Windows Analysis Report
New Pay App#WEYI887 From Fountain City Endodontics.msg

Overview

General Information

Sample name: New Pay App#WEYI887 From Fountain City Endodontics.msg
Analysis ID: 1432333
MD5: e7a4c3ff7e3f31a526c291fd8f21ecf2
SHA1: eac5765e39ab73d78dd80a6b71155ac61508a678
SHA256: 5dfe661306c83291a19830701e1d263e38a07af4aa337d1a2693ab530eaee050
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Suspicious MSG / EML detected (based on various text indicators)
Creates a window with clipboard capturing capabilities
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Phishing site detected (based on OCR NLP Model)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Office Macro File Download
Stores files to the Windows start menu directory

Classification

Phishing
barindex
Suspicious MSG / EML detected (based on various text indicators)
Source: MSG / EML OCR Text: Please see attached fax message for your review and approval. Kindly get back to me with your review option. OPEN FULL PDF HERE Received & processed Fri, 26 April 2024 - 12:30 PM EDT Pages: 5 Resolution:200x200 DPI
Phishing site detected (based on OCR NLP Model)
Source: MSG / EML ML Model on OCR Text: Matched 98.7% probability on "Please see attached fax message for your review and approval. Kindly get back to me with your review option. OPEN FULL PDF HERE Received & processed Fri, 26 April 2024 - 12:30 PM EDT Pages: 5 Resolution:200x200 DPI "
Source: unknown HTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49822 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.136.10 13.107.136.10
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.50.112.60
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.13
Source: global traffic HTTP traffic detected: GET /:b:/g/personal/vikas_neema_mewarpolytex_com/ERW4JxCNJOZGqg58jQ0AmE8BiDlB1gxr9lCwzV8ev74cVw?e=mVORF2 HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan%2FView%20and%20Print%20Online%2Epdf&parent=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan&ga=1 HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2Y3NmU4NDY2NzJkZTBlNjQ3MmJmNmQ0NjZjZTk4MDY5OGRiOTAxYzJhN2EwOTAwYzkxNDJiMDhjODZkMGY4NGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZjc2ZTg0NjY3MmRlMGU2NDcyYmY2ZDQ2NmNlOTgwNjk4ZGI5MDFjMmE3YTA5MDBjOTE0MmIwOGM4NmQwZjg0YSwxMzM1ODYzNDAwNTAwMDAwMDAsMCwxMzM1ODcyMDEwNTExMTcwODgsMC4wLjAuMCwyNTgsZTJhN2Y3NWQtMzE5NS00MmYzLTk4M2UtZTNkNDEyMDY3M2FlLCwsNDRlMTIyYTEtYTBlMi0zMDAwLTNhZDktOTM5MThlMGNiNmJmLDQ0ZTEyMmExLWEwZTItMzAwMC0zYWQ5LTkzOTE4ZTBjYjZiZixWenNyZHlXV2hVYU9FYVlpR0toMjJnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTY1NjUsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdyYVJPMFZWVTBZQjJ3UjlJYjIzY25GaTVEKzlqSXVSdWRWWDZySzl4bUNULzBTb25QT21EKzl5YTQ5SWhHajlBWjFpSU94NXd1MENHL0hoVWJiNzVzY241VmtWd1JHSXFSWjlETFVpREdpeU5vaUhnVE5zWlZENFVBMHJETEVzWUQ0M09NQTVlTU1LdU1KZzdvdHVydXdOZ1diS0dlcSs5VWFFYnZDd2dZMlhiVjlJc3g4Y0pUMU0wNDJjYWtXLzdpYVpRaXZKNi9qbWU3TmM1ZEJLZjdPYTgwN294anNZQTQ5bTErVE5Yb0ZBZ2pNNzY3ZjFsaFNtQUw3RUVtSWt3SFVVTkRyMmRRQ25PZGtIRXlqRjJqUTZPTitQdWhJVGY0WjZNRkxyamk0a3daV1JvVkNWZXhyaGFZQkxqeGU5UFdxeDNQWkZGd1hqNmFHUmNhU21rUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2Y3NmU4NDY2NzJkZTBlNjQ3MmJmNmQ0NjZjZTk4MDY5OGRiOTAxYzJhN2EwOTAwYzkxNDJiMDhjODZkMGY4NGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZjc2ZTg0NjY3MmRlMGU2NDcyYmY2ZDQ2NmNlOTgwNjk4ZGI5MDFjMmE3YTA5MDBjOTE0MmIwOGM4NmQwZjg0YSwxMzM1ODYzNDAwNTAwMDAwMDAsMCwxMzM1ODcyMDEwNTExMTcwODgsMC4wLjAuMCwyNTgsZTJhN2Y3NWQtMzE5NS00MmYzLTk4M2UtZTNkNDEyMDY3M2FlLCwsNDRlMTIyYTEtYTBlMi0zMDAwLTNhZDktOTM5MThlMGNiNmJmLDQ0ZTEyMmExLWEwZTItMzAwMC0zYWQ5LTkzOTE4ZTBjYjZiZixWenNyZHlXV2hVYU9FYVlpR0toMjJnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTY1NjUsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdyYVJPMFZWVTBZQjJ3UjlJYjIzY25GaTVEKzlqSXVSdWRWWDZySzl4bUNULzBTb25QT21EKzl5YTQ5SWhHajlBWjFpSU94NXd1MENHL0hoVWJiNzVzY241VmtWd1JHSXFSWjlETFVpREdpeU5vaUhnVE5zWlZENFVBMHJETEVzWUQ0M09NQTVlTU1LdU1KZzdvdHVydXdOZ1diS0dlcSs5VWFFYnZDd2dZMlhiVjlJc3g4Y0pUMU0wNDJjYWtXLzdpYVpRaXZKNi9qbWU3TmM1ZEJLZjdPYTgwN294anNZQTQ5bTErVE5Yb0ZBZ2pNNzY3ZjFsaFNtQUw3RUVtSWt3SFVVTkRyMmRRQ25PZGtIRXlqRjJqUTZPTitQdWhJVGY0WjZNRkxyamk0a3daV1JvVkNWZXhyaGFZQkxqeGU5UFdxeDNQWkZGd1hqNmFHUmNhU21rUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zNXBSWDtLEosdMO&MD=lFsdB4vv HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_api/v2.1/graphql HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mewarpolytex123-my.sharepoint.com/personal/vikas_neema_mewarpolytex_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan%2FView%20and%20Print%20Online%2Epdf&parent=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan&ga=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2Y3NmU4NDY2NzJkZTBlNjQ3MmJmNmQ0NjZjZTk4MDY5OGRiOTAxYzJhN2EwOTAwYzkxNDJiMDhjODZkMGY4NGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZjc2ZTg0NjY3MmRlMGU2NDcyYmY2ZDQ2NmNlOTgwNjk4ZGI5MDFjMmE3YTA5MDBjOTE0MmIwOGM4NmQwZjg0YSwxMzM1ODYzNDAwNTAwMDAwMDAsMCwxMzM1ODcyMDEwNTExMTcwODgsMC4wLjAuMCwyNTgsZTJhN2Y3NWQtMzE5NS00MmYzLTk4M2UtZTNkNDEyMDY3M2FlLCwsNDRlMTIyYTEtYTBlMi0zMDAwLTNhZDktOTM5MThlMGNiNmJmLDQ0ZTEyMmExLWEwZTItMzAwMC0zYWQ5LTkzOTE4ZTBjYjZiZixWenNyZHlXV2hVYU9FYVlpR0toMjJnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTY1NjUsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdyYVJPMFZWVTBZQjJ3UjlJYjIzY25GaTVEKzlqSXVSdWRWWDZySzl4bUNULzBTb25QT21EKzl5YTQ5SWhHajlBWjFpSU94NXd1MENHL0hoVWJiNzVzY241VmtWd1JHSXFSWjlETFVpREdpeU5vaUhnVE5zWlZENFVBMHJETEVzWUQ0M09NQTVlTU1LdU1KZzdvdHVydXdOZ1diS0dlcSs5VWFFYnZDd2dZMlhiVjlJc3g4Y0pUMU0wNDJjYWtXLzdpYVpRaXZKNi9qbWU3TmM1ZEJLZjdPYTgwN294anNZQTQ5bTErVE5Yb0ZBZ2pNNzY3ZjFsaFNtQUw3RUVtSWt3SFVVTkRyMmRRQ25PZGtIRXlqRjJqUTZPTitQdWhJVGY0WjZNRkxyamk0a3daV1JvVkNWZXhyaGFZQkxqeGU5UFdxeDNQWkZGd1hqNmFHUmNhU21rUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%27&RootFolder=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan&TryNewExperienceSingle=TRUE HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://mewarpolytex123-my.sharepoint.com/personal/vikas_neema_mewarpolytex_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan%2FView%20and%20Print%20Online%2Epdf&parent=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan&ga=1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2Y3NmU4NDY2NzJkZTBlNjQ3MmJmNmQ0NjZjZTk4MDY5OGRiOTAxYzJhN2EwOTAwYzkxNDJiMDhjODZkMGY4NGEsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZjc2ZTg0NjY3MmRlMGU2NDcyYmY2ZDQ2NmNlOTgwNjk4ZGI5MDFjMmE3YTA5MDBjOTE0MmIwOGM4NmQwZjg0YSwxMzM1ODYzNDAwNTAwMDAwMDAsMCwxMzM1ODcyMDEwNTExMTcwODgsMC4wLjAuMCwyNTgsZTJhN2Y3NWQtMzE5NS00MmYzLTk4M2UtZTNkNDEyMDY3M2FlLCwsNDRlMTIyYTEtYTBlMi0zMDAwLTNhZDktOTM5MThlMGNiNmJmLDQ0ZTEyMmExLWEwZTItMzAwMC0zYWQ5LTkzOTE4ZTBjYjZiZixWenNyZHlXV2hVYU9FYVlpR0toMjJnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxOTY1NjUsRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LGdyYVJPMFZWVTBZQjJ3UjlJYjIzY25GaTVEKzlqSXVSdWRWWDZySzl4bUNULzBTb25QT21EKzl5YTQ5SWhHajlBWjFpSU94NXd1MENHL0hoVWJiNzVzY241VmtWd1JHSXFSWjlETFVpREdpeU5vaUhnVE5zWlZENFVBMHJETEVzWUQ0M09NQTVlTU1LdU1KZzdvdHVydXdOZ1diS0dlcSs5VWFFYnZDd2dZMlhiVjlJc3g4Y0pUMU0wNDJjYWtXLzdpYVpRaXZKNi9qbWU3TmM1ZEJLZjdPYTgwN294anNZQTQ5bTErVE5Yb0ZBZ2pNNzY3ZjFsaFNtQUw3RUVtSWt3SFVVTkRyMmRRQ25PZGtIRXlqRjJqUTZPTitQdWhJVGY0WjZNRkxyamk0a3daV1JvVkNWZXhyaGFZQkxqeGU5UFdxeDNQWkZGd1hqNmFHUmNhU21rUT09PC9TUD4=
Source: global traffic HTTP traffic detected: GET /personal/vikas_neema_mewarpolytex_com/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1=%27%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%27&TryNewExperienceSingle=TRUE HTTP/1.1Host: mewarpolytex123-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zNXBSWDtLEosdMO&MD=lFsdB4vv HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: mewarpolytex123-my.sharepoint.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: spo.nel.measure.office.net
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Thu, 11 Apr 2024 19:35:17 GMTLast-Modified: Fri, 26 Apr 2024 19:35:17 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,0,323923,0,44681X-SharePointHealthScore: 3X-Forms_Based_Auth_Required: https://mewarpolytex123-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fvikas%255Fneema%255Fmewarpolytex%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://mewarpolytex123-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/vikas_neema_mewarpolytex_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 48e122a1-2003-3000-3ad9-91d7121a0299request-id: 48e122a1-2003-3000-3ad9-91d7121a0299MS-CV: oSLhSAMgADA62ZHXEhoCmQ.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=e2a7f75d-3195-42f3-983e-e3d4120673ae&destinationEndpoint=Edge-Prod-MIA30r5b&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24810X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: B617593F90F843BD81EE67D3A65404C9 Ref B: MIA301000104049 Ref C: 2024-04-26T19:35:17ZDate: Fri, 26 Apr 2024 19:35:17 GMTConnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Thu, 11 Apr 2024 19:35:17 GMTLast-Modified: Fri, 26 Apr 2024 19:35:17 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,0,676,0,24211X-SharePointHealthScore: 3X-Forms_Based_Auth_Required: https://mewarpolytex123-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fvikas%255Fneema%255Fmewarpolytex%255Fcom%252FDocuments%2527%26RootFolder%3d%252Fpersonal%252Fvikas%255Fneema%255Fmewarpolytex%255Fcom%252FDocuments%252FView%2520and%2520Print%2520Online%2520Megan%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://mewarpolytex123-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/vikas_neema_mewarpolytex_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 48e122a1-800e-3000-3ad9-90e5a5664c6arequest-id: 48e122a1-800e-3000-3ad9-90e5a5664c6aMS-CV: oSLhSA6AADA62ZDlpWZMag.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=e2a7f75d-3195-42f3-983e-e3d4120673ae&destinationEndpoint=Edge-Prod-MIA30r5b&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24810X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: FC889582A8B447F8A2C33CA0477E83A6 Ref B: MIA301000104039 Ref C: 2024-04-26T19:35:17ZDate: Fri, 26 Apr 2024 19:35:17 GMTConnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Thu, 11 Apr 2024 19:35:19 GMTLast-Modified: Fri, 26 Apr 2024 19:35:19 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,0,38728,0,30996X-SharePointHealthScore: 3X-Forms_Based_Auth_Required: https://mewarpolytex123-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fvikas%255Fneema%255Fmewarpolytex%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://mewarpolytex123-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/vikas_neema_mewarpolytex_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 48e122a1-f056-3000-2425-5ffaab58bf22request-id: 48e122a1-f056-3000-2425-5ffaab58bf22MS-CV: oSLhSFbwADAkJV/6q1i/Ig.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=e2a7f75d-3195-42f3-983e-e3d4120673ae&destinationEndpoint=Edge-Prod-MIA30r5c&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24810X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: 9E6619D0E8FB4C1F8DC6B385B331FA0B Ref B: MIA301000105025 Ref C: 2024-04-26T19:35:19ZDate: Fri, 26 Apr 2024 19:35:18 GMTConnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: private, max-age=0Transfer-Encoding: chunkedContent-Type: application/xml;charset=utf-8Expires: Thu, 11 Apr 2024 19:35:20 GMTLast-Modified: Fri, 26 Apr 2024 19:35:20 GMTVary: OriginP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-NetworkStatistics: 0,525568,0,0,676,0,24211X-SharePointHealthScore: 3X-Forms_Based_Auth_Required: https://mewarpolytex123-my.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fweb%2fGetListUsingPath(DecodedUrl%3d%40a1)%2fRenderListDataAsStream%3f%40a1%3d%2527%252Fpersonal%252Fvikas%255Fneema%255Fmewarpolytex%255Fcom%252FDocuments%2527%26TryNewExperienceSingle%3dTRUEX-Forms_Based_Auth_Return_Url: https://mewarpolytex123-my.sharepoint.com/_layouts/15/error.aspxX-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.DATASERVICEVERSION: 3.0X-SubStatusCode: 16X-AspNet-Version: 4.0.30319X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/vikas_neema_mewarpolytex_com/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"X-DataBoundary: NONEX-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/SPRequestGuid: 48e122a1-60b2-3000-3ad9-9b4a829b5757request-id: 48e122a1-60b2-3000-3ad9-9b4a829b5757MS-CV: oSLhSLJgADA62ZtKgptXVw.0Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=e2a7f75d-3195-42f3-983e-e3d4120673ae&destinationEndpoint=Edge-Prod-MIA30r5c&frontEnd=AFD&RemoteIP=102.129.152.0"}]}NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINContent-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24810X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: 985D8824CC2A4298BF8BD046C13A5004 Ref B: MIA301000106051 Ref C: 2024-04-26T19:35:19ZDate: Fri, 26 Apr 2024 19:35:20 GMTConnection: close
Source: chromecache_280.6.dr String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_288.6.dr String found in binary or memory: http://www.contoso.com
Source: chromecache_248.6.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_265.6.dr String found in binary or memory: https://1drv.com/
Source: chromecache_265.6.dr String found in binary or memory: https://centralus1-mediad.svc.ms
Source: chromecache_265.6.dr String found in binary or memory: https://livefilestore.com/
Source: chromecache_297.6.dr, chromecache_265.6.dr String found in binary or memory: https://media.cloudapp.net
Source: New Pay App#WEYI887 From Fountain City Endodontics.msg, ~WRS{282F9A33-6132-40D5-A49D-ED0A2CB7EE7F}.tmp.0.dr String found in binary or memory: https://mewarpolytex123-my.sharepoint.com/:b:/g/personal/vikas_neema_mewarpolytex_com/ERW4JxCNJOZGqg
Source: chromecache_307.6.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: chromecache_297.6.dr, chromecache_265.6.dr String found in binary or memory: https://northcentralus1-medias.svc.ms
Source: chromecache_269.6.dr String found in binary or memory: https://odspwebdevdeploy.blob.core.windows.net
Source: chromecache_269.6.dr, chromecache_261.6.dr String found in binary or memory: https://onedrive.live.com/?gologin=1
Source: chromecache_307.6.dr String found in binary or memory: https://outlook.office.com/search
Source: chromecache_265.6.dr String found in binary or memory: https://portal.office.com/
Source: chromecache_280.6.dr String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net
Source: chromecache_230.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/
Source: chromecache_230.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/spserviceworker.js
Source: chromecache_286.6.dr, chromecache_287.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/spwebworker.js
Source: chromecache_230.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/stsserviceworkerprefetch/stsservicew
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp-media-cc7da505
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.1ds/odsp.1ds.lib-ef4794d7
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.aria/odsp.aria.lib-3ff49754
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.components/fui.co-d25fe9cf
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.core/fui.core-386588f5
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components.migration.shims/fui.lco
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components.migration/fui.lcom-97d4
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.components/fui.lco-efe8d61f
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.legacy.customizable/fui.lcu-c10ae93c
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.fluentui.utilities/fui.util-7c2f5169
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.knockout/odsp.knockout.lib-5819e006
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.react/odsp.react.lib-2600836d
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.tslib/tslib-1e17100f
Source: chromecache_261.6.dr String found in binary or memory: https://res-1.cdn.office.net/files/sp-client/odsp.utilities/odsp.util-8562588b
Source: chromecache_261.6.dr String found in binary or memory: https://res-2.cdn.office.net/files/odsp-web-prod_2024-04-12.003/
Source: chromecache_269.6.dr String found in binary or memory: https://res.cdn.office.net/teams-js/2.0.0/js/MicrosoftTeams.min.js
Source: chromecache_269.6.dr String found in binary or memory: https://securebroker.sharepointonline.com
Source: chromecache_261.6.dr String found in binary or memory: https://shell.cdn.office.net
Source: chromecache_261.6.dr, chromecache_230.6.dr String found in binary or memory: https://shell.cdn.office.net/api/ShellBootstrapper/business/OneShell
Source: chromecache_265.6.dr String found in binary or memory: https://shellppe.msocdn.com
Source: chromecache_265.6.dr String found in binary or memory: https://shellprod.msocdn.com
Source: chromecache_261.6.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: chromecache_249.6.dr String found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: chromecache_265.6.dr String found in binary or memory: https://substrate.office.com
Source: chromecache_307.6.dr, chromecache_258.6.dr String found in binary or memory: https://support.office.com/en-us/article/Manage-lists-and-libraries-with-many-items-b8588dae-9387-48
Source: chromecache_269.6.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2F$
Source: chromecache_261.6.dr String found in binary or memory: https://www.office.com/login?prompt=select_account&ru=%2Flaunch%2Fonedrive
Source: chromecache_269.6.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2F$
Source: chromecache_261.6.dr String found in binary or memory: https://www.office.com/login?ru=%2Flaunch%2Fonedrive
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown HTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49822 version: TLS 1.2
Creates a window with clipboard capturing capabilities
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: classification engine Classification label: sus24.phis.winMSG@17/189@8/4
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240426T2134530908-7076.etl Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\New Pay App#WEYI887 From Fountain City Endodontics.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6BB54BD6-5581-4EAA-9ED1-FFBDF55141F6" "8B516455-88F6-4EDD-923D-C48E66488FBA" "7076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mewarpolytex123-my.sharepoint.com/:b:/g/personal/vikas_neema_mewarpolytex_com/ERW4JxCNJOZGqg58jQ0AmE8BiDlB1gxr9lCwzV8ev74cVw?e=mVORF2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1980,i,7827114694809584850,15480523920990163473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6BB54BD6-5581-4EAA-9ED1-FFBDF55141F6" "8B516455-88F6-4EDD-923D-C48E66488FBA" "7076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mewarpolytex123-my.sharepoint.com/:b:/g/personal/vikas_neema_mewarpolytex_com/ERW4JxCNJOZGqg58jQ0AmE8BiDlB1gxr9lCwzV8ev74cVw?e=mVORF2 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1980,i,7827114694809584850,15480523920990163473,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: chromecache_290.6.dr Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_290.6.dr Binary or memory string: ",DisconnectVirtualMachine:"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432333 Sample: New Pay App#WEYI887 From Fo... Startdate: 26/04/2024 Architecture: WINDOWS Score: 24 27 Suspicious MSG / EML detected (based on various text indicators) 2->27 7 OUTLOOK.EXE 98 137 2->7         started        process3 process4 9 chrome.exe 8 7->9         started        12 ai.exe 7->12         started        dnsIp5 17 192.168.2.16, 138, 443, 49704 unknown unknown 9->17 19 239.255.255.250 unknown Reserved 9->19 14 chrome.exe 9->14         started        process6 dnsIp7 21 dual-spo-0005.spo-msedge.net 13.107.136.10, 443, 49713, 49714 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 14->21 23 www.google.com 142.250.217.164, 443, 49724 GOOGLEUS United States 14->23 25 6 other IPs or domains 14->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.136.10
 dual-spo-0005.spo-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.217.164
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
dual-spo-0005.spo-msedge.net 13.107.136.10 true
www.google.com 142.250.217.164 true
mewarpolytex123-my.sharepoint.com unknown unknown
spo.nel.measure.office.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://mewarpolytex123-my.sharepoint.com/:b:/g/personal/vikas_neema_mewarpolytex_com/ERW4JxCNJOZGqg58jQ0AmE8BiDlB1gxr9lCwzV8ev74cVw?e=mVORF2 false
  • Avira URL Cloud: safe
 unknown
https://mewarpolytex123-my.sharepoint.com/_layouts/15/images/odbfavicon.ico?rev=47 false
  • Avira URL Cloud: safe
 unknown
https://mewarpolytex123-my.sharepoint.com/personal/vikas_neema_mewarpolytex_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan%2FView%20and%20Print%20Online%2Epdf&parent=%2Fpersonal%2Fvikas%5Fneema%5Fmewarpolytex%5Fcom%2FDocuments%2FView%20and%20Print%20Online%20Megan&ga=1 false
    		unknown
    https://mewarpolytex123-my.sharepoint.com/_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099649,3]&spStartApplicationWebBundle=true&enableIntegrities=true false
    • Avira URL Cloud: safe
    		 unknown
    https://mewarpolytex123-my.sharepoint.com/_layouts/15/spwebworkerproxy.ashx false
    • Avira URL Cloud: safe
    		 unknown
    https://mewarpolytex123-my.sharepoint.com/personal/vikas_neema_mewarpolytex_com/_api/v2.1/graphql false
    • Avira URL Cloud: safe
    		 unknown