2ODRCNUFBRkNGRkIyNDg4OURCMjdGN0VFRTlGNkVDRjdCN0Q2MzJEN0I4MDJGODBFNDcxRDE0Mzc4Q0NBRUJGNkQyOTJBOUVCNzAzNzlCMjkxMjBCQTExRDQzNRIxMzM3MTk0NDEzOTE1ODg2MTEebmV3bWV4aWNvZ292LW15LnNoYXJlcG9pbnQuY29tbIZyAH7Blzpf2l+uhTWxkYp3gjzyNtg2gZQ2qs0xB0T8TSIvSDrBm1BJcqmGeK/u06HlX8sieRH38Rj/k2wg
Source: global traffic	HTTP traffic detected: GET /teams-js/2.0.0/js/MicrosoftTeams.min.js HTTP/1.1Host: res.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://newmexicogov-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://newmexicogov-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: newmexicogov-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: newmexicogov.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: config.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: centralus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: bc7ec791b2fd62f491994f38b1b5c558.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ooc-acdc.office.com
Source: global traffic	DNS traffic detected: DNS query: tr-ofc-afdwac.office.com
Source: global traffic	DNS traffic detected: DNS query: upload.fp.measure.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Google.Widevine.CDM.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: manifest.json3.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: OneDrive_2024-09-27.zip.crdownload.0.dr	String found in binary or memory: https://dvr-newmexicogov.access1drive.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)

Source: unknown	Network traffic detected: HTTP traffic on port 61522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 57296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57247
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57249
Source: unknown	Network traffic detected: HTTP traffic on port 61545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57252
Source: unknown	Network traffic detected: HTTP traffic on port 61539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57817
Source: unknown	Network traffic detected: HTTP traffic on port 61504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61563 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61517
Source: unknown	Network traffic detected: HTTP traffic on port 57301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61519
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61525
Source: unknown	Network traffic detected: HTTP traffic on port 57300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61529
Source: unknown	Network traffic detected: HTTP traffic on port 57243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 61487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57289
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61538
Source: unknown	Network traffic detected: HTTP traffic on port 57175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 57221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61530
Source: unknown	Network traffic detected: HTTP traffic on port 61538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57207
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57205
Source: unknown	Network traffic detected: HTTP traffic on port 61558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 61493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57214
Source: unknown	Network traffic detected: HTTP traffic on port 57234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57220
Source: unknown	Network traffic detected: HTTP traffic on port 57240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 57200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 57817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57229
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57227
Source: unknown	Network traffic detected: HTTP traffic on port 57233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57234
Source: unknown	Network traffic detected: HTTP traffic on port 57289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 57295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57237
Source: unknown	Network traffic detected: HTTP traffic on port 57239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57241
Source: unknown	Network traffic detected: HTTP traffic on port 61494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 57372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61589
Source: unknown	Network traffic detected: HTTP traffic on port 61474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61481
Source: unknown	Network traffic detected: HTTP traffic on port 61485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61475
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61492
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57306
Source: unknown	Network traffic detected: HTTP traffic on port 61589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57304
Source: unknown	Network traffic detected: HTTP traffic on port 57252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 57849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 57824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57200
Source: unknown	Network traffic detected: HTTP traffic on port 61473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61494
Source: unknown	Network traffic detected: HTTP traffic on port 61530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61498
Source: unknown	Network traffic detected: HTTP traffic on port 57229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57297
Source: unknown	Network traffic detected: HTTP traffic on port 61481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61542
Source: unknown	Network traffic detected: HTTP traffic on port 61535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61558
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61553
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61554
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61555
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57193
Source: unknown	Network traffic detected: HTTP traffic on port 57220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61563
Source: unknown	Network traffic detected: HTTP traffic on port 57247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61517 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:61589 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.168.112.67:443 -> 192.168.2.5:57817 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\OneDrive_2024-09-27.zip (copy)

Jump to dropped file

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\cr_en-us_500000_index.bin	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\download_file_types.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\crl-set	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\module_list_proto	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_6076_260883701

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.0.dr

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: mal52.win@36/46@72/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,464575565560587866,3599947204452544579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,464575565560587866,3599947204452544579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1520800
Product:	CloudBasic
Start time:	22:49:35
Start date:	27.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 19:50:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	62EB0E91144A14180B26366308BB0635	7BFC0CF6442B7AB86D2FC345C39F35ECCA57CC72	65CF80B7B33D14728F8AEED64F87BDA67A3A07338DFAA5D8DFF07D905740EE43
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 19:50:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D22C65CE841B826562038BCBAA2F42DC	380443336F03C89651EC661D12FF0AEB42082ABA	E3EA1817E8E88A2671C4D066EDE6ABD1D3125D6733E55EA45937C8021485DC56
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2089D7FB71072A1BE41CB94284D88F63	E2153886D2D20C632719EB1FD9B31C98AE7174C0	49B6DD6A323825DC65DBE2BB613E4C31CE6EEC018DC6D719897BA2299F620128
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 19:50:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	46623CE3FAC3FBE9E2638678D499E55A	B37DB58912441D6A817B3551A10269284732B4BC	177005B563EFD4E5B080C4BD53077EAD09409742716EFD23111FDC1C1998B820
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 19:50:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	72E40338020A56A966FE8323BB3DD2C5	0C33DCFF1243C0E5F233B31167694BB167E4563D	657B8106DA995E4BE3A020455E66ABCCE774BC3C99127A204D8279039B557A49
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 19:50:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9803CBD06A3ED6E0F2A6BF1665041266	3AC1D8884672ABB0CC4528580260B7BD390DFF0E	94435DC35B32265F1BFC216162E5BB71EC64C311772224D92C075E8402665273
C:\Users\user\Downloads\OneDrive_2024-09-27.zip (copy)	Zip archive data, at least v2.0 to extract, compression method=store	6207325CF12FB32F3BD3F104FCB0AEFB	EFD1F349C1DF447FACFB6E9C2605F1252D6E2626	B42B2E44B77AA1A09ED60943989A4C04E531766BEDB01EB27D2F8AB91EB7F744
C:\Users\user\Downloads\OneDrive_2024-09-27.zip.crdownload	Zip archive data, at least v2.0 to extract, compression method=store	6207325CF12FB32F3BD3F104FCB0AEFB	EFD1F349C1DF447FACFB6E9C2605F1252D6E2626	B42B2E44B77AA1A09ED60943989A4C04E531766BEDB01EB27D2F8AB91EB7F744
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\_metadata\verified_contents.json	JSON data	F584E95EC547F8E9892079DCCB8C0300	9B0819F3F03267093B7C975F840BDA5FB1A343A9	229276E289709A403DAEC9B03DFB1477D3AB6801094B79A8983474223C4CF963
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.fingerprint	ASCII text, with no line terminators	DD4911D1000B0779A63B51B9DC72BA6F	0853C546284867A3BCDB59E506DD2F0B596145A1	57D878544717AB76EEFB05BFA9409AFA38ED565813B81A7EED8FDDD929015E40
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1100257236\manifest.json	JSON data	01F3DE10093B3B262105724E85817FA6	97DEE66ECE41B53A27CBD4579F44C204E35D19D6	BE1B2D4B5880584961C46EC8ED276B6EE43EA595DA56720268E05BD3D5C95340
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\_metadata\verified_contents.json	JSON data	6D1D175F88B64546105E3E7C31D1129A	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.fingerprint	ASCII text, with no line terminators	684DA5CCA8ADC8CA59CBE5B082CFE0B5	B8784E02DB81C5F846A7848455A2C6629A88BD64	F48C9D93CC216AF13BBFAD15DD5E6D1679CD35D318E664029DDF61EFC6E51A5D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\manifest.json	JSON data	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1472568143\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\_metadata\verified_contents.json	JSON data	7D6EDE6F96A0B67B0B65B7FE4D0BD8C6	32819342DE1353DD7B7C2277132A2C8AC713B027	AFAD87D6408424912274B737E10ACD09FF47EFFAC7C0DFF3A658BE32AD8E81E5
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.fingerprint	ASCII text, with no line terminators	A43371DACA3F176ED5A048BC5E2899B1	32FC0A9ECB568BDF3CE13F9EA17E827A900EDB42	736DB43A7CCB37136CAEFF0B80670BD76BFE528203856CB19CB6C3D161B48F9C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\manifest.json	JSON data	713CD498ACBE38CCD3A83F9ACBAB4A18	20D43E9E26EB68915062A9EF1686C8C5AE232B54	72ABCD3E4517CD26BDE42D72CD84C366ED920F168DECCD00598F9219891F6345
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1522017139\module_list_proto	data	9E7D797CC67A0142F6CB3844B04D4851	9CE8A316A8A6A41670F4F18C0B24569855B9C47B	2BAB54E87F8D864F6CA60E5630556E42BE8999183331C9302E0E465860152F5D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\_metadata\verified_contents.json	JSON data	4694BAF425B0900F7EB877C2E40CEDD0	3433E30157F03E4BE9F4684D1CAA051A6FB7EF9A	3E593C0FBFF809533F1618B4782F1883232760498685BC746B609FE5D5D2D33D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\download_file_types.pb	data	B486A2D22E22545B4D7CE820C38245CA	3BE7E3D4E07C581B9638A73A062809FB1F535CA8	2F490C4ADC51B58604C99546925F091DBDA66CE6E54A0EA5B75E675D1FBE019C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.fingerprint	ASCII text, with no line terminators	2D2821924DCA2175310C5327DF6F43AB	184FC6D05C9976E6AD04F29B9A079258E70622DF	7AEBDBA4C92933A450F9FD66DD4BC7829CEC5013D9BB662CE12F32170D066E28
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1774995298\manifest.json	JSON data	B5DABCB6B1744DA449B7EE8F85258F7F	6602DA5EB5D1E64644F5427F210CE1E57544BFBD	082775D5EA6BACC6BEE71F31A68E966B4A7CF8D39ADC681894B0E1F89BFBB47B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\Filtering Rules	data	B23DD5B6ECCB460003EA37BA0F5E3730	FD444553CB7699F84CE7E5664232771673DCF67D	7F7F432C27D97DEE184DCD3EA20F731674C008BE849C0136F9C5358E359F3EA9
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\_metadata\verified_contents.json	JSON data	2FF08C4B4128F634CBBFEA0C1C44AA2E	45D11E57DDF29E843AC8545C7D06CDDB5DF3E962	33B6F2ECD5FB7F9FAF538F29808716EFA337A653809943A8E4B5E450B734DA09
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.fingerprint	ASCII text, with no line terminators	6DBEDE254AF8A23D6CB2ABAEA8D2E38F	A827D46FA5D53CB7B134F143CC15A30BA015ED21	376ED55CD5AB45C0F7BAA1AF0AC2637C33DEA6D1D4683B729AE7CE764F70DAA1
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1908859899\manifest.json	JSON data	3448D97DA638C7EF0FBCA9B6949FFC8F	36D8434F26F0316FAB4627F7856FCA7291FE8ADF	1700A11FD1E58367B450A41B2AE5FD26ECB5CDB459869C796C7DDE18F1D30F73
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\Google.Widevine.CDM.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	477C17B6448695110B4D227664AA3C48	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\_metadata\verified_contents.json	JSON data	3E839BA4DA1FFCE29A543C5756A19BDF	D8D84AC06C3BA27CCEF221C6F188042B741D2B91	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.fingerprint	ASCII text, with no line terminators	D30A5BBC00F7334EEDE0795D147B2E80	78F3A6995856854CAD0C524884F74E182F9C3C57	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_1977249299\manifest.json	JSON data	BBC03E9C7C5944E62EFC9C660B7BD2B6	83F161E3F49B64553709994B048D9F597CDE3DC6	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\_metadata\verified_contents.json	JSON data	6403F443AFBF00002AACCF2CDEBCC36C	F89920A8C3F46A992B3DDA5F31D05B89A8257942	49CDBE813D76EE874AD9A7C4CB943D661E72B80CF5CBBC84B8E49B29AE75B703
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\crl-set	data	0A3E52433DE403FF89DACBB133262BC8	0C6AD9A42B6A8B0A70B03198F5AE181D9E02A95C	41CE35A03E99DD562F90BFBE73DC38B7BA84449D365B025896B545F7A2FE78D8
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.fingerprint	ASCII text, with no line terminators	C842153106F747023C5D2A853FFD44A8	61DB07B7C327B1362041AA660748844582F3BF9C	0DA6B97C2EAEFDC6FF4800F1DDA5A80A871812100D68BE284F0ED498705AFB9D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_471865923\manifest.json	JSON data	7CA28B9039D379E64CD3B40595045250	047EB0E069CE0E6D7A36DDB93B01C42738958B08	677F747E3E745838178776C079563377D147567D8CB6FB1F8D5B86C6C64F1969
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\_metadata\verified_contents.json	JSON data	AC2C1A9F6139D0B4A3098572C9C45C27	A7B7B8B2C9F872E83C3E2692C2745BDBF0195E9F	7A0B60D3BF07C1F3B203681435BF63F6E4A9B1FFCFA4082B5EB414FB7291A0FF
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\keys.json	JSON data	C009AF1DC527BB03B78B63D86C1F6723	868008EB7CE96F413386CD35030BA997A5B4E036	8080F1F14063534E1A1EB274CDE8891ED23140F562F83481CFA6548D891B37C6
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.fingerprint	ASCII text, with no line terminators	0C5AFF0BE5E35B9BE00DD8C97C95C674	67197488718A9236C25066D8D27F4A7F8C2EE040	5E8F816FF359EE5790FFE5E871D13437017C860E3AD2616974CFFD0E995F69AB
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_68224929\manifest.json	JSON data	72B982EEDDA5BF3A88CCE5E7D6293860	50BEC1E2CF7177D602319D846E2AD7EFC66062CC	C9821F27B1399F643C6B0832951E900BBD969629AE9ED974085372FF48BB70A3
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\_metadata\verified_contents.json	JSON data	F5B9C966EB93F7872A3912DF54FB111F	7B1A197F4D759316284BFEC79F30013B7C781D94	38332E166736E41CE2E5E668C3DE1EEC8467B87D5136C8413E6261C0F8B35ABE
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\cr_en-us_500000_index.bin	data	96DB58957B26AB466F04A49E564B88E9	8F3A2CEE899435119189804820DA85E488876279	EC7173FCA63E6AE7185279F7B0977460D3824E1C124DDADEA0C1BF327C93FA76
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.fingerprint	ASCII text, with no line terminators	D2F3C5774D48283F037291454607C3CD	F4BA368313FCDC02C75DE02F2FD3CB5F7A0980F6	3B8A11F3A749394203849D0FAED36A6FD0695B85B4774FC5476A651D55684825
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6076_851539468\manifest.json	JSON data	79C93E2D4FF43CED56BC85DD135A1F7F	BAC80396DD067CDE3E8B35C2569224D9774FE6B5	973A1C3D8EAD6F6C560FCD17CBC38122FD18EF0095523409CF8C58296B57D54C

Windows Analysis Report
https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://newmexicogov-my.sharepoint.com/:f:/g/personal/christine_fuller_newmexicogov_onmicrosoft_com/EoaWDUrKgw5NpxyRqgYpeMMB9xM6HiHeCt0mCjuvQCuY2A?e=Aa5N0v