Windows Analysis Report
https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D

Overview

General Information

Sample URL:	https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D
Analysis ID:	1428849
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Downloads suspicious files via Chrome

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Allocates memory with a write watch (potentially for evading sandboxes)

Creates a process in suspended mode (likely to inject code)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

May sleep (evasive loops) to hinder dynamic analysis

Phishing site detected (based on OCR NLP Model)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Classification

Signatures

Phishing

Phishing site detected (based on favicon image match)

Source: https://usercvey.store	Matcher: Template: microsoft matched with high similarity
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.7.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 3.13.pages.csv, type: HTML
Source: Yara match	File source: 3.10.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291	Matcher: Template: microsoft matched
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291	Matcher: Template: microsoft matched

Found iframes

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

HTML page contains obfuscate script src

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM: 0.5

ML Model on OCR Text: Matched 85.6% probability on "OneDrive Download Sort Details Eric Rosario > Attachment Name v Activity Modified Modified By File size Sharing - P057992.pdf 47 minutes ago Eric Rosario 126 KB 00 Shared "

HTTP Parser: <input type="password" .../> found

Source: about:blank	HTTP Parser: No favicon
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=	HTTP Parser: No favicon
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No favicon
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No favicon
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Source: unknown	HTTPS traffic detected: 20.189.173.20:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.104.130:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.44.104.130:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49820 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.20
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.104.130
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.205.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159

Source: chromecache_1312.2.dr, chromecache_1123.2.dr, chromecache_1439.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_1494.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_1213.2.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_1308.2.dr, chromecache_1584.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_1549.2.dr	String found in binary or memory: http://linkless.header/
Source: chromecache_1203.2.dr, chromecache_1525.2.dr, chromecache_1200.2.dr, chromecache_1164.2.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_1584.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_1312.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_1308.2.dr, chromecache_1584.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_1536.2.dr, chromecache_1434.2.dr, chromecache_1365.2.dr, chromecache_1206.2.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_1302.2.dr	String found in binary or memory: https://apps.test.powerapps.com/sdk/preload
Source: chromecache_1536.2.dr, chromecache_1434.2.dr, chromecache_1365.2.dr, chromecache_1206.2.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_1659.2.dr, chromecache_1599.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: chromecache_1308.2.dr, chromecache_1494.2.dr, chromecache_1564.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_1584.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_1331.2.dr	String found in binary or memory: https://lists.live.com/
Source: chromecache_1536.2.dr, chromecache_1434.2.dr, chromecache_1365.2.dr, chromecache_1206.2.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_1336.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_1336.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_1486.2.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_1594.2.dr, chromecache_1493.2.dr	String found in binary or memory: https://loki.delve.office.com
Source: chromecache_1309.2.dr, chromecache_1403.2.dr	String found in binary or memory: https://make.powerautomate.com
Source: chromecache_1126.2.dr, chromecache_1309.2.dr	String found in binary or memory: https://make.preprod.powerautomate.com
Source: chromecache_1126.2.dr, chromecache_1309.2.dr	String found in binary or memory: https://make.test.powerautomate.com
Source: chromecache_1466.2.dr, chromecache_1536.2.dr, chromecache_1434.2.dr, chromecache_1365.2.dr, chromecache_1206.2.dr, chromecache_1640.2.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_1252.2.dr, chromecache_1231.2.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 7za.exe, 00000008.00000003.2035768636.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, 7za.exe, 00000008.00000003.2036472389.0000000000E10000.00000004.00000800.00020000.00000000.sdmp, PO57992.pdf.8.dr, chromecache_1382.2.dr, 84da8ae0-44df-4a37-abdb-5e65ce47ef09.tmp.0.dr, Attachment.zip.crdownload.0.dr	String found in binary or memory: https://ncosulteng.store/?lzbcqrww)
Source: chromecache_1466.2.dr, chromecache_1536.2.dr, chromecache_1434.2.dr, chromecache_1365.2.dr, chromecache_1206.2.dr, chromecache_1640.2.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_1622.2.dr	String found in binary or memory: https://odspwebdevdeploy.blob.core.windows.net
Source: chromecache_1622.2.dr, chromecache_1430.2.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_1309.2.dr, chromecache_1170.2.dr, chromecache_1535.2.dr, chromecache_1421.2.dr, chromecache_1145.2.dr, chromecache_1495.2.dr, chromecache_1517.2.dr, chromecache_1357.2.dr, chromecache_1373.2.dr, chromecache_1273.2.dr	String found in binary or memory: https://outlook.office.com/search
Source: chromecache_1181.2.dr	String found in binary or memory: https://outlook.office365.com
Source: chromecache_1181.2.dr	String found in binary or memory: https://outlook.office365.com/SchedulingB2/api/v1.0/me/findmeetinglocations
Source: chromecache_1405.2.dr, chromecache_1554.2.dr, chromecache_1309.2.dr, chromecache_1536.2.dr, chromecache_1170.2.dr, chromecache_1264.2.dr, chromecache_1421.2.dr, chromecache_1242.2.dr, chromecache_1145.2.dr, chromecache_1365.2.dr, chromecache_1373.2.dr, chromecache_1400.2.dr, chromecache_1206.2.dr, chromecache_1403.2.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_1439.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_1430.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_1595.2.dr, chromecache_1486.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: chromecache_1287.2.dr, chromecache_1328.2.dr, chromecache_1487.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.007/
Source: chromecache_1328.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.007/spserviceworker.js
Source: chromecache_1287.2.dr, chromecache_1487.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.007/spwebworker.js
Source: chromecache_1328.2.dr, chromecache_1430.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.011/
Source: chromecache_1328.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-05.011/stsserviceworkerprefetch/stsservicew
Source: chromecache_1430.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-05.011/
Source: chromecache_1640.2.dr	String found in binary or memory: https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration
Source: chromecache_1430.2.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_1430.2.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_1434.2.dr, chromecache_1640.2.dr	String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_1434.2.dr, chromecache_1640.2.dr	String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_1430.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_1392.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_1453.2.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_1603.2.dr, chromecache_1256.2.dr	String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_1622.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_1430.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_1622.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_1430.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 50190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443

Source: C:\Windows\SysWOW64\unarchiver.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4960:120:WilError_03

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,12771380650734538632,11866700352164859411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Attachment.zip"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa" "C:\Users\user\Downloads\Attachment.zip"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa\Attachment\PO57992.pdf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa\Attachment\PO57992.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,1256122059137391,10013000230924148535,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ncosulteng.store/?lzbcqrww
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,16429471112110654690,14236034741163555508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,12771380650734538632,11866700352164859411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Attachment.zip"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa" "C:\Users\user\Downloads\Attachment.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa\Attachment\PO57992.pdf"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\mjawqlkp.qoa\Attachment\PO57992.pdf"	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ncosulteng.store/?lzbcqrww	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,1256122059137391,10013000230924148535,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,16429471112110654690,14236034741163555508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc_os.dll	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 1070000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 2BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 4BA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Window / User API: threadDelayed 891			Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Window / User API: threadDelayed 9107			Jump to behavior

Source: global traffic	HTTP traffic detected: GET /:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/eric_rosario_bullard_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%2FAttachment&ga=1 HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/eric_rosario_bullard_com/_api/v2.1/graphql HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://edbullardcompany-my.sharepoint.com/personal/eric_rosario_bullard_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%2FAttachment&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/eric_rosario_bullard_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/eric_rosario_bullard_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%2FAttachment&TryNewExperienceSingle=TRUE HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%5D%7D&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&list=v2&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://edbullardcompany-my.sharepoint.com/personal/eric_rosario_bullard_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Feric%5Frosario%5Fbullard%5Fcom%2FDocuments%2FAttachment&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1713554341_7847fc8f63778ce8d70df28bdd34196535e6992a65311b7acc546835052ba8b1&P1=1713547425&P2=1878891387&P3=1&P4=aFI%2FZI8q6d7SgLBSSe07U0ssdkRpwSUWdj548An7fXsAGNYoYuQM%2FxYJsLjmYf95Y94%2F%2BrtPjylZoDDZ25muvjgtGIKIuSKNIhiMF%2B3MsM5v9bIqFqp8zpzDZlIhcxAc6hjm5SHXdM%2BxcdW%2Fp%2FTyBgbzjHUOD6laDjm5ImuhdMPDmMDDgYxWIz%2FXplbNbqHe7JxX4JKeIo5ICxFytkiKFBB%2FZOWUH1gxYVXunfp6LIMhmOY9r53PSF4grrh%2FPOel8lzZ8S5HKOuWwMY4am2R5HlY0OZE9unchqIgji%2FU8H%2FDY9zRyLJZ6xRxAMtwiYrGlZBrtXej6zvG4RnWwgB1uA%3D%3D&size=M&accountname=eric_rosario%40bullard.com HTTP/1.1Host: edbullardcompany.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://edbullardcompany-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22STS%22]&languages=%5B%5D HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%5D%7D&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&list=v2&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/SPComponentRegistry.ashx?projects=[%22spfx%22]&languages=%5B%5D HTTP/1.1Host: edbullardcompany-my.sharepoint.comConnection: keep-aliveAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&navigationPreloadHeaderValue=%7B%22supportsFeatures%22%3A%5B1855%5D%7D&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&list=v2&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzRjNzdlNDVhMmZlNGU4ZDUzNzkxYTc3NzcxYWQzMWE4OTZiNWJkMTY4YmIyYjgxMTg1MTYwZmUwNjliYjFmMzcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNGM3N2U0NWEyZmU0ZThkNTM3OTFhNzc3NzFhZDMxYTg5NmI1YmQxNjhiYjJiODExODUxNjBmZTA2OWJiMWYzNywxMzM1ODAxNjIxNDAwMDAwMDAsMCwxMzM1ODEwMjMxNDc5ODk3OTEsMC4wLjAuMCwyNTgsNzczZDk1OWQtYWE4Yi00ZGQ3LWEzN2QtM2YwZGIxNTNkOTkyLCwsMTk5NDIwYTEtMzAyOC01MDAwLTM3YzQtYTA5MDU0MjllYmJmLDE5OTQyMGExLTMwMjgtNTAwMC0zN2M0LWEwOTA1NDI5ZWJiZixZWUNlR2VyMVBreXA0dTcycTdKM0xnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTI0MDksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LHlPRUVsVnQ1c2RzVk5aRVFhaGJDSklNRVhzZVZZMjFjMFQzV2xXWnRKOWk1Z2c5SzNVeXdQL2ZTWGhhcU5DbXE0U1EyNXdXNWJKcmxyUXk2VXpDYnNIdFhYaklkMzBJRGtveWlCZGNEZ0ZwdHBWdEVnNlVvRC9XQzZDeUdhN2dQWEU1OU9iYTZ0bW50MHYvU3U3V0JZOWVqRUVXTDZhTE1aSjVSL0FMMUFhNE5VL3pTS2tISGNkcDE3azJ4Vi8xWFRlYVpzNDV2VjRkajY3dTBNYlFDU3lCYnRBdzA3cG5qZFBBaTkyd3plaVE0azd4ODhyTHNBNXlIdmF5blduQmx6dlE0UnpBenN0b1hBbStOaWxNRWEvVlA3T3RiN0gzRk9zbXdTeFhFTjljYUJmNjlFNnQyVldVb05rUVZkUG9ZUlB2Y3lrOVRGNUtONkF3aWVnaVRmZz09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_vti_bin/afdcache.ashx/_userprofile/userphoto.jpg?_oat_=1713554341_7847fc8f63778ce8d70df28bdd34196535e6992a65311b7acc546835052ba8b1&P1=1713547425&P2=1878891387&P3=1&P4=aFI%2FZI8q6d7SgLBSSe07U0ssdkRpwSUWdj548An7fXsAGNYoYuQM%2FxYJsLjmYf95Y94%2F%2BrtPjylZoDDZ25muvjgtGIKIuSKNIhiMF%2B3MsM5v9bIqFqp8zpzDZlIhcxAc6hjm5SHXdM%2BxcdW%2Fp%2FTyBgbzjHUOD6laDjm5ImuhdMPDmMDDgYxWIz%2FXplbNbqHe7JxX4JKeIo5ICxFytkiKFBB%2FZOWUH1gxYVXunfp6LIMhmOY9r53PSF4grrh%2FPOel8lzZ8S5HKOuWwMY4am2R5HlY0OZE9unchqIgji%2FU8H%2FDY9zRyLJZ6xRxAMtwiYrGlZBrtXej6zvG4RnWwgB1uA%3D%3D&size=M&accountname=eric_rosario%40bullard.com HTTP/1.1Host: edbullardcompany.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?30e2bb710103976411f71b6224d0899a HTTP/1.1Host: tr-ofc-fs.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://edbullardcompany-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?30e2bb710103976411f71b6224d0899a HTTP/1.1Host: tr-ofc-fs.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a466a16f51832b88e3a2851f73c7b1f7 HTTP/1.1Host: tr-ofc-fs.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://edbullardcompany-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a466a16f51832b88e3a2851f73c7b1f7 HTTP/1.1Host: tr-ofc-fs.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?2a781b4be53ea5af4c502abd34681788 HTTP/1.1Host: outlook.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://edbullardcompany-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e9b272c0126501a02e030b918b05310d HTTP/1.1Host: outlook.cloud.microsoftConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://edbullardcompany-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://edbullardcompany-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?2a781b4be53ea5af4c502abd34681788 HTTP/1.1Host: outlook.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e9b272c0126501a02e030b918b05310d HTTP/1.1Host: outlook.cloud.microsoftConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /?lzbcqrww HTTP/1.1Host: ncosulteng.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2pvbmVzY3ZleS5zdG9yZSIsImRvbWFpbiI6ImpvbmVzY3ZleS5zdG9yZSIsImtleSI6IkhOU2hEaXZuVW5FViIsInFyYyI6bnVsbCwiaWF0IjoxNzEzNTQyMzY4LCJleHAiOjE3MTM1NDI0ODh9.i5rIlT4MxOIioOE8k-Mp4oL8b2KPQsTT-m-VgTnpm40 HTTP/1.1Host: usercvey.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: usercvey.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: usercvey.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g
Source: global traffic	HTTP traffic detected: GET /?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ= HTTP/1.1Host: usercvey.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_3b4rnVNi70Sso4_c42_ImQ2.js HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8j9Zx29HZI50-As2wGFthEHAWo_AvzvFG4QnBBN9TMMGe4m7c5K9mtXyQJhLhnYqBBMukZ3Q24sP8kF4z4DHI-7L5wp7SatX17aeyBCev9TrOBPBLdrC69N_UPzLHNx4ZT3I5G8PNiyKOu3opOs5x1Cil6yHvdWurY2r5orMwHv0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=true HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8j9Zx29HZI50-As2wGFthEHAWo_AvzvFG4QnBBN9TMMGe4m7c5K9mtXyQJhLhnYqBBMukZ3Q24sP8kF4z4D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY0; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8j9Zx29HZI50-As2wGFthEHAWo_AvzvFG4QnBBN9TMMGe4m7c5K9mtXyQJhLhnYqBBMukZ3Q24sP8kF4z4DHI-7L5wp7SatX17aeyBCev9TrOBPBLdrC69N_UPzLHNx4ZT3I5G8PNiyKOu3opOs5x1Cil6yHvdWurY2r5orMwHv0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pxjdzrjcwtmbr-ntjn_f8q2.js HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://usercvey.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: usercvey.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usercvey.store/?m4bfwadgk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2Y1ZDljMmMtNzczZC01M2MxLWIyM2QtNzBmZGZjODUyZmZkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5MTM5MTcwNzQwNzI0MC5hZmMwOTk4ZS1iNjYzLTQ5NTEtYTllOC0yMDM2NDI2OGE5ZGEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallFaEFQc2RCamEybDF6ZkZiTGNGQU5acG1Rck5nQ203Uk9Ob1JpWmtYV2pQNTZJSUgzaXFNa29jRFRPR1l5ZFc2ZW9aZDViNWJ2WDlzdjQ=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=HNShDivnUnEV; qPdM.sig=-ThKc1MeLiJbUfM8nqGHPb8GK3g; ClientId=FAD31F7C4BBD41F39BEA41EDF7800CE6; OIDC=1; OpenIdConnect.nonce.v3.DztGFXDTBhaqzsehBVgjWiu9LgaVTmdGUWz0BFfG2Ks=638491391707407240.afc0998e-b663-4951-a9e8-20364268a9da; X-OWA-RedirectHistory=ArLym14BiGPdsolg3Ag; esctx-bdZ1DboluI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8U7A0P8Zfc6YAaDANMhlxi5W9xc_Glq8Dq_-S4Ny3QANwUhQQMcyS5GrgvD_70r-6njfJesbyyB1Qxxg3uselilGS_mYTpwKekBCNVGr-gddNjTHJBPIFIBCL75OSWpkVZuD_jl7XKOQpMDXZXVC96iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.Ae4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd88sqycnL8h2dlWjzLUiI5bOLVWm0iKQ7DtEzd7-ZHXucNhApn6H-9Ds2RCFfdp8FeqGGdqfhE1UBOGETzlKEB-giFYXBybM__VP6A63yUMuIgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8djUnheHOKcLg8MBrGjl756xt7c9PjxKro9cuIEnnVWx-OTKgD0z9SqBfJhx9gLGuUUoG_5VIELKdxhn8DAGRKukyuFAezG185S9XV7dxnL1WBaGVUCv1T1G-QFc3zyk5RebyaEVl5rhOZRNcjJbM100F39piUhoT3ukRwSRwweEgAA; esctx-4jlOfI5AN5I=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8q9fhtSsWLgC_pEPGySL0yf9hoJKuJU-kn5GsYTU9kbmt8H2bk_ELAUpCuZxvRBUGHDGeAhAR97-O_EKLYhAwmn8HzuD8VCThvkmEbQwhwZF5KZjCPp4vKZ-leSH4IKmtkWWuavfF61bdUAsrZOWsWyAA; fpc=ArQ8lAOT7ORHrnP3uBRhaY2erOTJAQAAAOWLtN0OAAAA; brcap=0

Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6632	Thread sleep count: 891 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6632	Thread sleep time: -445500s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6632	Thread sleep count: 9107 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6632	Thread sleep time: -4553500s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed

Source: chromecache_1475.2.dr, chromecache_1522.2.dr, chromecache_1574.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_1475.2.dr, chromecache_1522.2.dr, chromecache_1574.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.138.10	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.96.181.226	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.96.173.226	LYH-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
23.54.200.159	unknown	United States	16625	AKAMAI-ASUS	false
209.38.130.221	ncosulteng.store	United States	7018	ATT-INTERNET4US	false
52.110.9.140	ofc-fs.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.107.247.12	svc.ms-acdc-spo.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.96.173.130	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.110.7.37	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
64.233.176.103	www.google.com	United States	15169	GOOGLEUS	false

Name	IP	Active
ncosulteng.store	209.38.130.221	true
ooc-g2.tm-4.office.com	52.96.173.130	true
chrome.cloudflare-dns.com	172.64.41.3	true
dual-spo-0005.spo-msedge.net	13.107.136.10	true
part-0013.t-0009.t-msedge.net	13.107.246.41	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
svc.ms-acdc-spo.office.com	52.107.247.12	true
www.google.com	64.233.176.103	true
ofc-fs.tm-4.office.com	52.110.9.140	true
usercvey.store	209.38.130.221	true
LYH-efz.ms-acdc.office.com	52.96.173.226	true
edbullardcompany.sharepoint.com	unknown	unknown
2739aba1b9f0348caf5088b31580f219.fp.measure.office.com	unknown	unknown
r4.res.office365.com	unknown	unknown
tr-ofc-fs.office.com	unknown	unknown
eastus1-1.pushnp.svc.ms	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
spo.nel.measure.office.net	unknown	unknown
outlook.office365.com	unknown	unknown
outlook.cloud.microsoft	unknown	unknown
upload.fp.measure.office.com	unknown	unknown
config.fp.measure.office.com	unknown	unknown
edbullardcompany-my.sharepoint.com	unknown	unknown
eastus1-mediap.svc.ms	unknown	unknown

ID:	1428849
Product:	CloudBasic
Start time:	17:57:38
Start date:	19.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0D