Windows Analysis Report
https://url.au.m.mimecastprotect.com/s/ym7TCZY1GQuMp54GSzAaWK?domain=netorgft11294697-my.sharepoint.com

Phishing

Source: Chrome DOM: 0.4

OCR Text: New Document.pdf Info 1/1 New Document Shared with you. ThS WAS to you to Pages: I Size | 2.3 MB.Expir, 104/28/2024 Ref: PrWt-y Click View and Print Online"" TO view document

Source: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.html

HTTP Parser: Base64 decoded: https://bomoorenewcombsrtrewqe.store/documtationconstruction/bocon/8c73f62.php

Source: Chrome DOM: 0.4

ML Model on OCR Text: Matched 95.3% probability on "New Document.pdf Info 1/1 New Document Shared with you. ThS WAS to you to Pages: I Size | 2.3 MB.Expir, 104/28/2024 Ref: PrWt-y Click View and Print Online"" TO view document "

Source: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.html	HTTP Parser: No favicon
Source: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.html	HTTP Parser: No favicon

Compliance

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49715 version: TLS 1.2

Networking

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/ym7TCZY1GQuMp54GSzAaWK?domain=netorgft11294697-my.sharepoint.com HTTP/1.1Host: url.au.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/im5eXWNvPH6MzmFjnUZH7VKmX5D-oEqyhX6BLVHIKi6FlTzGJPUyDxq9AdoJ1t6F4jkiaAb70X6GduOhJvlJPcCgcx8lhZYiUCKfG6YM51NAXkAqD6dMfnuAIB8n6mxF4SmjiDkw2eV4lG0cZLTWNd9hWyykOYyJ4-J8cvqka3_uixmsaGUaV2jSfHlRy4o3DAgCVkGu4-oOosBmjCL0HOOiLeo67jzXfs1FA2ZNxv1Zj7Li1pzRLAD3OAabPPvCp4gdrxNT4lW3QfiLdhJWYVHsFkj--QlCxxa5HpSmegf0yedKcvOcT0UjShofCdYZSMd2v6-rhEfcMPKV1CnJ7UsCBdqlcgkpwZM9n-5S4EDBmhYPR3_wHrHOvPR4XTGrbvcgUP3wKnLZAYpWdO5IQcafXjvdMclTjSavPIXmJG75KRJy9Ed8uno3V_mph26UPZYYTMpa9TTysa9MFN_l7AByQtviKuz_PdJVXkUTfJjDheuyWHWrhxs-rLaINUN-k-h6a849Cl_k0gZWb7ZZJKCeQW0JJsDL4qS8vEV2nbnXXuJao8se88_y0jCfZE4BLk54e0K3qxCl-F7PGQWt8LmCtnHWYeiwfJxx4Bt_hVRulnBxb4uCPe8EQO4PuoKElE7iz9Rk8gvbalJoOAOT9HZMvYniD3_KP_p0sj9r2dC2nbR_R_GJjyEFyS5UQ7SjhMopox9Je_rETZsi4afr4k1bJTMqwlrgJuMDi_eTu4LdHliGyAAyz7CvFL1gGJR6_swdXqsftnD43S8OYOmPIQLbbqPVJhLluPBs_-5abK7d055DII7xZ48bni0hKaB-2QIDEugJnYteyibxnO_dCYCzA3_NTCXIX2DSEBpNXN7kk4MmoW8HxgA3JAIVrk5L4AiXBtZVyWx6kRu_i_mQy3J-cFY7brreuunQ77aJ07nNoN6QSa_mNmCvxYRW3TFNz0WtLe3R6bGyep1v2yf8zMdXHShMegfNZeP80aoj1Cf36rAsng6FwkoHG4ZgzPHMmgSHMSN41A3wdcgxVPicDOOL4PPcbffhnf7PlAP1D1W6fvHdR1Ru0ZPG1ErI0zh6A_ZV_GncKO0nQzivTnvzu04lA3MzIt51_fvTSP4Gfs9nfdLwZ46tVHFmLvWmUODnevWz8LkLIxCOUbCrIZm-xdgMeYOp6CDpNJwt4SQDIoOBArJ-V-dor-yX00PYTISoIGdCBHLIQtL7IXjTHLAcIzTkJ8tN-V3nNQbXiYbyVAEytqCV6OZ0xIRvDOT0g2Li3f1TA7sZLlV4LBWc-ejiPB8MflvRtRZCGdcVYiO6J6daXzxnCzXB4hlXca1wd4pNbKaRHxwfHNhnVRl1PlkdWp32ejg-4--z7ECoixtOzpkQ4w0n55-dU0PrNbeAw9_qqySsOJO65zBmk2LZ4njliTOk4afonwQPkbwD0vuWZhab9X57ZsEN41VZHh7LDkCYQl2N5xD9DCL6kV12ETtiH6-BaZQSeOStRIcwQzvtirIW1toPlINm4W31_ym0ujm9nFdzK2uyk1mQz0s9W9lMm7QhD1kysjU1or46OeTCG-pZCq5USskDpM-m4FBYfAybTN8x3ny_KrODd_jbLx8WD7MOWgGdJTQwYPYfjNa0elzGqEV3p43m5WO_VFUyBWnTnnVSXAfzov2S-7S22_yvx1nMzqy1LqkV999PNC0yMPSo9NKxex5U8ATSx28_rheaD0CZBkjzT17CnZiUjZb1JAN0F4MtrMOghgRKT-QCCzOwa4qPSeUVEDvtqazCjopPkXya-4a1WEqfA8CNWb_UKPmHmUb4isr76mTdcTIZEW5KYO51it14QShu31AheGB9FR5M_fSooz8lk5pVIXoyVbW0hVCvRTAmKSBAVyXdEgpsyCbQW_-grgs6TgG-9TEmgjBAkF3CFMfst5-UF8XzogyJto2vlya6zlQCFTl7azTbvW5x0YTJw8pq9Qk88xk7wZGlh_QcyymdstJgsk8L2PjTTIC1rUxLxu_Q4sA5sLY0j6rsyTQg2O5svuhlplp4SUgxABBGgM_yHV2svyD3s1YK3JYCGj7tLqsQbyJ-AfTRXP_LfbfQk_DzklRr-NmRgtMsIEMT3R5149anfu5AYqD0Dd4qeNbU_yCDnBFVEiLUFBGwc4SIhOnkE7Hafvd5vNidDJ_qQmtiEi4fAjbpRM0Iz7MXFU3UtbD5tX9zc7LG0aHyWDmzaJR7_zycfMyrAy7hCdGwH67FQ7qDCRoCE0OXR5mC55g4hzzQLDMuQysMJO3r0owoUNkUA6aGs_RzyjCQlmDHx5imtK4q93suoKmPDDRrWaqLVAuBgLjQjPdP5oJcgzaQS97zs43FigINRYk6uqEEdS6d4GDqpaPAyx--W-qFC9wlCHXpW0ckfUjlXbM8P_q4inUKHWmdzS5cEKntTJgf6Mbcv1-pzwvD_NeOd9O-1NxrT-YmSpePBA34aDZVBLuX2zkBNPsd0c6DubtrBVcy6OZ6vmse9ScFWrQS-zWK-kkocLk76LcW7gxo1yaIcLn-FEKCUc1HdfBcJ7z_BcCYdHODpZKFfo1Jq5Wfi74djSKFnY4K2j5_YRMni1CLE_FH6gQB5R7F01Kp2EwgajzVxHFBiKwg-NPqvVFL8p8a8QFfiFnxXvBcYzGMlZiJJKzYpSOl5y8TWIJRkmSlmO93WoUvYEpyj-qHbeR7o0V-DRd3vB3hT4lYTBmrdFtDKPqPWHjIs6_WhZ5R0lR--YdHtJbmSdRVOcCjwg HTTP/1.1Host: url.au.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/5
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /:b:/g/personal/damion_riverbrookcustomhomes_com/EcjtaC-2Z0ZDidK1aM6NTrIBlouG5tiRXKd2X6ScLbrh9w?e=eKrSwx HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom%2FNew%20Document%2Epdf&parent=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&ga=1 HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_api/v2.1/graphql HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft11294697-my.sharepoint.com/personal/damion_riverbrookcustomhomes_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom%2FNew%20Document%2Epdf&parent=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://netorgft11294697-my.sharepoint.com/personal/damion_riverbrookcustomhomes_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom%2FNew%20Document%2Epdf&parent=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fnetorgft11294697-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!6q9ypYAG0UC_JuhrtzUZffccGRFER6dPs8JCcdbGtbW2y6dBhwheTK_Q-mGeVVPd%2Fitems%2F01547BUFGI5VUC7NTHIZBYTUVVNDHI2TVS%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV0b3JnZnQxMTI5NDY5Ny1teS5zaGFyZXBvaW50LmNvbUAwNGJjYWIzNC02OGYzLTQ0YTQtOTY0ZC1jZTRhNjUyYTZkNGMiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYiLCJlbmRwb2ludHVybCI6IkFHVTdsRXZZaEk3TnFkN0UyTXk5V3ZIc2t4Y2lJdS9vTk1OWDJoWjlneUU9IiwiZW5kcG9pbnR1cmxMZW5ndGgiOiIxMjYiLCJleHAiOiIxNzE0MTAwNDAwIiwiaXBhZGRyIjoiMTAyLjEyOS4xNTIuMjIwIiwiaXNsb29wYmFjayI6IlRydWUiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAiLCJpc3VzZXIiOiJ0cnVlIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiIsIm5iZiI6IjE3MTQwNzg4MDAiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsInNoYXJpbmdpZCI6Imw0RTRSTGlWSWsyaEJjYzdPb2F1OEEiLCJzaXRlaWQiOiJZVFUzTW1GbVpXRXRNRFk0TUMwME1HUXhMV0ptTWpZdFpUZzJZbUkzTXpVeE9UZGsiLCJzbmlkIjoiNiIsInN0cCI6InQiLCJ0dCI6IjAiLCJ2ZXIiOiJoYXNoZWRwcm9vZnRva2VuIn0.aVeK3sOsufkWVhMl-Eq84GlafYE3KUYGGK30GNz_jNk&cTag=%22c%3A%7B2F68EDC8-67B6-4346-89D2-B568CE8D4EB2%7D%2C1%22&encodeFailures=1&width=1280&height=859&srcWidth=&srcHeight= HTTP/1.1Host: southcentralus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netorgft11294697-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/thumbnail?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fnetorgft11294697-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!6q9ypYAG0UC_JuhrtzUZffccGRFER6dPs8JCcdbGtbW2y6dBhwheTK_Q-mGeVVPd%2Fitems%2F01547BUFGI5VUC7NTHIZBYTUVVNDHI2TVS%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV0b3JnZnQxMTI5NDY5Ny1teS5zaGFyZXBvaW50LmNvbUAwNGJjYWIzNC02OGYzLTQ0YTQtOTY0ZC1jZTRhNjUyYTZkNGMiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYiLCJlbmRwb2ludHVybCI6IkFHVTdsRXZZaEk3TnFkN0UyTXk5V3ZIc2t4Y2lJdS9vTk1OWDJoWjlneUU9IiwiZW5kcG9pbnR1cmxMZW5ndGgiOiIxMjYiLCJleHAiOiIxNzE0MTAwNDAwIiwiaXBhZGRyIjoiMTAyLjEyOS4xNTIuMjIwIiwiaXNsb29wYmFjayI6IlRydWUiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAiLCJpc3VzZXIiOiJ0cnVlIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiIsIm5iZiI6IjE3MTQwNzg4MDAiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsInNoYXJpbmdpZCI6Imw0RTRSTGlWSWsyaEJjYzdPb2F1OEEiLCJzaXRlaWQiOiJZVFUzTW1GbVpXRXRNRFk0TUMwME1HUXhMV0ptTWpZdFpUZzJZbUkzTXpVeE9UZGsiLCJzbmlkIjoiNiIsInN0cCI6InQiLCJ0dCI6IjAiLCJ2ZXIiOiJoYXNoZWRwcm9vZnRva2VuIn0.aVeK3sOsufkWVhMl-Eq84GlafYE3KUYGGK30GNz_jNk&cTag=%22c%3A%7B2F68EDC8-67B6-4346-89D2-B568CE8D4EB2%7D%2C1%22&encodeFailures=1&width=1280&height=859&srcWidth=&srcHeight= HTTP/1.1Host: southcentralus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=odbmspdfwebworker&debug=false&bypass=false HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://netorgft11294697-my.sharepoint.com/personal/damion_riverbrookcustomhomes_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom%2FNew%20Document%2Epdf&parent=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=a18a9d07-a7e7-4cde-ad96-8955cad7fab9
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fnetorgft11294697-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!6q9ypYAG0UC_JuhrtzUZffccGRFER6dPs8JCcdbGtbW2y6dBhwheTK_Q-mGeVVPd%2Fitems%2F01547BUFGI5VUC7NTHIZBYTUVVNDHI2TVS%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV0b3JnZnQxMTI5NDY5Ny1teS5zaGFyZXBvaW50LmNvbUAwNGJjYWIzNC02OGYzLTQ0YTQtOTY0ZC1jZTRhNjUyYTZkNGMiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYiLCJlbmRwb2ludHVybCI6IkFHVTdsRXZZaEk3TnFkN0UyTXk5V3ZIc2t4Y2lJdS9vTk1OWDJoWjlneUU9IiwiZW5kcG9pbnR1cmxMZW5ndGgiOiIxMjYiLCJleHAiOiIxNzE0MTAwNDAwIiwiaXBhZGRyIjoiMTAyLjEyOS4xNTIuMjIwIiwiaXNsb29wYmFjayI6IlRydWUiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAiLCJpc3VzZXIiOiJ0cnVlIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiIsIm5iZiI6IjE3MTQwNzg4MDAiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsInNoYXJpbmdpZCI6Imw0RTRSTGlWSWsyaEJjYzdPb2F1OEEiLCJzaXRlaWQiOiJZVFUzTW1GbVpXRXRNRFk0TUMwME1HUXhMV0ptTWpZdFpUZzJZbUkzTXpVeE9UZGsiLCJzbmlkIjoiNiIsInN0cCI6InQiLCJ0dCI6IjAiLCJ2ZXIiOiJoYXNoZWRwcm9vZnRva2VuIn0.aVeK3sOsufkWVhMl-Eq84GlafYE3KUYGGK30GNz_jNk&cTag=%22c%3A%7B2F68EDC8-67B6-4346-89D2-B568CE8D4EB2%7D%2C1%22 HTTP/1.1Host: southcentralus1-mediap.svc.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://netorgft11294697-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft11294697-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /transform/passthrough?provider=spo&inputFormat=pdf&cs=fFNQTw&docid=https%3A%2F%2Fnetorgft11294697-my.sharepoint.com%3A443%2F_api%2Fv2.0%2Fdrives%2Fb!6q9ypYAG0UC_JuhrtzUZffccGRFER6dPs8JCcdbGtbW2y6dBhwheTK_Q-mGeVVPd%2Fitems%2F01547BUFGI5VUC7NTHIZBYTUVVNDHI2TVS%3Fversion%3DPublished&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbmV0b3JnZnQxMTI5NDY5Ny1teS5zaGFyZXBvaW50LmNvbUAwNGJjYWIzNC02OGYzLTQ0YTQtOTY0ZC1jZTRhNjUyYTZkNGMiLCJjYWNoZWtleSI6IjBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYiLCJlbmRwb2ludHVybCI6IkFHVTdsRXZZaEk3TnFkN0UyTXk5V3ZIc2t4Y2lJdS9vTk1OWDJoWjlneUU9IiwiZW5kcG9pbnR1cmxMZW5ndGgiOiIxMjYiLCJleHAiOiIxNzE0MTAwNDAwIiwiaXBhZGRyIjoiMTAyLjEyOS4xNTIuMjIwIiwiaXNsb29wYmFjayI6IlRydWUiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAiLCJpc3VzZXIiOiJ0cnVlIiwibmFtZWlkIjoiMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiIsIm5iZiI6IjE3MTQwNzg4MDAiLCJuaWkiOiJtaWNyb3NvZnQuc2hhcmVwb2ludCIsInNoYXJpbmdpZCI6Imw0RTRSTGlWSWsyaEJjYzdPb2F1OEEiLCJzaXRlaWQiOiJZVFUzTW1GbVpXRXRNRFk0TUMwME1HUXhMV0ptTWpZdFpUZzJZbUkzTXpVeE9UZGsiLCJzbmlkIjoiNiIsInN0cCI6InQiLCJ0dCI6IjAiLCJ2ZXIiOiJoYXNoZWRwcm9vZnRva2VuIn0.aVeK3sOsufkWVhMl-Eq84GlafYE3KUYGGK30GNz_jNk&cTag=%22c%3A%7B2F68EDC8-67B6-4346-89D2-B568CE8D4EB2%7D%2C1%22 HTTP/1.1Host: southcentralus1-mediap.svc.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_api/v2.0/drive/apps?select=*%2Cpromoted%2CbuiltIn&%24expand=actions HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonAccept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://netorgft11294697-my.sharepoint.com/personal/damion_riverbrookcustomhomes_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom%2FNew%20Document%2Epdf&parent=%2Fpersonal%2Fdamion%5Friverbrookcustomhomes%5Fcom%2FDocuments%2Fnetorgft13782%2Dmy%2Esharepoint%2Ecom&ga=1Accept-Encoding: gzip, deflate, brCookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=a18a9d07-a7e7-4cde-ad96-8955cad7fab9; ai_session=MamqljbeuDgT5wpQP+xdX3|1714089576110|1714089576110; MSFPC=GUID=7b420f8af88542298ef72d2ae744eeb7&HASH=7b42&LV=202404&V=4&LU=1714089581492
Source: global traffic	HTTP traffic detected: GET /documentationsecured.html HTTP/1.1Host: pub-582bd2d04f444919a09966cc59090a26.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /documtationconstruction/bocon/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1Host: bomoorenewcombsrtrewqe.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-582bd2d04f444919a09966cc59090a26.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /documtationconstruction/bocon/8c73f62.php HTTP/1.1Host: bomoorenewcombsrtrewqe.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/damion_riverbrookcustomhomes_com/_layouts/15/AccessDenied.aspx?correlation=0a9e22a1%2D008f%2D5000%2D3c2f%2Db4052f54218d HTTP/1.1Host: netorgft11294697-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzU4Mjg2MzdjMGY1YWM3YzM4OTE2OTkxNmExYWRmMTdjNDc4ODhmOTk2NDNkN2M2NmEwNjUxYjVhYjE3OGQxNTYsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jNTgyODYzN2MwZjVhYzdjMzg5MTY5OTE2YTFhZGYxN2M0Nzg4OGY5OTY0M2Q3YzY2YTA2NTFiNWFiMTc4ZDE1NiwxMzM1ODU2MzQzODAwMDAwMDAsMCwxMzM1ODY0OTUzODY0ODA4NDQsMC4wLjAuMCwyNTgsMDRiY2FiMzQtNjhmMy00NGE0LTk2NGQtY2U0YTY1MmE2ZDRjLCwsZjg5ZDIyYTEtMzBhOC01MDAwLTNjMmYtYjVmMGIzZmE4ZjQ3LGY4OWQyMmExLTMwYTgtNTAwMC0zYzJmLWI1ZjBiM2ZhOGY0NyxsNEU0UkxpVklrMmhCY2M3T29hdThBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTE3NzEsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LFQ4NFNxL3c1Nk41NDVKU1BobDFBZXhKcWNxQzhPNGFYaXo3bDZCb0NrUVNLNGdudUhFUVBQaGhTYzBzbFluME9Mam9NRlFHcFRsYjFKK05YSnpyUzZjQjQ5dGEweU5seXpSNEJjbTVRZC91aUZWbE92L2UxOTJoVHhxWjRXZ1lPcVczM0hWTlVrM0lKakJpTkcrM3dTbWtZMjIyekpkdlVhVXVmMmEwM204bWNVTGtoTmRBeFZuTGw3aC8vejlTYkxncnB5S3lKekk4YTZWbVRrbDlGQm1tLzhoOUtUd2srK3o3NCtrWkYyM055UFdCeUlieVpvZ1ptbEpsUHNxd1Q3KzU0V0djR291OFBIYWU4VnFuOGtSeFBBZExXM1VUTGZLb2xVcVNpbmFoK3VtNE9UeDJPK25HU01DZUVWRVMvZXIxVDluZE83ODZzUXEyb1VpNG9VQT09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=a18a9d07-a7e7-4cde-ad96-8955cad7fab9; ai_session=MamqljbeuDgT5wpQP+xdX3|1714089576110|1714089576110; MSFPC=GUID=7b420f8af88542298ef72d2ae744eeb7&HASH=7b42&LV=202404&V=4&LU=1714089581492

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: url.au.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: netorgft11294697-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: southcentralus1-mediap.svc.ms
Source: global traffic	DNS traffic detected: DNS query: pub-582bd2d04f444919a09966cc59090a26.r2.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bomoorenewcombsrtrewqe.store
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714089504005&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Wed, 10 Apr 2024 23:59:10 GMTLast-Modified: Thu, 25 Apr 2024 23:59:10 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,2102272,88587,303,2097957,0,2102272X-SharePointHealthScore: 3X-Forms_Based_Auth_Required: https://netorgft11294697-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fdamion%255Friverbrookcustomhomes%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://netorgft11294697-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/damion_riverbrookcustomhomes_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: fb9d22a1-3097-5000-361b-57f71aede9b1request-id: fb9d22a1-3097-5000-361b-57f71aede9b1MS-CV: oSKd+5cwAFA2G1f3Gu3psQ.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=04bcab34-68f3-44a4-964d-ce4a652a6d4c&destinationEndpoint=Edge-Prod-MIA30r5c&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24803X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: 72B2BF42CA724ACCB9396A066A8D02BA Ref B: MIA301000105051 Ref C: 2024-04-25T23:59:10ZDate: Thu, 25 Apr 2024 23:59:09 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Wed, 10 Apr 2024 23:59:10 GMTLast-Modified: Thu, 25 Apr 2024 23:59:10 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,1051136,27,0,3394879,0,1051136X-SharePointHealthScore: 1X-Forms_Based_Auth_Required: https://netorgft11294697-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fdamion%255Friverbrookcustomhomes%255Fcom%252FDocuments%2527%26RootFolder%3d%252Fpersonal%252Fdamion%255Friverbrookcustomhomes%255Fcom%252FDocuments%252Fnetorgft13782%252Dmy%252Esharepoint%252Ecom%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://netorgft11294697-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/damion_riverbrookcustomhomes_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: fb9d22a1-f098-5000-3c2f-b33a7061b776request-id: fb9d22a1-f098-5000-3c2f-b33a7061b776MS-CV: oSKd+5jwAFA8L7M6cGG3dg.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=04bcab34-68f3-44a4-964d-ce4a652a6d4c&destinationEndpoint=Edge-Prod-MIA30r5d&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24803X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: D3633D3E8B0B416F805B4A02D652EE37 Ref B: MIA301000108017 Ref C: 2024-04-25T23:59:10ZDate: Thu, 25 Apr 2024 23:59:09 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Wed, 10 Apr 2024 23:59:10 GMTLast-Modified: Thu, 25 Apr 2024 23:59:10 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,29,508249,0,394639X-SharePointHealthScore: 2X-Forms_Based_Auth_Required: https://netorgft11294697-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fdamion%255Friverbrookcustomhomes%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://netorgft11294697-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/damion_riverbrookcustomhomes_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: fb9d22a1-70ba-5000-361b-536eaa3f2be4request-id: fb9d22a1-70ba-5000-361b-536eaa3f2be4MS-CV: oSKd+7pwAFA2G1Nuqj8r5A.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=04bcab34-68f3-44a4-964d-ce4a652a6d4c&destinationEndpoint=Edge-Prod-MIA30r5c&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24803X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: F5507FA1EAC54B99A7D42E215E1605EF Ref B: MIA301000105037 Ref C: 2024-04-25T23:59:10ZDate: Thu, 25 Apr 2024 23:59:10 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Wed, 10 Apr 2024 23:59:11 GMTLast-Modified: Thu, 25 Apr 2024 23:59:11 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,0,781628,0,221819X-SharePointHealthScore: 0X-Forms_Based_Auth_Required: https://netorgft11294697-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fdamion%255Friverbrookcustomhomes%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://netorgft11294697-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/damion_riverbrookcustomhomes_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: fb9d22a1-30e1-5000-3c2f-bbc04eb42c1arequest-id: fb9d22a1-30e1-5000-3c2f-bbc04eb42c1aMS-CV: oSKd++EwAFA8L7vATrQsGg.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=04bcab34-68f3-44a4-964d-ce4a652a6d4c&destinationEndpoint=Edge-Prod-MIA30r5d&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24803X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: B7D251381FF6408E8929FF9E51882E3F Ref B: MIA301000108045 Ref C: 2024-04-25T23:59:11ZDate: Thu, 25 Apr 2024 23:59:10 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 23:59:49 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 87a24a00489c74ba-MIA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 25 Apr 2024 23:59:51 GMTServer: ApacheContent-Length: 278Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_375.2.dr, chromecache_467.2.dr	String found in binary or memory: http://scripts.sil.org/OFLThis
Source: chromecache_436.2.dr, chromecache_362.2.dr, chromecache_541.2.dr, chromecache_578.2.dr, chromecache_619.2.dr	String found in binary or memory: http://www.contoso.com
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://1drv.com/
Source: chromecache_383.2.dr, chromecache_388.2.dr	String found in binary or memory: https://200.hc.com/the-harpercollins-200/moby-dick/
Source: chromecache_315.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_331.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
Source: chromecache_522.2.dr	String found in binary or memory: https://lists.live.com/
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://livefilestore.com/
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://media.cloudapp.net
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_444.2.dr	String found in binary or memory: https://odspwebdevdeploy.blob.core.windows.net
Source: chromecache_444.2.dr, chromecache_564.2.dr	String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_550.2.dr, chromecache_583.2.dr	String found in binary or memory: https://outlook.office.com/search
Source: chromecache_358.2.dr, chromecache_367.2.dr	String found in binary or memory: https://portal.office.com/
Source: chromecache_288.2.dr, chromecache_289.2.dr	String found in binary or memory: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.html)
Source: chromecache_300.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_281.2.dr, chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/
Source: chromecache_281.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/spwebworker.js
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-cc7da505
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-ef4794d7
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-3ff49754
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.components/fui.co-d25fe9cf
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-386588f5
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components.migration.shims/fui.lco
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components.migration/fui.lcom-97d4
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components/fui.lco-efe8d61f
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.customizable/fui.lcu-c10ae93c
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-7c2f5169
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-5819e006
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-2600836d
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-1e17100f
Source: chromecache_564.2.dr	String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-8562588b
Source: chromecache_564.2.dr	String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-12.003/
Source: chromecache_444.2.dr	String found in binary or memory: https://res.cdn.office.net/teams-js/2.0.0/js/MicrosoftTeams.min.js
Source: chromecache_444.2.dr	String found in binary or memory: https://securebroker.sharepointonline.com
Source: chromecache_564.2.dr	String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_564.2.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_564.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_353.2.dr	String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_367.2.dr	String found in binary or memory: https://substrate.office.com
Source: chromecache_383.2.dr, chromecache_388.2.dr	String found in binary or memory: https://www.littlebrown.com/titles/j-d-salinger/the-catcher-in-the-rye/9780316769488/
Source: chromecache_444.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_564.2.dr	String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_444.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_564.2.dr	String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive
Source: chromecache_383.2.dr, chromecache_388.2.dr	String found in binary or memory: https://www.peachpit.com/store/dont-make-me-think-revisited-a-common-sense-approach-9780321965516
Source: chromecache_383.2.dr, chromecache_388.2.dr	String found in binary or memory: https://www.penguinrandomhouse.com/books/196330/great-tales-and-poems-of-edgar-allan-poe-by-edgar-al
Source: chromecache_388.2.dr	String found in binary or memory: https://www.simonandschuster.com/books/The-Great-Gatsby/F-Scott-Fitzgerald/9781982146702#:~007E;007E
Source: chromecache_383.2.dr	String found in binary or memory: https://www.simonandschuster.com/books/The-Great-Gatsby/F-Scott-Fitzgerald/9781982146702#:~007E;:tex
Source: chromecache_388.2.dr	String found in binary or memory: https://www.simonandschuster.com/books/The-Sun-Also-Rises/Ernest-Hemingway/9781982199524#:~007E;007E
Source: chromecache_383.2.dr	String found in binary or memory: https://www.simonandschuster.com/books/The-Sun-Also-Rises/Ernest-Hemingway/9781982199524#:~:text=The

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901

Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49715 version: TLS 1.2

System Summary

Source: classification engine

Classification label: sus22.phis.win@18/758@35/12

Source: chromecache_289.2.dr

Initial sample: https://pub-582bd2d04f444919a09966cc59090a26.r2.dev/documentationsecured.html

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2348,i,3611515841190200981,8393978954978914487,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.au.m.mimecastprotect.com/s/ym7TCZY1GQuMp54GSzAaWK?domain=netorgft11294697-my.sharepoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2348,i,3611515841190200981,8393978954978914487,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 288			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 289
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 289			Jump to dropped file

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior