Windows Analysis Report
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm

Overview

General Information

Sample URL: https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm
Analysis ID: 1432019
Infos:

Detection

HTMLPhisher
Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish62
Phishing site detected (based on shot match)
HTML page contains hidden URLs or javascript code
Phishing site detected (based on OCR NLP Model)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Yara detected HtmlPhish62
Source: Yara match File source: 4.15.pages.csv, type: HTML
Source: Yara match File source: 4.24.pages.csv, type: HTML
Source: Yara match File source: 4.21.pages.csv, type: HTML
Source: Yara match File source: 4.18.pages.csv, type: HTML
Phishing site detected (based on shot match)
Source: https://4odq.cxnev1.ru/1L9z9v39/ Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC Matcher: Template: captcha matched
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu Matcher: Template: captcha matched
HTML page contains hidden URLs or javascript code
Source: https://4odq.cxnev1.ru/1L9z9v39/ HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://www.google.com/recaptcha/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" content="IE=edg...
Phishing site detected (based on OCR NLP Model)
Source: Chrome DOM: 1.1 ML Model on OCR Text: Matched 83.2% probability on "Payment Information Help File Home Insert Draw View Editing 19 12 Styles v Tags A Secure File Has Been Shared With You Thursday, April 25, 2024 11:14 AM THE FOLLOWING PAYMENT HAS BEEN REMITTED. Payment: Electronic Payment Date Currency Apr 25 2024 USD $87, 198 oo Amount Click below for more details on payment and invoice number Files (145KB) View Files NOTICE TO RECIPIENTS The information contained in and accompanying this communication may be confidential, subject to legal privilege, or otherwise protected from disclosure, and is intended solely for the use of the intended recipient(s). If pu are not the intended recipient of this communication, please delete and destroy all copies (including any attachments) in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. "
Source: Chrome DOM: 1.6 ML Model on OCR Text: Matched 92.9% probability on "Payment Information Guest Contributor File Home Insert Draw View Help Viewing Tell me what you want to do 19 Styles v Tags Payment Information A Secure File Has Been Shared With You P Payment Remittance A Secure File Has Been S... Thursday, April 25, 2024 11:14 AM THE FOLLOWING PAYMENT HAS BEEN REMITTED. Payment: Electronic Payment Date Currency Apr 25 2024 USD $87, 198 oo Amount Click below for more details on payment and invoice number Files (145KB) View Files NOTICE TO RECIPIENTS The information contained in and accompanying this communication may be confidential, subject to legal privilege, or otherwise protected from disclosure, and is intended solely for the use of the intended recipient(s). If pu are not the intended recipient of this communication, please delete and destroy all copies (including any attachments) in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. "
Source: https://4odq.cxnev1.ru/1L9z9v39/ HTTP Parser: No favicon
Source: https://4odq.cxnev1.ru/1L9z9v39/ HTTP Parser: No favicon
Source: https://4odq.cxnev1.ru/1L9z9v39/ HTTP Parser: No favicon
Source: https://4odq.cxnev1.ru/1L9z9v39/ HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfop HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: Binary string: d(64967);this.Le||(null!==this.nib&&(w.a.removeHandler(window.self,"scroll",this.nib),w.a.removeHandler(window.self,"resize",this.$rc),this.$rc=this.nib=null),X.la&&X.la.gB&&this.p4&&this.Bi&&X.la.gB.Kr(this.p4,this.Bi),this.hd=this.Zm=this.Bi=null,this.nXa&&this.nXa.BUd&&this.nXa.vJd(),this.nXa=null,this.Ab&&G.a.xAa(this.Ab)&&this.iz(this.vB),this.rz=this.mv=this.L$=this.v_a=this._body=this.gh=this.Gma=this.p4=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.Ab=this.Pdb=this.vB=null,L.KE=null, source: chromecache_289.2.dr
Source: Binary string: this.vB.className="WACDialogOuterContainer";this.Pdb=this.gh.createElement("div");this.Pdb.id=this.eh("WACDialogInnerContainer");this.Pdb.className="WACDialogInnerContainer";this.Ab=this.gh.createElement("div");this.Ab.id=this.eh("WACDialogPanel");this.Ab.className=X.la&&X.la.Ra.LG?"MLRVisualRefresh "+this.jFe:this.jFe;this.Pgc&&(this.Ab.className+=" FullDocumentPanel");X.i0e?this.Ab.setAttribute(P.a.Ac,P.a.Wtc):this.Ab.setAttribute(P.a.Ac,P.a.Lwd);this.Ab.setAttribute(P.a.yR,this.eh("WACDialogTitleText")); source: chromecache_289.2.dr
Source: Binary string: (this.Sf.close(),this.Sf=null)}static get instance(){return Oa.xa||(Oa.xa=new Oa(()=>f.a.instance.Aa("Common.Interface.IEditNotificationManager")))}static get rRf(){return Oa.sfb||(Oa.sfb=f.a.instance.resolve("Wonca.KickoutExecutor"))}}Oa.xa=null;Oa.sfb=null;(0,T.a)(Oa,"WordAutoSaveOperation",null,[]);class Na extends S.a{constructor(Aa,Va,sb,vb,Tb,Lb,Hb,ac,Jb,hb,ec,lc,Uc,Vb,qa,tb,Mb,Yb,Ub,nc){super();this.VU=null;this.$Ee=new F.a;this.Le=this.l5=!1;this.pDb=0;this.UU=[];this.Gjc=!1;this.JNe="";this.kOe= source: chromecache_289.2.dr
Source: Binary string: da.firstChild):this.L$.insertBefore(this.vB,this.L$.firstChild)}else this.L$.insertBefore(this.vB,this.L$.firstChild);this.vB.appendChild(this.Pdb);this.Pdb.appendChild(this.Ab);this.nib||(this.nib=this.Ksj,this.$rc=(0,k.a)(this,this.Poe,"sizeFix"),w.a.addHandler(window.self,"scroll",this.nib),w.a.addHandler(window.self,"resize",this.$rc));this.Bi=new B(this.Ab);X.la&&X.la.gB.In(this.p4,this.Bi);L.POb()&&this.Khj()}QRc(X,da){const ba=this.gh.createElement("button");this.CGa[X]=ba;ba.id=this.eh(da); source: chromecache_289.2.dr
Source: Binary string: (this.yu=f.a.instance.Aa("Box4.ITypingProcessManager"))}get E6(){return this.pDb}get jT(){return this.aWg}get V7(){return!this.jgb.kVb}K9b(Aa){this.jgb.kVb=!Aa}get lN(){return this.bY}get PBd(){return this.Mfc}Up(Aa,Va,sb){sb=void 0===sb?null:sb;const vb=new F.a;vb.add((new Date).toISOString());vb.add(Aa);vb.add(Va);sb&&vb.add(sb);Aa=vb.toArray().join("|");this.$Ee.add(String.format("[{0}]",Aa))}Lgg(){this.Up("logRetrvl","call",this.lN);return this.$Ee.toArray().join("")}w6b(Aa){this.VA.B5a(Aa,sa.b(Aa.RevisionList[0].BaseId), source: chromecache_289.2.dr
Source: Binary string: null;this.o_a=t;this.pdb=-1;this.Agc=0;this.xgc=0<t.B1.length?t.B1[0]:w.empty}moveNext(){this.pdb++;this.pdb===this.xgc.Yob?(this.my=this.o_a.pda[this.Agc++],this.pdb=this.xgc.T4a-1,this.xgc=this.Agc<this.o_a.b8a?this.o_a.B1[this.Agc]:w.empty):this.my=this.pdb<this.o_a.RY.length?this.o_a.RY[this.pdb]:null;return!!this.current}reset(){this.pdb=-1;this.Agc=0;this.my=null;this.xgc=0<this.o_a.B1.length?this.o_a.B1[0]:w.empty}get current(){return this.my}$u(){throw Error.notImplemented();}}(0,T.a)(F,"TableRowOrCellMixedContextIterator", source: chromecache_289.2.dr
Source: Binary string: if(0<(this.enabled&1)){if(!Aa)return this.jT.event(-4),!1;if(this.wn())return this.pDb=Va,Aa=this.MSd(),this.jT.event(Aa?8:-3),!Aa}if(!Aa)return this.pDb=Va,this.jT.event(-1),!1;if(0<(this.enabled&2)&&this.Qqi()){if(!this.a5a())return this.jT.event(-1),!1;Aa=this.MSd();this.jT.event(Aa?7:-3);return!Aa}this.sq.$W();this.jT.event(-2);return!1}get eYd(){return!this.wn()&&(!this.aB||""===this.aB)}WEf(){return this.sq.LBa()}hTd(){let Aa;Aa=this.pDb;if(this.hvc&&this.V7&&this.elb&&this.eH){const Va=this.eH.fve()? source: chromecache_289.2.dr
Source: Binary string: null}vxc(a,c){this.pii();var n=Object.assign(new dg,{wf:a.wf});n=new HE.a(n,this.PDb,null);n.dataSource=a.dataSource;if(!n.S7e(a.NKc,null))throw Error.create("Jewel could not be built");if(a=n.Xy)a.Dr=c,a.ARc();return a}pii(){this.PDb=cd.a.createElement("div");this.PDb.id="jewelcontainer";this.PDb.className="cui-jewel-container";this.PDb.style.display="block"}}(0,S.a)(VC,"LegacyFileMenuFactory",null,[1147]);class ju{constructor(a,c,n){this.Tac=a;this.WLe=this.Tac.qCa;this.sOc=d.a.instance.Aa("Common.IOfficeTrialExperience"); source: chromecache_306.2.dr
Source: Binary string: appChrome.api.dispatch(Q));return 32};u.AFrameworkApplication.sa.na(Pa.a.oca,Zb.a.frame,this.Qdj)}k0d(){appChrome.api.dispatch(appChrome.actions.updateFileMenuExpandedValue(!0))}GW(){}ARc(){}LGd(){}}(0,S.a)(zf,"ReactFileMenu",null,[1068]);class fA{vxc(){const a=new zf,c=[];c.push(appChrome.actions.updateFileMenuExpandedValue(!1));c.push(appChrome.actions.updateFileMenuDisabledValue(!1));appChrome.api.dispatch(c);return a}}(0,S.a)(fA,"ReactFileMenuFactory",null,[1147]);var HE=V(24363);class VC{constructor(){this.PDb= source: chromecache_306.2.dr
Source: Binary string: void 0===aa?!1:aa;super(document.createElement("div"));this.Pgc=this._id=null;this.jFe="WACDialogPanel";this.Mlc=this.L$=this.v_a=this._body=this.Gma=this.p4=this.rl=this.Ab=this.Pdb=this.vB=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.$rc=this.nib=this.nXa=this.Bi=this.hd=this.Zm=this.Vs=this.n0=this.SD=this.Xwa=null;this.xmc="OK";this.Hma="Cancel";this.iDe="Close";this.Xsd="Yes";this.Wid="No";this.$Ue="Retry";this.USe="Permanently Delete";this.qWe="Share and notify";this.Acb="Action";this.chb= source: chromecache_289.2.dr
Source: Binary string: "HandleVisibilityChange IsAppHidden {0}, ReplicatedWhileHidden {1}",2===Va.newState,this.eUc),2!==Va.newState&&this.eUc&&(this.eUc=!1,this.sq.yqf(),this.qY.NW()))}$og(){return B.AFrameworkApplication.$.getBooleanFeatureGate("Microsoft.Office.OneNoteOnline.ONOReplicateEarlyWhenVisibleAgain",!1)}get Icc(){return this.wsd}set Icc(Aa){this.wsd=Aa}b5a(){this.pDb=K.AReplicationScheduler.WNc;if(this.pc&&2===this.pc.status)return this.jT.event(-3),!0;if(this.Le||this.l5)return this.jT.event(1),!1;if(this.NBe&& source: chromecache_289.2.dr
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 23.213.224.106
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm HTTP/1.1Host: usigroups-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc=%7B4275c7cd-9559-49b5-9e00-8913e67b2426%7D&action=default&slrid=72b922a1-606a-5000-1e3f-a1efd5f66a0e&originalPath=aHR0cHM6Ly91c2lncm91cHMtbXkuc2hhcmVwb2ludC5jb20vOm86L3AvanMvRXMzSGRVSlpsYlZKbmdDSkUtWjdKQ1lCVVRadmQxWkNNUXdaaGhsUW95X2hEdz9ydGltZT1femwzd01abDNFZw&cid=1ce6514f-d17e-4450-a36c-695e66f4f888&_SRM=0:G:105 HTTP/1.1Host: usigroups-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2UzZTQyMjNiNWUyYzNhMzg2N2RhNWE3NjVjYjI0ZDQ1Yjk5ZjlmMTllZWViNTNlYTA4ZTgzNGQ3ODZiZTBiM2QsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTNlNDIyM2I1ZTJjM2EzODY3ZGE1YTc2NWNiMjRkNDViOTlmOWYxOWVlZWI1M2VhMDhlODM0ZDc4NmJlMGIzZCwxMzM1ODU5MjI0ODAwMDAwMDAsMCwxMzM1ODY3ODM0ODY1ODA3NzcsMC4wLjAuMCwyNTgsOWY1YWU1ZTAtZjQ2OC00NGMyLThiYWEtZTZlN2JjMzZjNzEwLCwsNzJiOTIyYTEtNjA2YS01MDAwLTFlM2YtYTFlZmQ1ZjY2YTBlLDcyYjkyMmExLTYwNmEtNTAwMC0xZTNmLWExZWZkNWY2NmEwZSw4dmZuak5wRUQwYWxOc2RkRlZ5Tzd3LDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTMzMDYsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LE83Z1N1Wi9VQ2FKVEs5a2oyZjdVbzQ1S3E2K0dYb3RYazA2QTc4cXIzbmU4VUN1R1Z1S3JxaWVhT2p5RGhRNE1kMU9MVEQzem8vMjRPMis2UU0vTlpLK281WmJRQXVGOVdKK2xaRGVUd1FLOEFrSEk3SGRLcnplNmNtTVd4YytXbnArdkd0bmFoSUdsQlpSU1ZQYzlUcWR4Q3BlSUMxeDVTOURkUjM1QzB3QlhTRXEwT3FrOVMyWGJ5YnRXdmJMeURib0JjWjRQbm0wd21IV21kVjBOWmV4MDlVOXc0RXZCaEdHdGxvdG83TVNXRjYycExKQ09nZllZOHFLaGVZR1RTNk9oTmRrYWxnUXFzVzlQa0oyYkdXYWVneUtsY21HRUJoRHlLckpTUkU1QVRZR2p2cjJMR3E0WkRDSlRzYjU5c29PVUpPbjFUbmIzOG8wYUdEa1Fldz09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.slim.904b646243df598ab119.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise/owl/onenote-boot.9b8b959024767cc8e6ba.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic HTTP traffic detected: GET /o/OneNote.ashx HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-4275C7CD-9559-49B5-9E00-8913E67B2426&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fOrgIdSiteUrl: https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcomsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS6Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=educationuser&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-4275C7CD-9559-49B5-9E00-8913E67B2426&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fOrgIdSiteUrl: https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcomsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS6Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-4275C7CD-9559-49B5-9E00-8913E67B2426&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fOrgIdSiteUrl: https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcomsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS6Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2
Source: global traffic HTTP traffic detected: GET /o/OneNoteS2SHandler.ashx?action=eduproperties&notebookid=1-4275C7CD-9559-49B5-9E00-8913E67B2426&isteacher=false&isstudent=false&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncX-Requested-With: XMLHttpRequestX-xhr: 1sec-ch-ua-platform: "Windows"haep: 3X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fOrgIdSiteUrl: https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcomsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-UserType: WOPIX-IsCoauthSession: trueX-WacCluster: PUS6Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2
Source: global traffic HTTP traffic detected: GET /afhs/CloudPolicySettings.ashx HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-WacFrontEnd: SN3PEPF000091BAX-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncx-OcpsIsEnabled: trueX-Requested-With: XMLHttpRequestX-xhr: 1x-CacheIsEnabled: falsex-LicensingAADIdIsEnabled: falsesec-ch-ua-platform: "Windows"haep: 3X-AccessToken: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9.eyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9.ePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC-lGpxzBDH9_YJe9eXoQ3MIJgGNGZp5_8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx_uD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k_Y8zjLO-AXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP_kPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBgX-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fX-AccessTokenTtl: 1714154349045sec-ch-ua-mobile: ?0x-UserDataSignature: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdFNEUzOEQ5QjM4RkExRDgxQTMzOEJBNTQxNzNFM0Y5OTE2OEREQzQiLCJ4NXQiOiJmazQ0MmJPUG9kZ2FNNHVsUVhQai1aRm8zY1EiLCJ0eXAiOiJKV1QifQ.eyJVUE4iOiJ1cm46c3BvOmFub24jZTNlNDIyM2I1ZTJjM2EzODY3ZGE1YTc2NWNiMjRkNDViOTlmOWYxOWVlZWI1M2VhMDhlODM0ZDc4NmJlMGIzZCIsIlBVSUQiOiIiLCJUZW5hbnRJZCI6IjlmNWFlNWUwLWY0NjgtNDRjMi04YmFhLWU2ZTdiYzM2YzcxMCIsIkZpbGVUZW5hbnRJZCI6IiIsIklzQ29uc3VtZXJVc2VyIjoiRmFsc2UiLCJJc0Fub255bW91c1VzZXIiOiJUcnVlIiwiSG9zdEVuYWJsZWRGZWF0dXJlcyI6IltdIiwiSXNPMzY1Q29uc3VtZXJIb3N0IjoiRmFsc2UiLCJJc08zNjVDb21tZXJjaWFsSG9zdCI6IlRydWUiLCJVc2VyT2JqZWN0SWQiOiIiLCJMb2NhbFN0b3JhZ2VLZXkiOiI5M0FLZHlZYzd6YnNOQ1BKajJza2VBTEx4SlVaU0ZSSXJUUnBSTWFMRzMwPSIsImF1ZCI6IldBQ0FGSFMiLCJuYmYiOjE3MTQxMTgzNTEsImV4cCI6MTcxNDExOTY3MSwiaWF0IjoxNzE0MTE4MzUxLCJpc3MiOiJXQUMifQ.p4jmKCoeMNJjjXbI1cD4OVWDb2GgdalisqrBXA6RrYPTQBTb_oKbaky8tRt9ftRveCCV2Gd4H9jTqVhXl_26-JaqUXbi4LrnCk5YfM68SQZ7ma6GdSPLbEhK4kTIDnbv9rNIEenulJtTWPdDTPRkda5VMlKiDo
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.handlers.27d51fd227a601990590.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/App_Scripts/Acl/Acl1033.js HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=d19e0541-59c5-9a5e-8e10-18de22c9153f&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&readonly=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtectedAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D
Source: global traffic HTTP traffic detected: GET /afhs/CloudPolicySettings.ashx HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de
Source: global traffic HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&build=16.0.17601.41008&waccluster=PUS6 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de
Source: global traffic HTTP traffic detected: GET /files/fabric-cdn-prod_20240129.001/assets/icons/fabric-icons-a13498cf.woff HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://usc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-US&WOPIsrc=https%3A%2F%2Fusigroups%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Fjs%5Fusigroups%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkRhREFmalFRbXB5T1h4MlJyS19XNWx2b0xaNCJ9%2EeyJhdWQiOiJ3b3BpL3VzaWdyb3Vwcy1teS5zaGFyZXBvaW50LmNvbUA5ZjVhZTVlMC1mNDY4LTQ0YzItOGJhYS1lNmU3YmMzNmM3MTAiLCJpc3MiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAOTAxNDAxMjItODUxNi0xMWUxLThlZmYtNDkzMDQ5MjQwMTliIiwibmJmIjoiMTcxNDExODM0OSIsImV4cCI6IjE3MTQxNTQzNDkiLCJuYW1laWQiOiIwIy5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwibmlpIjoibWljcm9zb2Z0LnNoYXJlcG9pbnQiLCJpc3VzZXIiOiJ0cnVlIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiNlM2U0MjIzYjVlMmMzYTM4NjdkYTVhNzY1Y2IyNGQ0NWI5OWY5ZjE5ZWVlYjUzZWEwOGU4MzRkNzg2YmUwYjNkIiwic2hhcmluZ2lkIjoiOHZmbmpOcEVEMGFsTnNkZEZWeU83dyIsImlzbG9vcGJhY2siOiJUcnVlIiwiYXBwY3R4IjoiNDI3NWM3Y2Q5NTU5NDliNTllMDA4OTEzZTY3YjI0MjY7c1ZtbkxOWURWd2dubCtuUXVkQXBEeVdvMkdjPTtEZWZhdWx0OzVjZWViOGY3NDc1OTQ5ZjJhOGM3YThlODQ3YmRmYWMyOztUcnVlOzs7NTEyOzcyYjkyMmExLTUwOGQtNTAwMC0xZTNmLWFiOWZjMmJhOTc1ZSIsImZpZCI6IjE5MzMwNiJ9%2EePS3sOzS493VKhzLhTVvLpZO116QM2mYnfdRC%2DlGpxzBDH9%5FYJe9eXoQ3MIJgGNGZp5%5F8TcOZEr15P4Pk9mgKPCwE7CMq1RYtBsbRwUv9rHGMrcs5qQl1eR7DrAnof1hHaHtbZ0b55Cyjb6Nnfh0xymyWvjTqJ1exVPobvfSPUnuxEjLaaLLkv9muiYzVNqWhQRx%5FuD2RA7fUkT1ewDaUGa43dC2zN3y1tEpFDPrJjR83Ot3WdRqh1IGKH8uc9FE4VdI8k%5FY8zjLO%2DAXbtnFCEqMMfIBFQV1dK6GIUAwWeti0adP%5FkPPsz3XCUmB9yDFmG6Jt31iyv47vycxWbiBBg&access_token_ttl=1714154349045 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"haep: 3X-WacFrontEnd: SN3PEPF000091BAX-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fsec-ch-ua-mobile: ?0X-OfficeVersion: 16.0.17601.41008X-Key: n6IDxhd6wnn64lDiT/v29/IwfRsPGkZ9Q2pSUeWOyWY=;mFis2L6vMsBNOxnijIg4A5JcpQZjdzxFJ7ALVqUl65I=,638497151517007624X-WacUserAgent: MSWACONSyncUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Requested-With: XMLHttpRequestX-UserType: WOPIX-xhr: 1X-IsCoauthSession: trueX-WacCluster: PUS6sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=
Source: global traffic HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://usc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell HTTP/1.1Host: amcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://usc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://usc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /officeaddins/RemoteUls.ashx HTTP/1.1Host: www.onenote.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de; PUS9-ARRAffinity=ced079449095b2f8730f0411e34b3fe9a83a7283597ce6ca7087d95cbdd29929; MicrosoftApplicationsTelemetryDeviceId=3fe0b053-f595-48a0-bf8a-ccabe1078356
Source: global traffic HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&build=20240424.1 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/AppSettingsHandler.ashx?app=OneNote&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&build=20240424.1 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de; PUS9-ARRAffinity=ced079449095b2f8730f0411e34b3fe9a83a7283597ce6ca7087d95cbdd29929; MicrosoftApplicationsTelemetryDeviceId=3fe0b053-f595-48a0-bf8a-ccabe1078356
Source: global traffic HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PUS3-ARRAffinity=c2b15893418d6fcf7b43568bf311dd6186fe02d8d96455beabbe7d072166f72d
Source: global traffic HTTP traffic detected: GET /admincenter/admin-main/2024.4.18.3/floodgate.en.bundle.js HTTP/1.1Host: res.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /1L9z9v39/ HTTP/1.1Host: 4odq.cxnev1.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/msit/10/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 4odq.cxnev1.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://4odq.cxnev1.ru/1L9z9v39/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InFNR1c0ZU5jUjJqZkRoa3NtcU1jaXc9PSIsInZhbHVlIjoia2hKZ2JIWXVkaGF3VzZsbFBuVS9sOTRJdVdEY3BsclFYdVVTMGI4RnlXSUJVOUhSMEN1SnNCTUlKdTNBemxrVVlEOFFVMEdTNm5vMjlmbjNDVXErYWcvQ1VtdEFzN3pOY3hWUkdETWRGb2QxbEpPdzhLMFZNQURqc0E5WTB6YnMiLCJtYWMiOiIxZDFhYjFlYjA3NTNkYzhlYmEyYmIzMWYyNDFmY2VjOWNiMmFiOGVkN2Q2NjAwZDUzNzA1MDc4NGExMDYzMDkxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhrZjdLYW93U2E3akpXYXc2REdBSmc9PSIsInZhbHVlIjoiaFQ5UVVJZnc3a0UwbVVyMHR1cElRKzlsUUEybGRNajgrelJQV3kyN01CYmVzSmYwazlIK2NMMXVYK2J6WUxnY1lKc0VsUTFtdHZVQkRyUUcvd2Y1RE14WDl2NjVQSXdmS0J5c211Z0UwcXJmSWxzcWRFVWNVZjYrVEtxaHEyS1YiLCJtYWMiOiJmNTRjMDkzMWM2YTZmYTczMDFjN2ZjZWFhOTA5NDkyMTNmZTYwN2NlMGRkNjYyMWNhYTVmZGQ2YmJhNzc5N2Q2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/msit/10/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB HTTP/1.1Host: yo5.6gniu68.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://4odq.cxnev1.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/msit/100/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/msit/100/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB HTTP/1.1Host: yo5.6gniu68.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.ab1050286d8e7e0c7bc0.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/RemoteTelemetry.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&build=16.0.17601.41008&waccluster=PUS6 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de; PUS9-ARRAffinity=ced079449095b2f8730f0411e34b3fe9a83a7283597ce6ca7087d95cbdd29929; MicrosoftApplicationsTelemetryDeviceId=3fe0b053-f595-48a0-bf8a-ccabe1078356
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.slim.9fbed861128f4d4b51ef.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfop HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise/owl/onenote-boot.54b073a3a339f2b9cd42.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfopAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfopAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.onenote.35d48d34e42016447de5.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.onenote.slim.069109c7fede470e418e.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/RemoteUls.ashx?build=16.0.17601.41008&waccluster=PUS6&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de; PUS9-ARRAffinity=ced079449095b2f8730f0411e34b3fe9a83a7283597ce6ca7087d95cbdd29929; MicrosoftApplicationsTelemetryDeviceId=3fe0b053-f595-48a0-bf8a-ccabe1078356
Source: global traffic HTTP traffic detected: GET /1L9z9v39/ HTTP/1.1Host: 4odq.cxnev1.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InFNR1c0ZU5jUjJqZkRoa3NtcU1jaXc9PSIsInZhbHVlIjoia2hKZ2JIWXVkaGF3VzZsbFBuVS9sOTRJdVdEY3BsclFYdVVTMGI4RnlXSUJVOUhSMEN1SnNCTUlKdTNBemxrVVlEOFFVMEdTNm5vMjlmbjNDVXErYWcvQ1VtdEFzN3pOY3hWUkdETWRGb2QxbEpPdzhLMFZNQURqc0E5WTB6YnMiLCJtYWMiOiIxZDFhYjFlYjA3NTNkYzhlYmEyYmIzMWYyNDFmY2VjOWNiMmFiOGVkN2Q2NjAwZDUzNzA1MDc4NGExMDYzMDkxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhrZjdLYW93U2E3akpXYXc2REdBSmc9PSIsInZhbHVlIjoiaFQ5UVVJZnc3a0UwbVVyMHR1cElRKzlsUUEybGRNajgrelJQV3kyN01CYmVzSmYwazlIK2NMMXVYK2J6WUxnY1lKc0VsUTFtdHZVQkRyUUcvd2Y1RE14WDl2NjVQSXdmS0J5c211Z0UwcXJmSWxzcWRFVWNVZjYrVEtxaHEyS1YiLCJtYWMiOiJmNTRjMDkzMWM2YTZmYTczMDFjN2ZjZWFhOTA5NDkyMTNmZTYwN2NlMGRkNjYyMWNhYTVmZGQ2YmJhNzc5N2Q2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wgwecuyrjynbdoiaykpnbvmnXYETVYOLWICJNNPRMAYLKOONDAVSTN HTTP/1.1Host: fdexa.nhol.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://4odq.cxnev1.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wgwecuyrjynbdoiaykpnbvmnXYETVYOLWICJNNPRMAYLKOONDAVSTN HTTP/1.1Host: fdexa.nhol.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js?render=explicit HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /1L9z9v39/ HTTP/1.1Host: 4odq.cxnev1.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikw5MkRiK0x2ZDg1UW1ha2xmb1BSRUE9PSIsInZhbHVlIjoiTmE2Q0ZBVTBvbTJHUEJCMVduNWx4UG1CZmg4Um5GeXNlWHIrRGNDcmZvNGZwRll0V0d1N1A3RDBUUFhzQ3J4SW9neGRGdTNnSWtFUThRdWFFVWxSa05HNDI4QVQwaE84YnJEVSs5NW9wU1Y0TzBrSGFjNGRtMk5XclJnOU1GTVAiLCJtYWMiOiJiYjdhYWE5ZDJiMTljNzJkYWI3NzdhZTQxODRmYWJhYjZlN2M5M2VmZDk1NzRmYzkyYmYwYmVmNWZkMDg4ZjZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imp3Ky9MalFsZlpzdUErL29pczA5SFE9PSIsInZhbHVlIjoiRXlodTFXUW91UU1JdlVvek9uRDY2RGZMN21KWTBVVE5jYmx5MDhQTGJ5eVRHYkRuNVpIQmRqM0dFZlhrNnJBSmk5T3pldElpNUYxb0dPM1E1c3dPSEtjN0c0OWQ1VnVSV0ZKanBnUXh1Nlc1RnJVSUREOWROUnNjVStnQkRHVk8iLCJtYWMiOiJmM2M5YjE5YzIyYjZkODZmMjZlYzQyZDJmNDk3MWRjN2NlOTExMGVkOTcxZDcyNDk1YTljNDQ1MmE2MmM1MWQ1IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /SUVzboZNwimQDAeQjTbBsnxxfTAjvAelcAHJQEVAPOHTVABUGSGQZJDIRYQLFYZOZDQHIECNULIQVSPL HTTP/1.1Host: fnfi.kewtdz.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://4odq.cxnev1.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/1/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SUVzboZNwimQDAeQjTbBsnxxfTAjvAelcAHJQEVAPOHTVABUGSGQZJDIRYQLFYZOZDQHIECNULIQVSPL HTTP/1.1Host: fnfi.kewtdz.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrguAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://4odq.cxnev1.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/10/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/1/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /o/OneNote.ashx?perfTag=GetChanges_2 HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; PrivNote=-1; WacUPToggleState=%7B%22CCS%22%3A0%7D; PUS6-ARRAffinity=cef501cb080d3b02baa5afd04addeaae023ae53b0262f256a03a16339d1987de; PUS9-ARRAffinity=ced079449095b2f8730f0411e34b3fe9a83a7283597ce6ca7087d95cbdd29929; MicrosoftApplicationsTelemetryDeviceId=3fe0b053-f595-48a0-bf8a-ccabe1078356
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/10/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/50/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/50/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wise/owl/owl.35819d8f570fa23cdb95.js HTTP/1.1Host: wise.public.cdn.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://usigroups-my.sharepoint.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/reload?k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PBd4T67RtdaI0mdEL_uu8eNgF12ZP6FP7kis4OG7eqb8-huCUxW2Qj58opj1xX0P5uOm7oXCy7lgA3H6g; AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/100/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA7MmaaXs6MoyMD0u-3j4jqR4mQ6pB-5cQII2R4wVQ0vHzppYhvDZKreLSkB4OwOV-5pOFNqTd6iJxdKG_MYtUqBMj3wZ-tBh-9F5I2bvJN9LY6Mwih7HGi6O154fIZZt0SqnIYLIPXudwwQ1ZDCUWJJ6rPXRJhkkAWRxcM_cIKsXcw9jzjy-POTft2040Slxkv8vdNv&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYCAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PBd4T67RtdaI0mdEL_uu8eNgF12ZP6FP7kis4OG7eqb8-huCUxW2Qj58opj1xX0P5uOm7oXCy7lgA3H6g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic HTTP traffic detected: GET /wise-m/owl/5mttl/production/100/manifest.json HTTP/1.1Host: wise-m.public.cdn.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA7MmaaXs6MoyMD0u-3j4jqR4mQ6pB-5cQII2R4wVQ0vHzppYhvDZKreLSkB4OwOV-5pOFNqTd6iJxdKG_MYtUqBMj3wZ-tBh-9F5I2bvJN9LY6Mwih7HGi6O154fIZZt0SqnIYLIPXudwwQ1ZDCUWJJ6rPXRJhkkAWRxcM_cIKsXcw9jzjy-POTft2040Slxkv8vdNv&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AEdsM9PBd4T67RtdaI0mdEL_uu8eNgF12ZP6FP7kis4OG7eqb8-huCUxW2Qj58opj1xX0P5uOm7oXCy7lgA3H6g; AEC=AQTF6HwHZem5vFin2CELHBujibfR_VKBhw-RxHuZ4iQNcAs6IR83VDOu_g; NID=513=DBYhgSCOZ75WC-YsllQZVMclfTH8MQkjyHSS5lJt-QpKNQehD1ai0JBLumK5auikQxpaPqxdnAM4hyzB56wkpAdWKtsTNJusUOaVu3z1AKzGvbqpHhqnZdaItcVM1WlZiS5_nxXP4HzBXtL9wGt-QDp5I3VwJ5JFALrtCSjXIjg
Source: global traffic DNS traffic detected: DNS query: usigroups-my.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: common.online.office.com
Source: global traffic DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic DNS traffic detected: DNS query: www.onenote.com
Source: global traffic DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: storage.live.com
Source: global traffic DNS traffic detected: DNS query: augloop.office.com
Source: global traffic DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic DNS traffic detected: DNS query: 4odq.cxnev1.ru
Source: global traffic DNS traffic detected: DNS query: yo5.6gniu68.ru
Source: global traffic DNS traffic detected: DNS query: fdexa.nhol.ru
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: fnfi.kewtdz.ru
Source: unknown HTTP traffic detected: POST /o/RemoteTelemetry.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f HTTP/1.1Host: usc-onenote.officeapps.live.comConnection: keep-aliveContent-Length: 112sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://usigroups-my.sharepoint.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://usigroups-my.sharepoint.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 0bba1ea8-378f-4304-aef2-02094beb4d0bX-UserSessionId: 0bba1ea8-378f-4304-aef2-02094beb4d0bStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: BN3PEPF00001F6EX-OfficeVersion: 16.0.17601.41008X-OfficeCluster: PUS3X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: BN3PEPF00001F6EX-WacFrontEnd: BN3PEPF00001F6EX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: 639882CCF4E84CDEBFDAAC8E8382FD3E Ref B: MIA301000103033 Ref C: 2024-04-26T07:59:18ZDate: Fri, 26 Apr 2024 07:59:18 GMTConnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: privateContent-Length: 1233Content-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: c0e19c08-b3cd-4961-9baa-aa925086a8a5X-UserSessionId: d19e0541-59c5-9a5e-8e10-18de22c9153fStrict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: SN3PEPF000091BBX-OfficeVersion: 16.0.17601.41008X-OfficeCluster: PUS6X-Partitioning-Enabled: trueX-OFFICEFD: SN3PEPF000091BBX-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: A299CEFBAF974D1DBEE7368E92D5D7BF Ref B: MIA301000107009 Ref C: 2024-04-26T07:59:30ZDate: Fri, 26 Apr 2024 07:59:30 GMTConnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 07:59:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8leWyCPTd8K5pn6oE%2BMrpXe1aGhX6mBu20QWHwceKBGO5XOdpESEcGUsgDTfkSypRl0LYA6g0%2F%2F9MjqIzU4THRMsEJurIxeq7%2BqkcLFL0xh9BSAc9dyr2l6EukeNtw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 87a5092e19520699-MIA
Source: global traffic HTTP traffic detected: HTTP/1.1 503 Service UnavailableCache-Control: privateTransfer-Encoding: chunkedContent-Type: text/htmlP3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"Set-Cookie: X-CorrelationId: 1d6b1a27-85c9-416c-a4c8-237b2e844ee1X-UserSessionId: 1d6b1a27-85c9-416c-a4c8-237b2e844ee1Strict-Transport-Security: max-age=31536000Timing-Allow-Origin: *X-OfficeFE: BL6PEPF0001A286X-OfficeVersion: 16.0.17601.41008X-OfficeCluster: PUS13X-Partitioning-Enabled: trueX-Content-Type-Options: nosniffX-Download-Options: noopenContent-Disposition: attachmentX-OFFICEFD: BL6PEPF0001A286X-WacFrontEnd: BL6PEPF0001A286X-Cache: CONFIG_NOCACHEX-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetestX-MSEdge-Features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetestX-MSEdge-Ref: Ref A: B3735FB36BD74DC29875C4221C6D9FD5 Ref B: MIA301000107045 Ref C: 2024-04-26T08:00:24ZDate: Fri, 26 Apr 2024 08:00:24 GMTConnection: close
Source: chromecache_332.2.dr, chromecache_304.2.dr String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_249.2.dr String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_289.2.dr String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: chromecache_332.2.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_289.2.dr String found in binary or memory: https://1drv.ms
Source: chromecache_255.2.dr String found in binary or memory: https://FNFI.kewtdz.ru/SUVzboZNwimQDAeQjTbBsnxxfTAjvAelcAHJQEVAPOHTVABUGSGQZJDIRYQLFYZOZDQHIECNULIQV
Source: chromecache_243.2.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.0.min.js
Source: chromecache_317.2.dr String found in binary or memory: https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
Source: chromecache_317.2.dr String found in binary or memory: https://aka.ms/OfficeAddinOverview
Source: chromecache_317.2.dr String found in binary or memory: https://aka.ms/Officeaddins
Source: chromecache_317.2.dr String found in binary or memory: https://api.addins.omex.office.net/
Source: chromecache_306.2.dr String found in binary or memory: https://apps.apple.com/in/app/microsoft-onenote/id410395246
Source: chromecache_289.2.dr String found in binary or memory: https://attributes.engagement.office-int.com
Source: chromecache_289.2.dr String found in binary or memory: https://attributes.engagement.office.com
Source: chromecache_289.2.dr String found in binary or memory: https://attributes.engagement.officeppe.com
Source: chromecache_317.2.dr String found in binary or memory: https://augloop-int.officeppe.com/v2
Source: chromecache_317.2.dr String found in binary or memory: https://augloop.office.com/v2
Source: chromecache_317.2.dr String found in binary or memory: https://catalogapi.azure.com/
Source: chromecache_306.2.dr String found in binary or memory: https://cdn.hubblecontent.msit.osi.office.net
Source: chromecache_306.2.dr String found in binary or memory: https://cdn.hubblecontent.osi.office.net
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/BrowserUls.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/CommonDiagnostics.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/ExternalResources/js-cookie.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/Instrumentation.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/LearningTools/LearningTools.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/aria-web-telemetry-2.9.0.min.js
Source: chromecache_243.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161762240456_Scripts/pickadate.min.js
Source: chromecache_358.2.dr, chromecache_242.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details16x16.png
Source: chromecache_358.2.dr, chromecache_242.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details32x32.png
Source: chromecache_358.2.dr, chromecache_242.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details48x48.png
Source: chromecache_358.2.dr, chromecache_242.2.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/images/meetings/insert_outlook_meeting_details80x80.png
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_317.2.dr String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: chromecache_289.2.dr String found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: chromecache_289.2.dr String found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_289.2.dr String found in binary or memory: https://ecs.office.com
Source: chromecache_306.2.dr String found in binary or memory: https://edog.onenote.com
Source: chromecache_289.2.dr String found in binary or memory: https://fa000000096.resources.office.net
Source: chromecache_289.2.dr String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
Source: chromecache_289.2.dr String found in binary or memory: https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
Source: chromecache_289.2.dr String found in binary or memory: https://feross.org
Source: chromecache_289.2.dr String found in binary or memory: https://feross.org/opensource
Source: chromecache_317.2.dr String found in binary or memory: https://forms.office.com
Source: chromecache_317.2.dr String found in binary or memory: https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
Source: chromecache_317.2.dr String found in binary or memory: https://forms.officeppe.com
Source: chromecache_369.2.dr, chromecache_260.2.dr String found in binary or memory: https://github.com/OfficeDev/office-js/blob/release/LICENSE.md
Source: chromecache_256.2.dr String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_306.2.dr String found in binary or memory: https://hedwigtestserver.blob.core.windows.net/builds/
Source: chromecache_317.2.dr String found in binary or memory: https://inclient.store.office.com/gyro/clientstore/flyoutdetails/
Source: chromecache_267.2.dr String found in binary or memory: https://localcdn.centro-dev.com:5555/floodgate.bundle.js.map
Source: chromecache_289.2.dr String found in binary or memory: https://mths.be/punycode
Source: chromecache_289.2.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_317.2.dr String found in binary or memory: https://office.visualstudio.com/DefaultCollection/OC/_wiki/wikis/OC.wiki/22688/Using-Dictation-on-yo
Source: chromecache_306.2.dr String found in binary or memory: https://osizewuspersimmon001.blob.core.windows.net
Source: chromecache_306.2.dr String found in binary or memory: https://osiziwuspersimmon002.blob.core.windows.net
Source: chromecache_306.2.dr String found in binary or memory: https://osizpscuspersimmon000.blob.core.windows.net
Source: chromecache_286.2.dr String found in binary or memory: https://pf.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_202.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_369.2.dr, chromecache_260.2.dr, chromecache_339.2.dr String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_304.2.dr String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_202.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_206.2.dr String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.4.18.3/
Source: chromecache_206.2.dr String found in binary or memory: https://res.cdn.office.net/admincenter/admin-main/2024.4.18.3/floodgate.en.bundle.js
Source: chromecache_317.2.dr String found in binary or memory: https://substrate.office.com/search/api/v1/suggestions
Source: chromecache_202.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_289.2.dr String found in binary or memory: https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
Source: chromecache_306.2.dr String found in binary or memory: https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
Source: chromecache_286.2.dr String found in binary or memory: https://tb.events.data.cloudapp.onecollector.akadns.net/OneCollector/1.0/
Source: chromecache_255.2.dr String found in binary or memory: https://twitter.com
Source: chromecache_306.2.dr String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/
Source: chromecache_306.2.dr String found in binary or memory: https://uci.edog.cdn.office.net/mirrored/smartlookup/
Source: chromecache_306.2.dr String found in binary or memory: https://uciserviceintcdnwus.blob.core.windows.net/mirrored/smartlookup/
Source: chromecache_261.2.dr, chromecache_225.2.dr String found in binary or memory: https://usc-onenote.officeapps.live.com/o/RemoteUls.ashx
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_268.2.dr, chromecache_287.2.dr, chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_328.2.dr, chromecache_295.2.dr, chromecache_202.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_268.2.dr, chromecache_287.2.dr, chromecache_296.2.dr, chromecache_209.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: chromecache_286.2.dr String found in binary or memory: https://www.office.com/launch
Source: chromecache_306.2.dr String found in binary or memory: https://www.onenote.com
Source: chromecache_317.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/mathassistant
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=af-ZA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=am-ET&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ar-SA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=as-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=be-BY&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bg-BG&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-BD&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bn-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=bs-Latn-BA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=cy-GB&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=da-DK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=de-DE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=el-GR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=en-US&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=es-ES&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=et-EE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=eu-ES&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fa-IR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fi-FI&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fil-PH&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=fr-FR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ga-IE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gd-GB&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gl-ES&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=gu-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=he-IL&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hi-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hr-HR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hu-HU&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=hy-AM&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=id-ID&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ig-NG&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=is-IS&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=it-IT&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ja-JP&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ka-GE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=km-KH&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kn-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ko-KR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=kok-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ku-Arab-IQ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ky-KG&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lb-LU&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lt-LT&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=lv-LV&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mk-MK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ml-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mn-MN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mr-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ms-MY&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=mt-MT&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nb-NO&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ne-NP&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nl-NL&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nn-NO&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=nso-ZA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=or-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pa-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pl-PL&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=prs-AF&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-BR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=pt-PT&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=quz-PE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ro-RO&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ru-RU&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=rw-RW&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sd-Arab-PK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=si-LK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sk-SK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sl-SI&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sq-AL&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-BA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Cyrl-RS&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sv-SE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=sw-KE&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ta-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=te-IN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=th-TH&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ti-ET&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tk-TM&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tr-TR&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=tt-RU&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ug-CN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uk-UA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=ur-PK&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=vi-VN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=wo-SN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=xh-ZA&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=yo-NG&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-CN&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zh-TW&amp;temporaryLocalization=true
Source: chromecache_242.2.dr String found in binary or memory: https://www.onenote.com/officeaddins/meetings?ui=zu-ZA&amp;temporaryLocalization=true
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.213.224.106:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: chromecache_289.2.dr Binary or memory string: E);E.returnValue&&m.ULS.sendTraceTag(22345950,339,50,"AudioPlayback error: unplayable audio type ({0})",J)}return D}catch(D){}}return!1}static xKf(y){const D=y.lastIndexOf(".");if(0>D)return{returnValue:!1,extension:""};y=y.substring(D,y.length);return{returnValue:H.tri(y),extension:y}}static t9h(){if(!H.Lkc){H.Lkc=new r.a(e.a.ke());const y=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");
Source: classification engine Classification label: mal60.phis.win@24/313@64/20
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,8703808691657293338,11271876919328152257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,8703808691657293338,11271876919328152257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: d(64967);this.Le||(null!==this.nib&&(w.a.removeHandler(window.self,"scroll",this.nib),w.a.removeHandler(window.self,"resize",this.$rc),this.$rc=this.nib=null),X.la&&X.la.gB&&this.p4&&this.Bi&&X.la.gB.Kr(this.p4,this.Bi),this.hd=this.Zm=this.Bi=null,this.nXa&&this.nXa.BUd&&this.nXa.vJd(),this.nXa=null,this.Ab&&G.a.xAa(this.Ab)&&this.iz(this.vB),this.rz=this.mv=this.L$=this.v_a=this._body=this.gh=this.Gma=this.p4=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.Ab=this.Pdb=this.vB=null,L.KE=null, source: chromecache_289.2.dr
Source: Binary string: this.vB.className="WACDialogOuterContainer";this.Pdb=this.gh.createElement("div");this.Pdb.id=this.eh("WACDialogInnerContainer");this.Pdb.className="WACDialogInnerContainer";this.Ab=this.gh.createElement("div");this.Ab.id=this.eh("WACDialogPanel");this.Ab.className=X.la&&X.la.Ra.LG?"MLRVisualRefresh "+this.jFe:this.jFe;this.Pgc&&(this.Ab.className+=" FullDocumentPanel");X.i0e?this.Ab.setAttribute(P.a.Ac,P.a.Wtc):this.Ab.setAttribute(P.a.Ac,P.a.Lwd);this.Ab.setAttribute(P.a.yR,this.eh("WACDialogTitleText")); source: chromecache_289.2.dr
Source: Binary string: (this.Sf.close(),this.Sf=null)}static get instance(){return Oa.xa||(Oa.xa=new Oa(()=>f.a.instance.Aa("Common.Interface.IEditNotificationManager")))}static get rRf(){return Oa.sfb||(Oa.sfb=f.a.instance.resolve("Wonca.KickoutExecutor"))}}Oa.xa=null;Oa.sfb=null;(0,T.a)(Oa,"WordAutoSaveOperation",null,[]);class Na extends S.a{constructor(Aa,Va,sb,vb,Tb,Lb,Hb,ac,Jb,hb,ec,lc,Uc,Vb,qa,tb,Mb,Yb,Ub,nc){super();this.VU=null;this.$Ee=new F.a;this.Le=this.l5=!1;this.pDb=0;this.UU=[];this.Gjc=!1;this.JNe="";this.kOe= source: chromecache_289.2.dr
Source: Binary string: da.firstChild):this.L$.insertBefore(this.vB,this.L$.firstChild)}else this.L$.insertBefore(this.vB,this.L$.firstChild);this.vB.appendChild(this.Pdb);this.Pdb.appendChild(this.Ab);this.nib||(this.nib=this.Ksj,this.$rc=(0,k.a)(this,this.Poe,"sizeFix"),w.a.addHandler(window.self,"scroll",this.nib),w.a.addHandler(window.self,"resize",this.$rc));this.Bi=new B(this.Ab);X.la&&X.la.gB.In(this.p4,this.Bi);L.POb()&&this.Khj()}QRc(X,da){const ba=this.gh.createElement("button");this.CGa[X]=ba;ba.id=this.eh(da); source: chromecache_289.2.dr
Source: Binary string: (this.yu=f.a.instance.Aa("Box4.ITypingProcessManager"))}get E6(){return this.pDb}get jT(){return this.aWg}get V7(){return!this.jgb.kVb}K9b(Aa){this.jgb.kVb=!Aa}get lN(){return this.bY}get PBd(){return this.Mfc}Up(Aa,Va,sb){sb=void 0===sb?null:sb;const vb=new F.a;vb.add((new Date).toISOString());vb.add(Aa);vb.add(Va);sb&&vb.add(sb);Aa=vb.toArray().join("|");this.$Ee.add(String.format("[{0}]",Aa))}Lgg(){this.Up("logRetrvl","call",this.lN);return this.$Ee.toArray().join("")}w6b(Aa){this.VA.B5a(Aa,sa.b(Aa.RevisionList[0].BaseId), source: chromecache_289.2.dr
Source: Binary string: null;this.o_a=t;this.pdb=-1;this.Agc=0;this.xgc=0<t.B1.length?t.B1[0]:w.empty}moveNext(){this.pdb++;this.pdb===this.xgc.Yob?(this.my=this.o_a.pda[this.Agc++],this.pdb=this.xgc.T4a-1,this.xgc=this.Agc<this.o_a.b8a?this.o_a.B1[this.Agc]:w.empty):this.my=this.pdb<this.o_a.RY.length?this.o_a.RY[this.pdb]:null;return!!this.current}reset(){this.pdb=-1;this.Agc=0;this.my=null;this.xgc=0<this.o_a.B1.length?this.o_a.B1[0]:w.empty}get current(){return this.my}$u(){throw Error.notImplemented();}}(0,T.a)(F,"TableRowOrCellMixedContextIterator", source: chromecache_289.2.dr
Source: Binary string: if(0<(this.enabled&1)){if(!Aa)return this.jT.event(-4),!1;if(this.wn())return this.pDb=Va,Aa=this.MSd(),this.jT.event(Aa?8:-3),!Aa}if(!Aa)return this.pDb=Va,this.jT.event(-1),!1;if(0<(this.enabled&2)&&this.Qqi()){if(!this.a5a())return this.jT.event(-1),!1;Aa=this.MSd();this.jT.event(Aa?7:-3);return!Aa}this.sq.$W();this.jT.event(-2);return!1}get eYd(){return!this.wn()&&(!this.aB||""===this.aB)}WEf(){return this.sq.LBa()}hTd(){let Aa;Aa=this.pDb;if(this.hvc&&this.V7&&this.elb&&this.eH){const Va=this.eH.fve()? source: chromecache_289.2.dr
Source: Binary string: null}vxc(a,c){this.pii();var n=Object.assign(new dg,{wf:a.wf});n=new HE.a(n,this.PDb,null);n.dataSource=a.dataSource;if(!n.S7e(a.NKc,null))throw Error.create("Jewel could not be built");if(a=n.Xy)a.Dr=c,a.ARc();return a}pii(){this.PDb=cd.a.createElement("div");this.PDb.id="jewelcontainer";this.PDb.className="cui-jewel-container";this.PDb.style.display="block"}}(0,S.a)(VC,"LegacyFileMenuFactory",null,[1147]);class ju{constructor(a,c,n){this.Tac=a;this.WLe=this.Tac.qCa;this.sOc=d.a.instance.Aa("Common.IOfficeTrialExperience"); source: chromecache_306.2.dr
Source: Binary string: appChrome.api.dispatch(Q));return 32};u.AFrameworkApplication.sa.na(Pa.a.oca,Zb.a.frame,this.Qdj)}k0d(){appChrome.api.dispatch(appChrome.actions.updateFileMenuExpandedValue(!0))}GW(){}ARc(){}LGd(){}}(0,S.a)(zf,"ReactFileMenu",null,[1068]);class fA{vxc(){const a=new zf,c=[];c.push(appChrome.actions.updateFileMenuExpandedValue(!1));c.push(appChrome.actions.updateFileMenuDisabledValue(!1));appChrome.api.dispatch(c);return a}}(0,S.a)(fA,"ReactFileMenuFactory",null,[1147]);var HE=V(24363);class VC{constructor(){this.PDb= source: chromecache_306.2.dr
Source: Binary string: void 0===aa?!1:aa;super(document.createElement("div"));this.Pgc=this._id=null;this.jFe="WACDialogPanel";this.Mlc=this.L$=this.v_a=this._body=this.Gma=this.p4=this.rl=this.Ab=this.Pdb=this.vB=this.Io=this.nJ=this.pJ=this.oJ=this.oz=this.xL=this.$rc=this.nib=this.nXa=this.Bi=this.hd=this.Zm=this.Vs=this.n0=this.SD=this.Xwa=null;this.xmc="OK";this.Hma="Cancel";this.iDe="Close";this.Xsd="Yes";this.Wid="No";this.$Ue="Retry";this.USe="Permanently Delete";this.qWe="Share and notify";this.Acb="Action";this.chb= source: chromecache_289.2.dr
Source: Binary string: "HandleVisibilityChange IsAppHidden {0}, ReplicatedWhileHidden {1}",2===Va.newState,this.eUc),2!==Va.newState&&this.eUc&&(this.eUc=!1,this.sq.yqf(),this.qY.NW()))}$og(){return B.AFrameworkApplication.$.getBooleanFeatureGate("Microsoft.Office.OneNoteOnline.ONOReplicateEarlyWhenVisibleAgain",!1)}get Icc(){return this.wsd}set Icc(Aa){this.wsd=Aa}b5a(){this.pDb=K.AReplicationScheduler.WNc;if(this.pc&&2===this.pc.status)return this.jT.event(-3),!0;if(this.Le||this.l5)return this.jT.event(1),!1;if(this.NBe&& source: chromecache_289.2.dr
Source: chromecache_282.2.dr, chromecache_267.2.dr, chromecache_343.2.dr Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_282.2.dr, chromecache_267.2.dr, chromecache_343.2.dr Binary or memory string: ",DisconnectVirtualMachine:"
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432019 URL: https://usigroups-my.sharep... Startdate: 26/04/2024 Architecture: WINDOWS Score: 60 24 Antivirus / Scanner detection for submitted sample 2->24 26 Yara detected HtmlPhish62 2->26 28 Phishing site detected (based on shot match) 2->28 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49323 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 dual-spo-0005.spo-msedge.net 13.107.136.10, 443, 49735, 49736 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 13.107.213.41, 443, 49920 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->20 22 41 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.41
 part-0013.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.67.209.50
 fnfi.kewtdz.ru United States
13335 CLOUDFLARENETUS false
52.108.9.12
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.213.41
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.67.211.217
 unknown United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
142.250.217.228
 unknown United States
15169 GOOGLEUS false
104.21.67.35
 fdexa.nhol.ru United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.67.173.130
 4odq.cxnev1.ru United States
13335 CLOUDFLARENETUS false
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.69
 part-0041.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
152.195.19.97
 sni1gl.wpc.sigmacdn.net United States
15133 EDGECASTUS false
104.21.95.100
 unknown United States
13335 CLOUDFLARENETUS false
172.217.3.68
 www.google.com United States
15169 GOOGLEUS false
151.101.194.137
 code.jquery.com United States
54113 FASTLYUS false
52.108.8.12
 wac-0003.wac-msedge.net United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.64.196
 unknown United States
15169 GOOGLEUS false
172.67.144.70
 yo5.6gniu68.ru United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
dual-spo-0005.spo-msedge.net 13.107.136.10 true
a.nel.cloudflare.com 35.190.80.1 true
4odq.cxnev1.ru 172.67.173.130 true
fdexa.nhol.ru 104.21.67.35 true
yo5.6gniu68.ru 172.67.144.70 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
wac-0003.wac-msedge.net 52.108.8.12 true
bg.microsoft.map.fastly.net 199.232.210.172 true
part-0013.t-0009.t-msedge.net 13.107.246.41 true
code.jquery.com 151.101.194.137 true
fnfi.kewtdz.ru 172.67.209.50 true
part-0041.t-0009.t-msedge.net 13.107.246.69 true
www.google.com 172.217.3.68 true
sni1gl.wpc.sigmacdn.net 152.195.19.97 true
js.monitor.azure.com unknown unknown
usigroups-my.sharepoint.com unknown unknown
augloop.office.com unknown unknown
storage.live.com unknown unknown
ajax.aspnetcdn.com unknown unknown
m365cdn.nel.measure.office.net unknown unknown
onenoteonline.nel.measure.office.net unknown unknown
common.online.office.com unknown unknown
amcdn.msftauth.net unknown unknown
spoprod-a.akamaihd.net unknown unknown
www.onenote.com unknown unknown
messaging.engagement.office.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell false
  • Avira URL Cloud: safe
 unknown
https://code.jquery.com/jquery-3.6.0.min.js false
    		high
    https://usigroups-my.sharepoint.com/personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc={4275c7cd-9559-49b5-9e00-8913e67b2426}&action=view&wd=target%28Payment%20Remittance.one%7C4915276f-778f-4e3a-9738-7cef3746a84f%2FA%20Secure%20File%20Has%20Been%20Shared%20With%20You%7Cb9cca014-4b79-4e4c-ac2d-33a8409af9ce%2F%29&wdorigin=NavigationUrl false
      		unknown
      https://www.onenote.com/officeaddins/RemoteUls.ashx false
        		high
        https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm true
          		unknown
          about:blank false
          • Avira URL Cloud: safe
          		 low
          https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs false
            		high
            https://www.google.com/recaptcha/api2/payload?p=06AFcWeA7MmaaXs6MoyMD0u-3j4jqR4mQ6pB-5cQII2R4wVQ0vHzppYhvDZKreLSkB4OwOV-5pOFNqTd6iJxdKG_MYtUqBMj3wZ-tBh-9F5I2bvJN9LY6Mwih7HGi6O154fIZZt0SqnIYLIPXudwwQ1ZDCUWJJ6rPXRJhkkAWRxcM_cIKsXcw9jzjy-POTft2040Slxkv8vdNv&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC false
              		high
              https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js false
                		high
                https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?rtime=_zl3wMZl3Eg false
                  		unknown
                  https://www.google.com/favicon.ico false
                    		high
                    https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
                      		high
                      https://common.online.office.com/suite/RemoteUls.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&officeserverversion=20240424.1 false
                        		high
                        https://www.google.com/recaptcha/api2/reload?k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC false
                          		high
                          https://4odq.cxnev1.ru/favicon.ico false
                          • Avira URL Cloud: safe
                          		 unknown
                          https://www.google.com/ false
                            		high
                            https://yo5.6gniu68.ru/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB false
                            • Avira URL Cloud: safe
                            		 unknown