Edit tour

Windows Analysis Report
#Ud83d#Udcde_0072520589037.html (2).html

Overview

General Information

Sample Name:	#Ud83d#Udcde_0072520589037.html (2).html
Analysis ID:	626143
MD5:	ba279617f88ed684dcc348066f8930b1
SHA1:	8aa70edba45e04805c7f08188a5a689e2eac0687
SHA256:	d8ff2148078fbbdd1b5b40bd2b3137a0caafb7f66ad0542f527d4a98cf94b8d3
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish44

Multi AV Scanner detection for domain / URL

Snort IDS alert for network traffic

Phishing site detected (based on image similarity)

Found iframes

Internet Provider seen in connection with other malware

No HTML title found

JA3 SSL client fingerprint seen in connection with other malware

HTML body contains low number of good links

IP address seen in connection with other malware

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5748 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\#Ud83d#Udcde_0072520589037.html (2).html MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,14513621473907241117,5746487209409969036,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
#Ud83d#Udcde_0072520589037.html (2).html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Snort Signatures

ET DNS Query to a *.pw domain - Likely Hostile - Source IP: 192.168.2.3 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.38.8.8.853802532016778 05/13/22-16:40:06.023681
SID:	2016778
Source Port:	53802
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163157Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=eaf309383a404eb58faf19c69c943f89&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6Cache-Control: no-cacheMS-CV: rDozWvWpOkiVUKUq.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163157Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=fbf20488a63e41378f2db3bc97f1a8f7&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6Cache-Control: no-cacheMS-CV: rDozWvWpOkiVUKUq.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.2052.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.a0c3decd-308f-4f06-bcfb-2aa4f3afe248?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15881.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.bcf361e4-21f7-429d-877a-6c55c1b655ff?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18694.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.4e8e78d2-c2c2-4c02-8d8c-46ac3b2419e7?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16574.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.6a6f592e-efa9-4bb0-b008-7c3422ab3313?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18858.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.1b03c26f-1753-4221-9ab1-4581f098723d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.10288.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.12bb65f7-1014-4469-bb2e-59f575e79b05?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.256.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.ca4cbefc-0ab0-4144-90c1-07f5250c8c21?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.58298.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.55988ee1-bd9b-4322-980a-a610abdc7713?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.616.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.d81cfd95-c9fd-48e0-8fc3-36ff7b9e590a?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18124.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.afc6c372-c7a8-4eda-94fb-541bbb081d14?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.64128.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.d58015ff-2fcf-4113-975b-e873039b6d86?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15982.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.7bbbe321-5273-45d0-814e-74f2065197d3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16957.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.aef04b90-a221-4ea5-a05d-0d51ac792471?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31225.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.3ffd9abd-094d-4594-b6c3-8e079298b84b?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31660.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.9cf7ca2f-497e-4cb1-be08-431c9fcc4d54?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /625461d8a89ccb628021247f.js HTTP/1.1Host: valdia.quatiappcn.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/css/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.css HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/css/972bc60054973fc87bffb8ba3c0492fanbr1649697239.css HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.js HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image/apps.38957.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.dcc9368c-4c77-41a2-b867-8514435d8418?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image/apps.32938.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.721cfb02-7935-45dc-9d66-2d6e6b2ff76c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/e4fc5ba74141b5f241e5a39205ad7cea.js HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301649697231.js HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image/apps.41671.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.86b1d82d-8b47-4bda-99fc-8a1db0a7ac9d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39016.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.bbea1229-a466-4a8c-b428-57cb58abf084?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.5075.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.f329a73d-1ae8-4445-aa4c-bf40f3c5d62d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/microsoft_logo.svg HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_white.svg HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: rimorecndappz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.com
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.com
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /image/apps.51843.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c13e8407-eaf8-447a-a5d6-9abd8bc2c1f3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.comIf-Modified-Since: Thu, 14 Apr 2022 17:10:06 GMTIf-None-Match: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be"
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.comIf-Modified-Since: Thu, 14 Apr 2022 17:10:06 GMTIf-None-Match: "b1336d85e1a0c89eea2a4969953d0326f0faedd47871ea522033f7f6e513ea57"
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.netIf-Modified-Since: Thu, 13 Feb 2020 02:05:12 GMTIf-None-Match: 0x8D7B0292911C366
Source: global traffic	HTTP traffic detected: GET /cvnmkyjthrsdgvzx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rimorecndappz.firebaseapp.comIf-Modified-Since: Thu, 14 Apr 2022 17:10:06 GMTIf-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"
Source: global traffic	HTTP traffic detected: GET /image/apps.52481.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.16c0a704-aef8-4bc4-af36-0c3b3ee0f6e2?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.54145.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.0df01b4e-7fca-47eb-b3d7-95ba7990754d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /image/apps.54562.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.24af4abe-62f8-404b-b1a9-ee8fe4d32d94?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.55990.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.1c9f2174-7e18-48ba-af90-e569a2444a83?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.56668.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.a2d9522a-f7d1-4f21-9ea4-8ba298101695?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.58878.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.21987aba-4948-4f44-bf2e-eba90517f1c5?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.59367.13510798885854323.dbec43fa-fcea-4036-9b1c-96de66922c18.da850a8e-5b3f-49fd-b3dc-6a8c0db400e4?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.62687.13510798885854323.6a8c11ad-84e9-4247-9ba9-ab3742bdbb87.e61dfadd-3bdd-4f66-beb1-6bb763b60b02?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /3iynvOz HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_u77h9aLlpCTRkWpDDpAa0Q2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_KaVSRc6LLgG5LsIR16n5zA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_CBxZrnSxLbjHuOGn7pHqpg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /image/apps.65344.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.2a7e9f85-6e2d-4bc7-ad81-13196f5baf00?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.7873.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.7885dc21-4015-4284-a596-d3d24cf6c1b8?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.8341.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.fc0c6be7-c064-44dc-a7df-81e7097e3c93?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234103Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=501728bd423d4dfcb22c44ccca7ac93e&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513821&metered=false&nettype=ethernet&npid=sc-280815&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513821&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWTgoqHjO5aJbbzxFht334Zi+ziJh9kNkHxTMAW6wtF8aT8VakbVgtRR/7W+laAsHqlMKDwm+p01IX+B/OjNb0juLQJvw3HBJDnAHKRkOzWE9DasBXVemvUoozZcpwSM9/V3K+skDtv6fcTB23W5eFQ6vRki6EXxDZrj4geDDVMKQqesrDw/m6p+Rmt/p7ozRCt90JsBPSwVYD9zAlHQTd7hbi3G07Qm04GvvISHqHcJ2uLSsxENNgLhhGbt2H99JOPtu8RT/qNDqhtnk/ZTocudbe5SKXbrwv/aVQZmnmAQ+KP4CzFFc5paxkNeOlkAFvCpxCmKfiUhYvQmlf9xFaQDZgAACPo6XBZf8pxTqAFib3/swDuq7KiKPCPTeUiX7wfesfMjGbdxkjgDco+jHKnPQJXfhq43l3e222tPt31AWjz6zrKhmLI7kNrjydSqhoPDI3lkbHbDQmJ9ZBgIrhWJHIZxEgr7e/7JMBv0pWtbfSUJs5lUdkk4dRDEepE6NaYpS+/jf6a/qG4p7qH2S0SCKEHzuKm/aIukHQySnMqV/3TT04n2iLi1LsgogOdkx+2vQzUKaAbgES/fMEivaZtlL5auI7Tv/WJpGwyZAP28cVkW8Vb8CBvPL2VvkJiOm+zSGuu0uLEinpghsWiCMKmEZbnSIKvyjhHfnaTL5/SWfjy3Wg29TTTKK84wBYYyk4wsAeVIOp9Q/b2Vh9M6PDmhCcyWRvMgC5Z8y7S3QVNJxynj2d/47RB+uEyui9wKpdIB6dqWe5pJ890UJDV4Fz1gvxcu48mEVJNyJWuLfdRijMavI3XRD0I6vUj0zDgC2U5o2IUDzuJ5cpRk+MjDzh80ivFbCw0J+BxBi7sBja53g+il1g6/ypCnd/N2wG6VVV9iXH/QyZYyX16m/zmA1CvvAGudVhmX1QE=&p=Cache-Control: no-cacheMS-CV: 51NbriJLSEy2kRtB.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234102Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=49fe06eee9094f39b23d0ff04432b0d6&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513821&metered=false&nettype=ethernet&npid=sc-338389&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513821&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZJq+lu95X7pNl6HQ9fa+YxtBqwDr7SKdflzrXvKprdVOFeODzaURSY69A9K7+Bh90iZzIqEylUgcEC+HE3h/8boVCtd2LJO4T+lgJc26YCov3bKu1SZgg1kr9f18h4YW5Psx76VY/SpqcVtx+7hmr5tBgMl5lmepYtJkq6ArxDmrFbOshxLsmN4rO3/+jrIyWE8rO980T3j/IQwIB7gnucdZl+WB0FH1O4ENPpYjjBidRtVlYF4BJna2dYIB3tC4EuHR4GlDlYbeU+KwNyGtt7hTRfaYYIhWemlu31a9jXEdcX8sRCOjw/MUMN0utOxXn1LLwFK5kAFcnrwuwQ7sgUDZgAACBkhoqcRMLQeqAHjJ/7FO2MPToBxOYguFKLY8gu7/heFBy7XpbFoqqS0nGCqL8p5aTF6WbHpMpDO4tiCTBQBIEkqOmjvFzn39ALsa4bXw3hzEHuJz2Z86TFY5vCFdsY9r4V02vAXuIMUNiEDvsaUvPqGDbl9Lm56bv4AREYwUoa8KoLjfL/065Hk9ebwJ+YqGeQQ8cxrVK7/xM4FVBhbn6SxWZ9AeU5yyPeJ+pif50aorg8NfH446wuJSbMupNp40b4sd1DNHhagxFS9r4f9lhSMN2EuAredyTPt0//723p10X13TwmQEivovEOxEikm1lwttnlx3fgtqlqcpNwtfQuXgkooXc4G06DNbUkvVX5KDG4aEkZb5uk5GXYaTmwr2wUSPxoX1aeCdus6Za8XyuR+/kIYHeEceucuETbztXXyd/1oR5WgzQblfCCrVp8shz8VQJmoB+auCjb9iRlXbYWeigRilGAiVHndg5+MGuFnS90BmyOGDdMdhVAPb2XQciHH1sQLsnFq0TOecWBVznnvGvq2KctGzcJHDNP9W3RRvIf2Fqt0t3gKWzvizCWxwRCu1QE=&p=Cache-Control: no-cacheMS-CV: 51NbriJLSEy2kRtB.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234153Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8282445926a54eab8f11499a93c8d1de&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513822&metered=false&nettype=ethernet&npid=sc-338388&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513822&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWTgoqHjO5aJbbzxFht334Zi+ziJh9kNkHxTMAW6wtF8aT8VakbVgtRR/7W+laAsHqlMKDwm+p01IX+B/OjNb0juLQJvw3HBJDnAHKRkOzWE9DasBXVemvUoozZcpwSM9/V3K+skDtv6fcTB23W5eFQ6vRki6EXxDZrj4geDDVMKQqesrDw/m6p+Rmt/p7ozRCt90JsBPSwVYD9zAlHQTd7hbi3G07Qm04GvvISHqHcJ2uLSsxENNgLhhGbt2H99JOPtu8RT/qNDqhtnk/ZTocudbe5SKXbrwv/aVQZmnmAQ+KP4CzFFc5paxkNeOlkAFvCpxCmKfiUhYvQmlf9xFaQDZgAACPo6XBZf8pxTqAFib3/swDuq7KiKPCPTeUiX7wfesfMjGbdxkjgDco+jHKnPQJXfhq43l3e222tPt31AWjz6zrKhmLI7kNrjydSqhoPDI3lkbHbDQmJ9ZBgIrhWJHIZxEgr7e/7JMBv0pWtbfSUJs5lUdkk4dRDEepE6NaYpS+/jf6a/qG4p7qH2S0SCKEHzuKm/aIukHQySnMqV/3TT04n2iLi1LsgogOdkx+2vQzUKaAbgES/fMEivaZtlL5auI7Tv/WJpGwyZAP28cVkW8Vb8CBvPL2VvkJiOm+zSGuu0uLEinpghsWiCMKmEZbnSIKvyjhHfnaTL5/SWfjy3Wg29TTTKK84wBYYyk4wsAeVIOp9Q/b2Vh9M6PDmhCcyWRvMgC5Z8y7S3QVNJxynj2d/47RB+uEyui9wKpdIB6dqWe5pJ890UJDV4Fz1gvxcu48mEVJNyJWuLfdRijMavI3XRD0I6vUj0zDgC2U5o2IUDzuJ5cpRk+MjDzh80ivFbCw0J+BxBi7sBja53g+il1g6/ypCnd/N2wG6VVV9iXH/QyZYyX16m/zmA1CvvAGudVhmX1QE=&p=Cache-Control: no-cacheMS-CV: He1LaEZc906IvoJg.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234153Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=5f8fb2a985294cc2931cfee1fb79b597&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513822&metered=false&nettype=ethernet&npid=sc-338387&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&rver=2&sc-mode=0&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513822&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWTgoqHjO5aJbbzxFht334Zi+ziJh9kNkHxTMAW6wtF8aT8VakbVgtRR/7W+laAsHqlMKDwm+p01IX+B/OjNb0juLQJvw3HBJDnAHKRkOzWE9DasBXVemvUoozZcpwSM9/V3K+skDtv6fcTB23W5eFQ6vRki6EXxDZrj4geDDVMKQqesrDw/m6p+Rmt/p7ozRCt90JsBPSwVYD9zAlHQTd7hbi3G07Qm04GvvISHqHcJ2uLSsxENNgLhhGbt2H99JOPtu8RT/qNDqhtnk/ZTocudbe5SKXbrwv/aVQZmnmAQ+KP4CzFFc5paxkNeOlkAFvCpxCmKfiUhYvQmlf9xFaQDZgAACPo6XBZf8pxTqAFib3/swDuq7KiKPCPTeUiX7wfesfMjGbdxkjgDco+jHKnPQJXfhq43l3e222tPt31AWjz6zrKhmLI7kNrjydSqhoPDI3lkbHbDQmJ9ZBgIrhWJHIZxEgr7e/7JMBv0pWtbfSUJs5lUdkk4dRDEepE6NaYpS+/jf6a/qG4p7qH2S0SCKEHzuKm/aIukHQySnMqV/3TT04n2iLi1LsgogOdkx+2vQzUKaAbgES/fMEivaZtlL5auI7Tv/WJpGwyZAP28cVkW8Vb8CBvPL2VvkJiOm+zSGuu0uLEinpghsWiCMKmEZbnSIKvyjhHfnaTL5/SWfjy3Wg29TTTKK84wBYYyk4wsAeVIOp9Q/b2Vh9M6PDmhCcyWRvMgC5Z8y7S3QVNJxynj2d/47RB+uEyui9wKpdIB6dqWe5pJ890UJDV4Fz1gvxcu48mEVJNyJWuLfdRijMavI3XRD0I6vUj0zDgC2U5o2IUDzuJ5cpRk+MjDzh80ivFbCw0J+BxBi7sBja53g+il1g6/ypCnd/N2wG6VVV9iXH/QyZYyX16m/zmA1CvvAGudVhmX1QE=&p=Cache-Control: no-cacheMS-CV: He1LaEZc906IvoJg.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4NUV2?ver=7773 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWTbti?ver=ef43 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWP0UC?ver=2f44 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWToiE?ver=a25e HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWP8kk?ver=8c62 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4O881?ver=cda9 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234233Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b421f3b73bf64b279bb057f3fcb21d43&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513822&metered=false&nettype=ethernet&npid=sc-310091&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513822&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWTgoqHjO5aJbbzxFht334Zi+ziJh9kNkHxTMAW6wtF8aT8VakbVgtRR/7W+laAsHqlMKDwm+p01IX+B/OjNb0juLQJvw3HBJDnAHKRkOzWE9DasBXVemvUoozZcpwSM9/V3K+skDtv6fcTB23W5eFQ6vRki6EXxDZrj4geDDVMKQqesrDw/m6p+Rmt/p7ozRCt90JsBPSwVYD9zAlHQTd7hbi3G07Qm04GvvISHqHcJ2uLSsxENNgLhhGbt2H99JOPtu8RT/qNDqhtnk/ZTocudbe5SKXbrwv/aVQZmnmAQ+KP4CzFFc5paxkNeOlkAFvCpxCmKfiUhYvQmlf9xFaQDZgAACPo6XBZf8pxTqAFib3/swDuq7KiKPCPTeUiX7wfesfMjGbdxkjgDco+jHKnPQJXfhq43l3e222tPt31AWjz6zrKhmLI7kNrjydSqhoPDI3lkbHbDQmJ9ZBgIrhWJHIZxEgr7e/7JMBv0pWtbfSUJs5lUdkk4dRDEepE6NaYpS+/jf6a/qG4p7qH2S0SCKEHzuKm/aIukHQySnMqV/3TT04n2iLi1LsgogOdkx+2vQzUKaAbgES/fMEivaZtlL5auI7Tv/WJpGwyZAP28cVkW8Vb8CBvPL2VvkJiOm+zSGuu0uLEinpghsWiCMKmEZbnSIKvyjhHfnaTL5/SWfjy3Wg29TTTKK84wBYYyk4wsAeVIOp9Q/b2Vh9M6PDmhCcyWRvMgC5Z8y7S3QVNJxynj2d/47RB+uEyui9wKpdIB6dqWe5pJ890UJDV4Fz1gvxcu48mEVJNyJWuLfdRijMavI3XRD0I6vUj0zDgC2U5o2IUDzuJ5cpRk+MjDzh80ivFbCw0J+BxBi7sBja53g+il1g6/ypCnd/N2wG6VVV9iXH/QyZYyX16m/zmA1CvvAGudVhmX1QE=&p=Cache-Control: no-cacheMS-CV: 919nfyGIMEqSATjt.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234159Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234200Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234203Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234204Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234205Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234206Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234206Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9N0866FS04W8&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234207Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ10M&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234211Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=SpotifyAB.SpotifyMusic_zpdnekdrzrea0&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: a+aDGy4QZUmT9frB.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ140&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234213Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NC2FBTHCJV8&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234214Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH1CQ7L&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234215Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220513T234218Z&asid=96a00e7ca670484394eddd41299265ad&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ3P2&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234225Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.YourPhone_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: G4vVtjIdL0a31TDZ.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234226Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234227Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234227Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234228Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234229Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234230Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=7bec372b597946cbad28f765598f20a1&time=20220513T234232Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=8ce9b9da1ac94116b168bdc7e1c8c748&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220513T234233Z&asid=7bec372b597946cbad28f765598f20a1&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.BingNews_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: z+KSf1Xo7ECIHjeD.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 4paMujjoOEWqthdS.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400091688&UIT=P-&TargetID=700129702&AN=475668169&PG=PC000P0FR5.0000000IRT&REQASID=8282445926A54EAB8F11499A93C8D1DE&UNID=338388&ASID=2359e473635343e285fa70e4646568eb&PERSID=DBDE13DC697F71846A990CDFDC016FBD&GLOBALDEVICEID=6755432004667435&LOCALID=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&DS_EVTID=8a834bbf089348c1b3bfe0d1c305e09e&DEVOSVER=10.0.17134.1&REQT=20220513T144155&TIME=20220513T234233Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Disney.37853FC22B2CE_6rarf9sa4v8jt&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: OYIAGZ3Ba0yxtazQ.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400091688&UIT=P-&TargetID=700129702&AN=475668169&PG=PC000P0FR5.0000000IRT&REQASID=8282445926A54EAB8F11499A93C8D1DE&UNID=338388&ASID=2359e473635343e285fa70e4646568eb&PERSID=DBDE13DC697F71846A990CDFDC016FBD&GLOBALDEVICEID=6755432004667435&LOCALID=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&DS_EVTID=8a834bbf089348c1b3bfe0d1c305e09e&DEVOSVER=10.0.17134.1&REQT=20220513T144155&TIME=20220513T234235Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=BytedancePte.Ltd.TikTok_6yccndn6064se&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: F8WOXbHDHUayZpw0.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: plOefSutbEmQVB6v.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AmazonVideo.PrimeVideo_pwbj9vvecjh7j&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 17oDSGofsUSnd458.0.2.4Host: displaycatalog.mp.microsoft.com

Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.219.60:443 -> 192.168.2.3:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.4.86:443 -> 192.168.2.3:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.3:49921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.3:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.3:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.3:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.3:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.3:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.3:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.3:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.3:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49981 version: TLS 1.2

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\#Ud83d#Udcde_0072520589037.html (2).html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,14513621473907241117,5746487209409969036,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,14513621473907241117,5746487209409969036,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-627EEC50-1674.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\e834dbff-473a-450b-8b3c-8ba045887e18.tmp

Jump to behavior

Source: classification engine

Classification label: mal76.phis.winHTML@34/139@14/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Drive-by Compromise	1 Scripting	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Scripting	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5748_321233161\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
rimorecndappz.firebaseapp.com	0%	Virustotal	Browse
sni1gl.wpc.alphacdn.net	0%	Virustotal	Browse
etools.page	1%	Virustotal	Browse
part-0032.t-0009.fbs1-t-msedge.net	0%	Virustotal	Browse
valdia.quatiappcn.pw	12%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301649697231.js	0%	Avira URL Cloud	safe
https://valdia.quatiappcn.pw/625461d8a89ccb628021247f.js	100%	Avira URL Cloud	phishing
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/css/972bc60054973fc87bffb8ba3c0492fanbr1649697239.css	0%	Avira URL Cloud	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/e4fc5ba74141b5f241e5a39205ad7cea.js	0%	Avira URL Cloud	safe
https://etools.page/re/Zk5RTCthaVRLSXFCbGMxbGZoc0paWi9GZTNoUUVzekJWUmtmOHVhdmZvQTBoclU1Z0s0OG44SlQ0b3BxckdWRDNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ	100%	Avira URL Cloud	phishing
https://dns.google	0%	URL Reputation	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.js	0%	Avira URL Cloud	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/ellipsis_white.svg	0%	Avira URL Cloud	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/microsoft_logo.svg	0%	Avira URL Cloud	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/css/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.css	0%	Avira URL Cloud	safe
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/ellipsis_grey.svg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
accounts.google.com	142.250.186.77	true	false		high
rimorecndappz.firebaseapp.com	199.36.158.100	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
bit.ly	67.199.248.10	true	false		high
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	142.250.185.238	true	false		high
unpkg.com	104.16.126.175	true	false		high
etools.page	188.114.96.10	true	false	1%, Virustotal, Browse	unknown
part-0032.t-0009.fbs1-t-msedge.net	13.107.219.60	true	false	0%, Virustotal, Browse	unknown
valdia.quatiappcn.pw	188.114.97.10	true	true	12%, Virustotal, Browse	unknown
signup.live.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
secure.aadcdn.microsoftonline-p.com	unknown	unknown	false		unknown
fpt.live.com	unknown	unknown	false		high
acctcdn.msftauth.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js	false		high
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301649697231.js	false	Avira URL Cloud: safe	unknown
https://fpt.live.com/?session_id=4ce4b873b77d49859b565ee66e549405&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU	false		high
https://valdia.quatiappcn.pw/625461d8a89ccb628021247f.js	true	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v3?s=95MAPGmhKfBJjSxMmqDJPtiAL6eg72D3bI%2BCaf1kyarI7KW7ucndN6WaU32DvrX7dyJv3JqORNP11YtVIE8hX%2FpvuKPG7wPfXtRCltHfhVcUoy9cpCsXL5MAmw158Q%3D%3D	false		high
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/css/972bc60054973fc87bffb8ba3c0492fanbr1649697239.css	false	Avira URL Cloud: safe	unknown
https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	false		high
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/e4fc5ba74141b5f241e5a39205ad7cea.js	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js	false		high
https://etools.page/re/Zk5RTCthaVRLSXFCbGMxbGZoc0paWi9GZTNoUUVzekJWUmtmOHVhdmZvQTBoclU1Z0s0OG44SlQ0b3BxckdWRDNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ	true	Avira URL Cloud: phishing	unknown
https://unpkg.com/vue@2.6.11/dist/vue.min.js	false		high
https://unpkg.com/lodash@4.17.4/lodash.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.js	false	Avira URL Cloud: safe	unknown
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/ellipsis_white.svg	false	Avira URL Cloud: safe	unknown
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/microsoft_logo.svg	false	Avira URL Cloud: safe	unknown
https://bit.ly/3iynvOz	false		high
https://unpkg.com/vue-router@2.7.0/dist/vue-router.min.js	false		high
https://a.nel.cloudflare.com/report/v3?s=3WKZ3rGhLd%2FhRN7XvyF42eaxr21QV9X76kewrB4SFly7ipEZGShz5m7iHf36lOjoHdFWndGbAgHdNdquNuWB7Jk%2BNjAZnYQAYBUcmIec596WHlSO1fD8UesPY%2B1PKg%3D%3D	false		high
https://unpkg.com/axios@0.16.1/dist/axios.min.js	false		high
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/css/ac9d501254e3d7e326d2bb25eda4669bnbr1649697239.css	false	Avira URL Cloud: safe	unknown
https://rimorecndappz.firebaseapp.com/cvnmkyjthrsdgvzx/themes/imgs/ellipsis_grey.svg	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com/images/cleardot.gif	craw_window.js.0.dr	false		high
https://play.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.0.dr	false		high
https://www.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://accounts.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://apis.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.0.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://clients2.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://dns.google	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, 9b9bb0a8-e5e6-4831-90e8-c6c5dec5a45d.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr, 1a740594-65fd-4ef0-8aee-c8eb20d41298.tmp.1.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.0.dr	false		high
https://ogs.google.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.0.dr	false		high
http://llvm.org/):	pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry%s:	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://clients2.googleusercontent.com	fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.0.dr, manifest.json.0.dr, manifest.json2.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.219.60	part-0032.t-0009.fbs1-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
188.114.97.10	valdia.quatiappcn.pw	European Union	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
67.199.248.10	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false
142.250.186.77	accounts.google.com	United States	15169	GOOGLEUS	false
188.114.96.10	etools.page	European Union	13335	CLOUDFLARENETUS	false
142.250.185.238	clients.l.google.com	United States	15169	GOOGLEUS	false
199.36.158.100	rimorecndappz.firebaseapp.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
104.16.126.175	unpkg.com	United States	13335	CLOUDFLARENETUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
192.168.2.3
192.168.2.23
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	626143
Start date and time: 13/05/202216:38:49	2022-05-13 16:38:49 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 3s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	#Ud83d#Udcde_0072520589037.html (2).html
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.winHTML@34/139@14/16
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Adjust boot time Enable AMSI Browse: https://bit.ly/3iynvOz

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 142.250.184.206, 142.250.185.99, 173.194.160.71, 173.194.160.72, 142.250.186.42, 2.20.16.227, 13.107.42.22, 40.126.32.69, 40.126.32.67, 20.190.160.15, 20.190.160.23, 40.126.32.75, 20.190.160.21, 40.126.32.139, 20.190.160.13, 173.222.108.210, 23.203.70.208, 23.211.5.92, 142.250.74.202, 52.167.30.171, 142.250.186.163, 142.250.185.195, 40.126.32.132, 40.126.32.135, 20.190.160.12, 74.125.162.10, 173.194.160.73, 20.42.65.88, 74.125.108.199, 74.125.108.202, 74.125.108.198, 74.125.108.200
Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, pme-greenid-prod.trafficmanager.net, www.tm.lg.prod.aadmsa.akadns.net, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, r3---sn-1gi7znek.gvt1.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, login.live.com, update.googleapis.com, acctcdnvzeuno.azureedge.net, www.gstatic.com, acctcdnvzeuno.ec.azureedge.net, global-entry-afdthirdparty-fallback.trafficmanager.net, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, aadcdn.msauth.net, r2---sn-1gi7znek.gvt1.com, ris.api.iris.microsoft.com, r4---sn-1gi7znes.gvt1.com, store-images.s-microsoft.com, aadcdnoriginwus2.afd.azureedge.net, fpt.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, acctcdn.msauth.net, arc.msn.c
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	high, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: https://valdia.quatiappcn.pw/625461d8a89ccb628021247f.js	Avira URL Cloud: Label: phishing
Source: https://etools.page/re/Zk5RTCthaVRLSXFCbGMxbGZoc0paWi9GZTNoUUVzekJWUmtmOHVhdmZvQTBoclU1Z0s0OG44SlQ0b3BxckdWRDNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ	Avira URL Cloud: Label: phishing

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udcde_0072520589037.html%20(2).html?bbre=VdUqEDcLfBloAyJTgmvXHkuxPi#/ZdLHNDvKfgIoJFixbc-!&IGHTxc2gqOrD3SKR1uP6EA&!@fWDbQwky08STFaG&!@-rross@parxcasino.com-ZiQMoDGTzItkqundNwUWsBrOeSRK/CKtGWhlipEZNkFU	Matcher: Found strong image similarity, brand: Microsoft image: 28179.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udcde_0072520589037.html%20(2).html?bbre=VdUqEDcLfBloAyJTgmvXHkuxPi#/ZdLHNDvKfgIoJFixbc-!&IGHTxc2gqOrD3SKR1uP6EA&!@fWDbQwky08STFaG&!@-rross@parxcasino.com-ZiQMoDGTzItkqundNwUWsBrOeSRK/CKtGWhlipEZNkFU	Matcher: Found strong image similarity, brand: Microsoft image: 40923.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: Iframe src: https://fpt.live.com/?session_id=4ce4b873b77d49859b565ee66e549405&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: Iframe src: https://fpt.live.com/?session_id=4ce4b873b77d49859b565ee66e549405&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: HTML title missing
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: HTML title missing

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: Number of links: 0

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: No <meta name="author".. found

Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&amp%3bamp%3brpsnv=13&amp%3bam&lic=1&uaid=4ce4b873b77d49859b565ee66e549405	HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: Joe Sandbox View	IP Address: 13.107.219.60 13.107.219.60
Source: Joe Sandbox View	IP Address: 188.114.97.10 188.114.97.10
Source: Joe Sandbox View	IP Address: 188.114.97.10 188.114.97.10

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115

Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://ajax.googleapis.com
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr, manifest.json.0.dr, manifest.json2.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, 9b9bb0a8-e5e6-4831-90e8-c6c5dec5a45d.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr, 1a740594-65fd-4ef0-8aee-c8eb20d41298.tmp.1.dr	String found in binary or memory: https://dns.google
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://r2---sn-1gi7znes.gvt1.com
Source: 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: fb46522c-0b15-4ebb-b0a1-a3b0c0bfe1eb.tmp.1.dr, 8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp.1.dr, bb5694a4-f670-4ffe-b51c-2fa3e4a60ee5.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

File type:	HTML document, ASCII text, with very long lines, with no line terminators
Entropy (8bit):	5.8700402268189125
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	#Ud83d#Udcde_0072520589037.html (2).html
File size:	7795
MD5:	ba279617f88ed684dcc348066f8930b1
SHA1:	8aa70edba45e04805c7f08188a5a689e2eac0687
SHA256:	d8ff2148078fbbdd1b5b40bd2b3137a0caafb7f66ad0542f527d4a98cf94b8d3
SHA512:	e21cc6be3be788bb2724d269d0deda459f27f48b3c6d31216e49f80e75d620a88f726b824f69c6da650e101201c620f3533eb61024d33b459c869907c6629732
SSDEEP:	192:StmlcUJf4HrQqGNPuTLkDSlrtL3fe8YafHiGrM:PlBf4HMqGtuTwDSlJPTHPvA
TLSH:	97F10AB564CA3D1C8E2863F8BC917A2917DECE73753228760AF40D4B1CE4ACE7461A95
File Content Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta name="viewport" content="width=device-width initial-scale=1 user-scalable=no maximum-scale=1" /><title>QLYMTvjilazSPZ8EeKRXF</title><meta name="robots" cont

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 13, 2022 16:39:52.602721930 CEST	49693	443	192.168.2.3	40.126.31.143
May 13, 2022 16:39:52.617383003 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.617425919 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.617521048 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.617607117 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.617656946 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.617723942 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.625159979 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.625190973 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.625296116 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.625324011 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.776154995 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.776299000 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:52.777245998 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:52.777362108 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.157655001 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.157800913 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.157845020 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.157879114 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.157951117 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.157973051 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.158027887 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.158055067 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.158066988 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.163585901 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.163623095 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.163985968 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.164077997 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.165442944 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.165873051 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.165904045 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.166068077 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.166079998 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.166141033 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.166208029 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.185080051 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185122967 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185148954 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185298920 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185329914 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185415030 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185441971 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185657024 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185688972 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185715914 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185812950 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185878038 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.185908079 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186052084 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186132908 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186161995 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186256886 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186283112 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186304092 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.186429977 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186531067 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186611891 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186638117 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186806917 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.186845064 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187000036 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187041044 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187102079 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187129974 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187156916 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187184095 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187211990 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187241077 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187290907 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.187417984 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187448025 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187596083 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187633991 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187798023 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187844038 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.187939882 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.212496042 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.254337072 CEST	443	49688	131.253.33.200	192.168.2.3
May 13, 2022 16:39:53.254560947 CEST	49688	443	192.168.2.3	131.253.33.200
May 13, 2022 16:39:53.310251951 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.310357094 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.310451984 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.310513020 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.311795950 CEST	49702	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.311819077 CEST	443	49702	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.321541071 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.321576118 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.321598053 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.321670055 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.321701050 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.321753979 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.321791887 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.366303921 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.366328955 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.366457939 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.366482973 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.366497993 CEST	443	49703	20.82.210.154	192.168.2.3
May 13, 2022 16:39:53.366586924 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.366624117 CEST	49703	443	192.168.2.3	20.82.210.154
May 13, 2022 16:39:53.410902023 CEST	443	49703	20.82.210.154	192.168.2.3

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 13, 2022 16:39:53.053314924 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:39:53.805923939 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:39:54.556128025 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:39:55.321743965 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:39:56.087486029 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:04.523827076 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:04.538055897 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:04.543699980 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:05.276196957 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:05.288181067 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:05.294215918 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:05.929265022 CEST	65358	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:05.936002970 CEST	49873	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:05.946625948 CEST	53	65358	8.8.8.8	192.168.2.3
May 13, 2022 16:40:05.953609943 CEST	53	49873	8.8.8.8	192.168.2.3
May 13, 2022 16:40:06.023680925 CEST	53802	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:06.027214050 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:06.038661957 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:06.044753075 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:06.046420097 CEST	53	53802	8.8.8.8	192.168.2.3
May 13, 2022 16:40:09.039407015 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:09.046845913 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:09.052912951 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:09.641314030 CEST	64452	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:09.667335033 CEST	53	64452	8.8.8.8	192.168.2.3
May 13, 2022 16:40:09.789681911 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:09.797696114 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:09.808701038 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:10.438188076 CEST	61380	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:10.460453033 CEST	53	61380	8.8.8.8	192.168.2.3
May 13, 2022 16:40:10.541683912 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:10.549825907 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:10.561690092 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:11.394009113 CEST	63146	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:11.417355061 CEST	53	63146	8.8.8.8	192.168.2.3
May 13, 2022 16:40:11.831042051 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:12.582511902 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:13.257036924 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:13.338602066 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:14.019665003 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:14.371581078 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:14.771605968 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:15.122720003 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:15.873771906 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:22.932523966 CEST	59795	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:22.964126110 CEST	53	59795	8.8.8.8	192.168.2.3
May 13, 2022 16:40:23.669008017 CEST	59390	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:23.823159933 CEST	64816	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:23.847883940 CEST	53	64816	8.8.8.8	192.168.2.3
May 13, 2022 16:40:27.497977018 CEST	64996	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:27.526654959 CEST	53	64996	8.8.8.8	192.168.2.3
May 13, 2022 16:40:42.716161966 CEST	60640	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:42.734848976 CEST	53	60640	8.8.8.8	192.168.2.3
May 13, 2022 16:40:43.053803921 CEST	49844	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:44.439919949 CEST	50152	53	192.168.2.3	8.8.8.8
May 13, 2022 16:40:45.290072918 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:46.043689013 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:46.794038057 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:40:46.895973921 CEST	55403	53	192.168.2.3	8.8.8.8
May 13, 2022 16:41:02.674336910 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:41:03.410587072 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:41:04.160923004 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:41:57.177463055 CEST	138	138	192.168.2.3	192.168.2.255
May 13, 2022 16:43:21.222980976 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:43:21.984880924 CEST	137	137	192.168.2.3	192.168.2.255
May 13, 2022 16:43:22.750123978 CEST	137	137	192.168.2.3	192.168.2.255

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:39:53 UTC	0	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163157Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=eaf309383a404eb58faf19c69c943f89&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6 Cache-Control: no-cache MS-CV: rDozWvWpOkiVUKUq.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-13 14:39:53 UTC	3	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=948 Content-Length: 53755 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"2,P425106554-T700342084-C128000000001392709+B+P80+S1,P425106558-T700342085-C128000000001392729+B+P80+S2"},{"BATCH_REDIRECT_STORE":"1,BB_9NXQXXLFST89_9WZDNCRFHVFW_9WZDNCRFJ3P2_9NCBCSZSJRSB_9NMPJ99VJBWV_9NBLGGH5FV99_9WZDNCRDFNG7+P0+S0"},{"BATCH_REDIRECT_STORE":"1,BB_9NBLGGGZM6WM_9WZDNCRFHWD2_9NH2GPH4JZS4_9NBLGGH6J6VK_9P6RC76MSMMJ_9WZDNCRFJ27N_9N0866FS04W8_9WZDNCRFJ10M_9WZDNCRFJ140_9NC2FBTHCJV8_9NBLGGH1CQ7L+P0+S0"},{"OPTOUTSTATE":"256"}] X-ARC-SIG: mitBl/o6NVgAlpWKlHVAyDkNm62oxqEo4CDZuoGn44TFIe2Pybc9U1YLH7fQyscdlVNXQbmDQQF7wt78JU+NZYcET3AWl+KhhHKoaHLGNCWsJC8+PLrD2oAgDCQPq/M4EVN4SYU8gR0iQjH06IneWxC64hylTZadpSs21rQBoFPgQy+xUqZdz4OUZATwzKRGqYDBlh+agoT+358yKeqW9x2R3LzNpTi15v85cS24mg70ZLN8zQgynrQcU3X3/GxpZnOHcuOOvIYkVqiSzD5S2aeHzgk40lj/NCQS3/mw3xoNh2u5k6WL4DiszpYNyGYKxCxSzvEQuat9NBcjEA2aJQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 13 May 2022 14:39:52 GMT Connection: close
2022-05-13 14:39:53 UTC	4	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 73 74 6f 72 65 43 61 6d 70 61 69 67 6e 49 64 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 74 65 78 74 5c 22 2c 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 7d 2c 5c 22 69 6e 73 74 61 6c 6c 41 70 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 62 6f 6f 6c 65 61 6e 5c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"u\":\"SubscribedContent\",\"c\":\"CDM\"}],\"ad\":{\"itemPropertyManifest\":{\"storeCampaignId\":{\"type\":\"text\",\"isOptional\":true},\"installApp\":{\"type\":\"boolean\
2022-05-13 14:39:53 UTC	19	IN	Data Raw: 22 3a 5c 22 63 6c 69 63 6b 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 5c 22 75 72 69 5c 22 3a 5c 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 5c 2f 5c 2f 70 64 70 5c 2f 3f 70 72 6f 64 75 63 74 69 64 3d 39 6e 62 6c 67 67 68 35 66 76 39 39 26 6f 63 69 64 3d 65 6d 73 2e 64 63 6f 2e 73 74 61 72 74 70 72 6f 67 72 61 6d 6d 61 62 6c 65 26 63 63 69 64 3d 38 63 65 39 62 39 64 61 31 61 63 39 34 31 31 36 62 31 36 38 62 64 63 37 65 31 63 38 63 37 34 38 26 63 69 64 3d 6d 73 66 74 5f 31 5c 22 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6c 61 75 6e 63 68 55 72 69 5c 22 7d 2c 5c 22 6f 6e 52 65 6e 64 65 72 5c 22 3a 7b 5c 22 65 76 65 6e 74 5c 22 3a 5c 22 6f 70 70 6f 72 74 75 6e 69 74 79 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 7d 2c Data Ascii: ":\"click\",\"parameters\":{\"uri\":\"ms-windows-store:\/\/pdp\/?productid=9nblggh5fv99&ocid=ems.dco.startprogrammable&ccid=8ce9b9da1ac94116b168bdc7e1c8c748&cid=msft_1\"},\"action\":\"launchUri\"},\"onRender\":{\"event\":\"opportunity\",\"parameters\":{},
2022-05-13 14:39:53 UTC	35	IN	Data Raw: 74 70 72 6f 67 72 61 6d 6d 61 62 6c 65 26 63 63 69 64 3d 39 30 61 39 33 35 31 39 34 38 63 39 34 34 31 39 38 32 33 62 32 31 61 34 66 63 64 33 62 32 63 31 26 63 69 64 3d 6d 73 66 74 5f 31 5c 22 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6c 61 75 6e 63 68 55 72 69 5c 22 7d 2c 5c 22 6f 6e 52 65 6e 64 65 72 5c 22 3a 7b 5c 22 65 76 65 6e 74 5c 22 3a 5c 22 6f 70 70 6f 72 74 75 6e 69 74 79 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6e 6f 4f 70 5c 22 7d 2c 5c 22 73 68 6f 77 4e 61 6d 65 4f 6e 4d 65 64 69 75 6d 54 69 6c 65 5c 22 3a 7b 5c 22 62 6f 6f 6c 5c 22 3a 74 72 75 65 7d 2c 5c 22 73 68 6f 77 4e 61 6d 65 4f 6e 57 69 64 65 54 69 6c 65 5c 22 3a 7b 5c 22 62 6f 6f 6c 5c 22 3a 74 72 75 65 7d 2c 5c 22 73 68 Data Ascii: tprogrammable&ccid=90a9351948c94419823b21a4fcd3b2c1&cid=msft_1\"},\"action\":\"launchUri\"},\"onRender\":{\"event\":\"opportunity\",\"parameters\":{},\"action\":\"noOp\"},\"showNameOnMediumTile\":{\"bool\":true},\"showNameOnWideTile\":{\"bool\":true},\"sh
2022-05-13 14:39:53 UTC	51	IN	Data Raw: 64 38 31 2d 31 33 31 39 36 66 35 62 61 66 30 30 3f 66 6f 72 6d 61 74 3d 73 6f 75 72 63 65 5c 22 2c 5c 22 77 69 64 74 68 5c 22 3a 31 34 32 2c 5c 22 68 65 69 67 68 74 5c 22 3a 31 34 32 2c 5c 22 73 68 61 32 35 36 5c 22 3a 5c 22 51 50 5c 2f 4a 45 48 4a 59 57 39 38 6d 36 39 4f 4a 4c 42 42 30 59 48 33 64 78 49 6a 70 75 6d 59 72 74 74 4c 46 38 62 66 5c 2f 33 66 77 3d 5c 22 2c 5c 22 66 69 6c 65 53 69 7a 65 5c 22 3a 31 37 30 31 38 7d 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 5c 22 3a 7b 5c 22 6e 75 6d 62 65 72 5c 22 3a 32 2e 30 7d 2c 5c 22 6d 65 64 69 75 6d 54 69 6c 65 5c 22 3a 7b 5c 22 69 6d 61 67 65 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 5c 2f 69 6d 61 67 65 5c 2f 61 70 70 73 Data Ascii: d81-13196f5baf00?format=source\",\"width\":142,\"height\":142,\"sha256\":\"QP\/JEHJYW98m69OJLBB0YH3dxIjpumYrttLF8bf\/3fw=\",\"fileSize\":17018},\"collection\":{\"number\":2.0},\"mediumTile\":{\"image\":\"https:\/\/store-images.s-microsoft.com\/image\/apps

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:39:58 UTC	95	OUT	GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-13 14:39:58 UTC	104	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 37622 Content-Type: image/png Last-Modified: Thu, 30 Sep 2021 03:30:15 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDk4M0MyOUU1MTM1NDQ" MS-CV: YXEQRcwIqUCuqc/O.0 Access-Control-Expose-Headers: MS-CV Date: Fri, 13 May 2022 14:39:58 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-13 14:39:58 UTC	104	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 92 bd 49 44 41 54 78 01 ec 9a 81 6e db 38 10 44 09 20 52 72 69 3e e3 92 d8 76 74 77 ff ff 75 e7 68 db 07 25 43 10 cb 2e 49 cb 85 81 01 31 5a 53 6e 52 e8 65 96 a4 d2 c3 f4 77 56 93 68 36 a9 e6 d7 ad 5f f5 f6 45 8f 5b 6f a2 6e 66 80 0e ab de 37 3a 4c 4f ef ab 0e 95 3a ae c2 33 22 8a 36 d6 eb 2e fd af de 88 a2 53 f3 45 8f 87 e9 d1 cc fb 74 d1 cf e2 db 30 f1 c0 63 50 da 50 87 31 e4 1c f8 a1 f9 6d 45 51 f0 13 35 41 ce 28 92 ca 6a 80 aa bb 8e 5b df 4e a7 e9 af 5c 05 23 e3 c6 9c 4c e8 52 b7 2f b1 4f b3 d3 0a 77 71 2f f5 ef 5f a5 33 a9 c4 a5 b0 f5 95 20 ba 3e 54 d3 65 7c 6a 0f a4 c9 7c 02 3f c0 9b 31 25 59 e8 99 ca bc 61 02 7a 7a fb 8c 2c 23 cd 08 24 c4 6c c4 Data Ascii: PNGIHDR,,"IDATxn8D Rri>vtwuh%C.I1ZSnRewVh6_E[onf7:LO:3"6.SEt0cPP1mEQ5A(j[N\#LR/Owq/_3 >Te\|j\|?1%Yazz,#$l
2022-05-13 14:39:58 UTC	126	IN	Data Raw: 9f 09 6e 39 ec 8d 6c 41 04 8c 2d f5 1d b9 88 b9 d6 9f 16 88 54 87 ed 3b 62 fb 0e 8e cc 43 c9 e0 f6 4e 55 91 0f 4c a7 48 31 8c 02 45 d8 ae a2 a8 ca 09 20 81 a5 90 0e 42 d9 4e 42 e9 8a 44 b3 b7 3a 7c f2 4a ab b1 56 d3 75 92 3c a2 e3 ed 32 48 2e 01 a1 08 bd f8 30 f6 2c 10 c8 ea 59 09 36 17 a8 d3 ae fd d8 ed 2e 75 04 be 99 ad 61 83 26 fd 92 96 6e a7 c8 41 f2 7f cd 83 d2 0f c4 89 6f d9 38 95 3d 15 42 f2 8e b2 94 6c a6 2d 8b a1 fb fc e6 2c df 52 b5 6f 64 87 c5 80 2b 37 ee 7b 77 0b 43 bb f4 9f 8d 91 af fc d8 75 e0 2c 83 27 5b 99 38 4a 90 f4 19 b1 90 fe 84 2b eb df db d1 2f ef df 8d 1d 64 e4 94 55 ec 20 69 b3 06 e2 5a c7 57 7e 2c 5c b5 07 07 84 a5 a5 23 93 49 17 03 28 5b f0 96 6f 90 c1 73 2e d7 a0 6b 81 6a 6d 25 3f 16 e2 71 60 6d f4 55 35 8c 24 7a 21 bb aa 7b ee Data Ascii: n9lA-T;bCNULH1E BNBD:\|JVu<2H.0,Y6.ua&nAo8=Bl-,Rod+7{wCu,'[8J+/dU iZW~,\#I([os.kjm%?q`mU5$z!{
2022-05-13 14:39:58 UTC	134	IN	Data Raw: d9 34 35 ea 0e 87 2a 84 d9 dd e9 a7 04 66 d1 e4 c4 ef 3c 7b 29 7e be 40 37 81 53 39 67 f2 6a 9b a4 c9 9e f7 3a ee 01 78 f8 14 43 02 3b f1 cb 0a 9b d5 16 3d 6d 1c ab 11 91 37 0f 89 dd b3 1d 30 13 fe 6c ac ed 08 e0 58 0f 7b f2 9b da c7 f6 fc ed 1f 48 83 e5 6f 37 d2 53 17 6b b9 4f f2 d3 c4 87 8b 19 44 e4 90 04 52 ef e4 da f1 4d ad 6d c9 bd 73 e9 3f ea 11 9f 11 3c 6a 28 32 f8 05 0d d6 74 bf 70 b1 41 16 d9 a3 3a e7 74 23 0b 62 d3 38 26 f5 95 9d 25 ab c0 c0 0c 41 51 ea 2b 9c ac 0f 9e 5a dc a6 71 b3 d4 2f 02 c6 71 7b ae 34 8e 21 a2 59 37 b7 a3 43 dc c4 b8 aa 2e 73 a3 07 36 8f 4e ff f8 e7 bf a7 e6 59 54 4f 08 e2 26 29 18 44 53 4c e6 22 65 32 a2 b1 c4 fa b9 c7 1d 82 d2 79 3f 4a 56 3b 82 9b b0 c8 61 8c 62 bd a3 a0 b5 c4 19 7d 0f 32 eb 7e de f7 ee 8e 39 a5 e4 9f 66 Data Ascii: 45*f<{)~@7S9gj:xC;=m70lX{Ho7SkODRMms?<j(2tpA:t#b8&%AQ+Zq/q{4!Y7C.s6NYTO&)DSL"e2y?JV;ab}2~9f

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:33 UTC	10467	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220513T234233Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b421f3b73bf64b279bb057f3fcb21d43&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1513822&metered=false&nettype=ethernet&npid=sc-310091&oemName=qiylvt%2C%20Inc.&oemid=qiylvt%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=qiylvt7%2C1&tl=2&tsu=1513822&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6 X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWTgoqHjO5aJbbzxFht334Zi+ziJh9kNkHxTMAW6wtF8aT8VakbVgtRR/7W+laAsHqlMKDwm+p01IX+B/OjNb0juLQJvw3HBJDnAHKRkOzWE9DasBXVemvUoozZcpwSM9/V3K+skDtv6fcTB23W5eFQ6vRki6EXxDZrj4geDDVMKQqesrDw/m6p+Rmt/p7ozRCt90JsBPSwVYD9zAlHQTd7hbi3G07Qm04GvvISHqHcJ2uLSsxENNgLhhGbt2H99JOPtu8RT/qNDqhtnk/ZTocudbe5SKXbrwv/aVQZmnmAQ+KP4CzFFc5paxkNeOlkAFvCpxCmKfiUhYvQmlf9xFaQDZgAACPo6XBZf8pxTqAFib3/swDuq7KiKPCPTeUiX7wfesfMjGbdxkjgDco+jHKnPQJXfhq43l3e222tPt31AWjz6zrKhmLI7kNrjydSqhoPDI3lkbHbDQmJ9ZBgIrhWJHIZxEgr7e/7JMBv0pWtbfSUJs5lUdkk4dRDEepE6NaYpS+/jf6a/qG4p7qH2S0SCKEHzuKm/aIukHQySnMqV/3TT04n2iLi1LsgogOdkx+2vQzUKaAbgES/fMEivaZtlL5auI7Tv/WJpGwyZAP28cVkW8Vb8CBvPL2VvkJiOm+zSGuu0uLEinpghsWiCMKmEZbnSIKvyjhHfnaTL5/SWfjy3Wg29TTTKK84wBYYyk4wsAeVIOp9Q/b2Vh9M6PDmhCcyWRvMgC5Z8y7S3QVNJxynj2d/47RB+uEyui9wKpdIB6dqWe5pJ890UJDV4Fz1gvxcu48mEVJNyJWuLfdRijMavI3XRD0I6vUj0zDgC2U5o2IUDzuJ5cpRk+MjDzh80ivFbCw0J+BxBi7sBja53g+il1g6/ypCnd/N2wG6VVV9iXH/QyZYyX16m/zmA1CvvAGudVhmX1QE=&p= Cache-Control: no-cache MS-CV: 919nfyGIMEqSATjt.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-13 14:42:33 UTC	10469	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 167 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"OPTOUTSTATE":"256"}] X-ARC-SIG: R4AnOVY2AjcfLETrDLKrp8gR8P/85f+b1MwmHgqzPyQJXlcR8SaysnGF+FtEiF8mo6kA1YPNAN4tpFrO9C5TFfgsy5kAfzuxrE6QP7m+zwd2RuRHvfW2L3z83ZDAHCY7TqeQqazBRp6m5nlntJK7ZHrRbXvkkDP19YMZ1XWGZcj1SW2d2Wpa+DNVXP6oKjlGGCAU917GoQeaQ5umMyWMT3R/fH6zCBvxwaOYXXY1xC/bNrItGFAI+0SAxIKi7wEl4w6bblscgWKYCOsVd771VH0SmgSAdWC88oghTDO58898/tXltGXd8wezZrxLL/ZDdP9qFjwcmR228aTF8WoOTA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 13 May 2022 14:42:33 GMT Connection: close
2022-05-13 14:42:33 UTC	10470	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 2c 22 72 65 66 72 65 73 68 74 69 6d 65 22 3a 22 32 30 32 32 2d 30 35 2d 31 33 54 31 38 3a 34 32 3a 33 33 22 7d 7d Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}],"refreshtime":"2022-05-13T18:42:33"}}

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:47 UTC	10470	OUT	POST /v3/Delivery/Events/Impression HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Content-Length: 2788 Content-Type: text/plain; charset=UTF-8 Host: arc.msn.com Connection: Keep-Alive Cache-Control: no-cache
2022-05-13 14:42:47 UTC	10470	OUT	Data Raw: 50 49 44 3d 34 32 35 31 30 36 35 35 38 26 54 49 44 3d 37 30 30 33 34 32 30 38 35 26 43 49 44 3d 31 32 38 30 30 30 30 30 30 30 30 31 33 39 32 37 32 39 26 42 49 44 3d 31 35 31 30 39 31 36 38 32 30 26 50 47 3d 50 43 30 30 30 50 30 46 52 35 2e 30 30 30 30 30 30 30 49 51 38 26 54 50 49 44 3d 34 32 35 31 30 36 35 35 38 26 52 45 51 41 53 49 44 3d 45 41 46 33 30 39 33 38 33 41 34 30 34 45 42 35 38 46 41 46 31 39 43 36 39 43 39 34 33 46 38 39 26 41 53 49 44 3d 39 36 61 30 30 65 37 63 61 36 37 30 34 38 34 33 39 34 65 64 64 64 34 31 32 39 39 32 36 35 61 64 26 54 49 4d 45 3d 32 30 32 32 30 35 31 33 54 32 33 34 32 31 38 5a 26 53 4c 4f 54 3d 32 26 52 45 51 54 3d 32 30 32 32 30 35 31 33 54 31 34 33 39 35 33 26 4d 41 5f 53 63 6f 72 65 3d 32 26 4c 4f 43 41 4c 49 44 3d 77 Data Ascii: PID=425106558&TID=700342085&CID=128000000001392729&BID=1510916820&PG=PC000P0FR5.0000000IQ8&TPID=425106558&REQASID=EAF309383A404EB58FAF19C69C943F89&ASID=96a00e7ca670484394eddd41299265ad&TIME=20220513T234218Z&SLOT=2&REQT=20220513T143953&MA_Score=2&LOCALID=w
2022-05-13 14:42:47 UTC	10473	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/xml; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 13 May 2022 14:42:47 GMT Connection: close Content-Length: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:53 UTC	10473	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-13 14:42:53 UTC	10473	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 85f32405-2dfd-4e94-9137-5c3ec23eb95b MS-RequestId: b5dd336d-a1db-4fcc-a606-3d0f3fd13ded MS-CV: dg76o2/nR0uzHcGm.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 13 May 2022 14:42:52 GMT Connection: close Content-Length: 35877
2022-05-13 14:42:53 UTC	10474	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-13 14:42:53 UTC	10489	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-05-13 14:42:53 UTC	10505	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:55 UTC	10509	OUT	GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234159Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:55 UTC	10510	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 2436083f-b202-47c1-9081-97492a96df3a Date: Fri, 13 May 2022 14:42:55 GMT Connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #Ud83d#Udcde_0072520589037.html (2).html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\09ab72cb-52ae-4994-a3bd-f8a75a336fe8.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2699c47d-37d5-4591-accb-5d07326895ba.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\3ddf133a-0330-41cd-945a-cb6bd665fa34.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\4604de8e-a81d-48a9-8a87-49928d3e9113.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\758e4751-937a-454c-b0a9-0eab4601b11d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\8e7800eb-4c79-40a0-983a-101fe8590c01.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\9de6409c-44ed-4863-b6d9-4437dac8f2f8.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\467c85ce-48f6-4fff-9b64-288175348379.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\46f4e373-225d-4037-b61a-79482c0b6637.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\51854940-e079-4705-8722-e614d8e53d54.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\66d9f770-8575-4e09-9098-071537ad1189.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8882fa07-92a2-44f6-9aac-b84de0df66e4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9e400345-6eaa-4358-bc13-536cdbbf0030.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\9b9bb0a8-e5e6-4831-90e8-c6c5dec5a45d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\1a740594-65fd-4ef0-8aee-c8eb20d41298.tmp

Windows Analysis Report
#Ud83d#Udcde_0072520589037.html (2).html

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:55 UTC	10510	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234200Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:55 UTC	10546	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: eaf6aee7-afad-4b73-b8c0-c5b66e4ecd9d Date: Fri, 13 May 2022 14:42:55 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:56 UTC	10547	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=52mu3Ytu1dbNXNh&MD=xY6EXTMt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-13 14:42:56 UTC	10548	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: d0e8b20a-34f5-4dd8-b058-70970770c520 MS-RequestId: 2adf9961-7646-46db-9241-6106dc4b93a7 MS-CV: NDJM7h5120aPB5bw.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 13 May 2022 14:42:55 GMT Connection: close Content-Length: 35877
2022-05-13 14:42:56 UTC	10549	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-13 14:42:56 UTC	10564	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-05-13 14:42:56 UTC	10580	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:39:58 UTC	103	OUT	GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-13 14:39:58 UTC	120	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 5777 Content-Type: image/png Last-Modified: Tue, 31 Mar 2020 18:42:54 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDdENUEzNTJCQjJGM0E" MS-CV: sE5KrZztTESl/Nvr.0 Access-Control-Expose-Headers: MS-CV Date: Fri, 13 May 2022 14:39:58 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-13 14:39:58 UTC	120	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8e 00 00 00 8e 08 06 00 00 00 e7 fd 30 08 00 00 16 58 49 44 41 54 78 da ed 9d 0b 98 14 d5 95 c7 4f 55 77 cf 7b 98 27 30 03 0c 32 c0 3c 18 90 a7 02 22 2a 88 1a 5f 49 4c 76 e5 e9 aa c9 ae df ba 8b 49 24 a2 0b 7c 01 8c 51 3f 13 35 2a 2a ba 26 ab 44 57 d7 90 20 a0 e8 b2 20 a2 2c a0 3c 8d b0 40 90 37 01 86 d7 cc 30 d3 33 d3 ef 5b 5b 55 53 d5 73 eb d6 bd 55 d5 f8 98 ae ee 7b f9 ee d7 5d d3 35 35 dd 75 7f fd 3f ff 73 4e 75 23 02 1f 7c 5c c4 10 f9 29 e0 83 83 c3 07 07 87 0f 0e 0e 1f 1c 1c 3e f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 0e 0e 1f 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 3e 38 38 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 3e 04 9b c9 c1 e1 83 0a ca d7 bd 3f 07 27 45 61 f9 ba 8e c5 c1 49 Data Ascii: PNGIHDR0XIDATxOUw{'02<"_ILvI$\|Q?5*&DW ,<@703[[USsU{]55u?sNu#\|\)>\|pp>88\|pp>?'EaI

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:56 UTC	10584	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234205Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:56 UTC	10584	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 64b858b0-2249-42e7-97d9-f9599c881f9f Date: Fri, 13 May 2022 14:42:55 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:56 UTC	10585	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234206Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:56 UTC	10585	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 762672ab-ec5a-497d-b31e-3fe6562f13fc Date: Fri, 13 May 2022 14:42:55 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:56 UTC	10586	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234206Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:56 UTC	10586	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 24b19352-2bdf-4430-a69f-6e37a4786ac0 Date: Fri, 13 May 2022 14:42:56 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:57 UTC	10622	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9N0866FS04W8&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234207Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:57 UTC	10623	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 2875bfa6-7684-43fd-af0d-b9aa8263a0ad Date: Fri, 13 May 2022 14:42:56 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:57 UTC	10623	OUT	GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=SpotifyAB.SpotifyMusic_zpdnekdrzrea0&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: Install Service MS-CV: a+aDGy4QZUmT9frB.0.2.4 Host: displaycatalog.mp.microsoft.com
2022-05-13 14:42:57 UTC	10624	IN	HTTP/1.1 200 OK Connection: close Date: Fri, 13 May 2022 14:42:56 GMT Content-Type: application/json; charset=utf-8 Server: Kestrel Transfer-Encoding: chunked Vary: Authorization MS-CorrelationId: e6830523-8b4f-4c71-ab54-aafddb93f7e0 MS-RequestId: be172831-23ba-4de5-9014-4e0c018fbc17 MS-CV: a+aDGy4QZUmT9frB.0.2.4.888069913.0.1.888069914.1052165443.0 X-Content-Type-Options: nosniff MS-ServerId: 5cdc8-2d7gh Region: neu Node: aks-bigcatrpns-32351330-vmss000023 MS-DocumentVersions: 9NCBCSZSJRSB\|4067
2022-05-13 14:42:57 UTC	10624	IN	Data Raw: 36 66 33 62 0d 0a 7b 22 42 69 67 49 64 73 22 3a 5b 22 39 4e 43 42 43 53 5a 53 4a 52 53 42 22 5d 2c 22 48 61 73 4d 6f 72 65 50 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 50 72 6f 64 75 63 74 73 22 3a 5b 7b 22 4c 61 73 74 4d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 31 33 54 30 39 3a 35 39 3a 31 38 2e 35 39 34 34 30 37 34 5a 22 2c 22 4c 6f 63 61 6c 69 7a 65 64 50 72 6f 70 65 72 74 69 65 73 22 3a 5b 7b 22 46 72 61 6e 63 68 69 73 65 73 22 3a 5b 5d 2c 22 49 6d 61 67 65 73 22 3a 5b 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 33 34 36 39 30 34 31 39 33 32 30 39 39 33 37 31 39 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 23 31 65 64 37 36 30 22 2c Data Ascii: 6f3b{"BigIds":["9NCBCSZSJRSB"],"HasMorePages":false,"Products":[{"LastModifiedDate":"2022-05-13T09:59:18.5944074Z","LocalizedProperties":[{"Franchises":[],"Images":[{"FileId":"3034690419320993719","EISListingIdentifier":null,"BackgroundColor":"#1ed760",
2022-05-13 14:42:57 UTC	10628	IN	Data Raw: 38 31 66 2d 34 39 32 63 2d 62 31 34 38 2d 62 32 63 65 38 31 36 34 39 34 38 30 2e 64 30 38 35 39 36 63 36 2d 65 36 62 36 2d 34 38 62 33 2d 38 66 63 39 2d 39 35 39 36 38 35 63 30 34 66 30 31 22 2c 22 57 69 64 74 68 22 3a 33 31 30 7d 2c 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 31 38 38 34 33 37 33 37 33 30 32 37 32 32 38 35 34 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 23 31 65 64 37 36 30 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 32 37 30 35 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 34 36 35 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f Data Ascii: 81f-492c-b148-b2ce81649480.d08596c6-e6b6-48b3-8fc9-959685c04f01","Width":310},{"FileId":"3018843737302722854","EISListingIdentifier":null,"BackgroundColor":"#1ed760","Caption":"","FileSizeInBytes":12705,"ForegroundColor":"","Height":465,"ImagePositionInfo
2022-05-13 14:42:57 UTC	10632	IN	Data Raw: 64 43 6f 6c 6f 72 22 3a 22 23 31 65 64 37 36 30 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 33 35 30 36 38 33 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 37 36 38 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 44 65 73 6b 74 6f 70 2f 32 22 2c 22 49 6d 61 67 65 50 75 72 70 6f 73 65 22 3a 22 53 63 72 65 65 6e 73 68 6f 74 22 2c 22 55 6e 73 63 61 6c 65 64 49 6d 61 67 65 53 48 41 32 35 36 48 61 73 68 22 3a 22 59 4c 4e 66 68 57 66 7a 4c 68 2f 4b 39 4a 71 70 4c 67 37 7a 6e 79 48 56 67 59 4d 4f 66 34 7a 66 56 75 77 78 5a 70 61 32 6b 4e 59 3d 22 2c 22 55 72 69 22 3a 22 2f 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f 66 Data Ascii: dColor":"#1ed760","Caption":"","FileSizeInBytes":350683,"ForegroundColor":"","Height":768,"ImagePositionInfo":"Desktop/2","ImagePurpose":"Screenshot","UnscaledImageSHA256Hash":"YLNfhWfzLh/K9JqpLg7znyHVgYMOf4zfVuwxZpa2kNY=","Uri":"//store-images.s-microsof
2022-05-13 14:42:57 UTC	10636	IN	Data Raw: 46 4f 22 2c 22 46 4a 22 2c 22 47 46 22 2c 22 50 46 22 2c 22 54 46 22 2c 22 47 41 22 2c 22 47 4d 22 2c 22 47 45 22 2c 22 47 48 22 2c 22 47 49 22 2c 22 47 4c 22 2c 22 47 44 22 2c 22 47 50 22 2c 22 47 55 22 2c 22 47 47 22 2c 22 47 4e 22 2c 22 47 57 22 2c 22 47 59 22 2c 22 48 54 22 2c 22 48 4d 22 2c 22 48 4e 22 2c 22 41 5a 22 2c 22 42 53 22 2c 22 42 42 22 2c 22 42 59 22 2c 22 42 5a 22 2c 22 42 4a 22 2c 22 42 4d 22 2c 22 42 54 22 2c 22 4b 4d 22 2c 22 43 47 22 2c 22 43 44 22 2c 22 43 4b 22 2c 22 43 58 22 2c 22 43 43 22 2c 22 43 49 22 2c 22 43 57 22 2c 22 4a 4d 22 2c 22 53 4a 22 2c 22 4a 45 22 2c 22 4b 49 22 2c 22 4b 47 22 2c 22 4c 41 22 2c 22 4c 53 22 2c 22 4c 52 22 2c 22 4d 4f 22 2c 22 4d 4b 22 2c 22 4d 47 22 2c 22 4d 57 22 2c 22 49 4d 22 2c 22 4d 48 22 2c 22 Data Ascii: FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","
2022-05-13 14:42:57 UTC	10640	IN	Data Raw: 53 48 22 2c 22 4b 4e 22 2c 22 4c 43 22 2c 22 50 4d 22 2c 22 56 43 22 2c 22 54 4a 22 2c 22 54 5a 22 2c 22 54 47 22 2c 22 54 4b 22 2c 22 54 4f 22 2c 22 54 4d 22 2c 22 54 43 22 2c 22 54 56 22 2c 22 55 4d 22 2c 22 55 47 22 2c 22 56 49 22 2c 22 56 47 22 2c 22 57 46 22 2c 22 45 48 22 2c 22 5a 4d 22 2c 22 5a 57 22 2c 22 55 5a 22 2c 22 56 55 22 2c 22 53 52 22 2c 22 53 5a 22 2c 22 41 44 22 2c 22 4d 43 22 2c 22 53 4d 22 2c 22 4d 45 22 2c 22 56 41 22 2c 22 4e 45 55 54 52 41 4c 22 5d 7d 5d 2c 22 50 72 6f 64 75 63 74 49 64 22 3a 22 39 4e 43 42 43 53 5a 53 4a 52 53 42 22 2c 22 50 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 46 75 6c 66 69 6c 6c 6d 65 6e 74 44 61 74 61 22 3a 7b 22 50 72 6f 64 75 63 74 49 64 22 3a 22 39 4e 43 42 43 53 5a 53 4a 52 53 42 22 2c 22 57 75 43 61 74 Data Ascii: SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCat
2022-05-13 14:42:57 UTC	10644	IN	Data Raw: 63 65 61 63 35 64 33 66 2d 38 61 34 66 2d 34 30 65 31 2d 39 61 36 37 2d 37 36 64 39 31 30 38 63 37 63 62 35 3a 46 75 6c 6c 22 5d 2c 22 4c 69 63 65 6e 73 69 6e 67 4b 65 79 49 64 73 22 3a 5b 22 31 22 5d 7d 2c 7b 22 45 6e 74 69 74 6c 65 6d 65 6e 74 4b 65 79 73 22 3a 5b 22 62 69 67 3a 39 4e 43 42 43 53 5a 53 4a 52 53 42 3a 30 30 30 31 22 5d 2c 22 4c 69 63 65 6e 73 69 6e 67 4b 65 79 49 64 73 22 3a 5b 22 31 22 5d 7d 2c 7b 22 45 6e 74 69 74 6c 65 6d 65 6e 74 4b 65 79 73 22 3a 5b 22 62 69 67 3a 39 4e 43 42 43 53 5a 53 4a 52 53 42 3a 30 30 30 32 22 5d 2c 22 4c 69 63 65 6e 73 69 6e 67 4b 65 79 49 64 73 22 3a 5b 22 31 22 5d 7d 5d 7d 2c 22 4d 61 72 6b 65 74 73 22 3a 5b 22 55 53 22 5d 2c 22 4f 72 64 65 72 4d 61 6e 61 67 65 6d 65 6e 74 44 61 74 61 22 3a 7b 22 47 72 61 Data Ascii: ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5:Full"],"LicensingKeyIds":["1"]},{"EntitlementKeys":["big:9NCBCSZSJRSB:0001"],"LicensingKeyIds":["1"]},{"EntitlementKeys":["big:9NCBCSZSJRSB:0002"],"LicensingKeyIds":["1"]}]},"Markets":["US"],"OrderManagementData":{"Gra
2022-05-13 14:42:57 UTC	10648	IN	Data Raw: 22 4c 52 22 2c 22 4d 4f 22 2c 22 4d 4b 22 2c 22 4d 47 22 2c 22 4d 57 22 2c 22 49 4d 22 2c 22 4d 48 22 2c 22 4d 51 22 2c 22 4d 55 22 2c 22 59 54 22 2c 22 46 4d 22 2c 22 4d 44 22 2c 22 4d 4e 22 2c 22 4d 53 22 2c 22 4d 5a 22 2c 22 4d 4d 22 2c 22 4e 41 22 2c 22 4e 52 22 2c 22 4e 50 22 2c 22 4d 56 22 2c 22 4d 4c 22 2c 22 4e 43 22 2c 22 4e 49 22 2c 22 4e 45 22 2c 22 4e 55 22 2c 22 4e 46 22 2c 22 50 57 22 2c 22 50 53 22 2c 22 50 41 22 2c 22 50 47 22 2c 22 50 59 22 2c 22 52 45 22 2c 22 52 57 22 2c 22 42 4c 22 2c 22 4d 46 22 2c 22 57 53 22 2c 22 53 54 22 2c 22 53 4e 22 2c 22 4d 50 22 2c 22 50 4e 22 2c 22 53 58 22 2c 22 53 42 22 2c 22 53 4f 22 2c 22 53 43 22 2c 22 53 4c 22 2c 22 47 53 22 2c 22 53 48 22 2c 22 4b 4e 22 2c 22 4c 43 22 2c 22 50 4d 22 2c 22 56 43 22 2c Data Ascii: "LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC",
2022-05-13 14:42:57 UTC	10652	IN	Data Raw: 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 31 33 54 30 39 3a 35 39 3a 31 38 2e 36 37 34 30 37 35 32 5a 22 2c 22 4d 61 72 6b 65 74 73 22 3a 5b 22 55 53 22 5d 2c 22 4f 72 64 65 72 4d 61 6e 61 67 65 6d 65 6e 74 44 61 74 61 22 3a 7b 22 47 72 61 6e 74 65 64 45 6e 74 69 74 6c 65 6d 65 6e 74 4b 65 79 73 22 3a 5b 5d 2c 22 50 72 69 63 65 22 3a 7b 22 43 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 49 73 50 49 52 65 71 75 69 72 65 64 22 3a 66 61 6c 73 65 2c 22 4c 69 73 74 50 72 69 63 65 22 3a 30 2e 30 2c 22 4d 53 52 50 22 3a 30 2e 30 2c 22 54 61 78 54 79 70 65 22 3a 22 22 2c 22 57 68 6f 6c 65 73 61 6c 65 43 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 22 7d 7d 2c 22 50 72 6f 70 65 72 74 69 65 73 22 3a 7b 7d 2c 22 53 6b 75 49 64 22 3a 22 30 30 31 31 22 Data Ascii: Date":"2022-05-13T09:59:18.6740752Z","Markets":["US"],"OrderManagementData":{"GrantedEntitlementKeys":[],"Price":{"CurrencyCode":"USD","IsPIRequired":false,"ListPrice":0.0,"MSRP":0.0,"TaxType":"","WholesaleCurrencyCode":""}},"Properties":{},"SkuId":"0011"
2022-05-13 14:42:57 UTC	10652	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:42:58 UTC	10653	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=90a9351948c94419823b21a4fcd3b2c1&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NC2FBTHCJV8&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=96a00e7ca670484394eddd41299265ad&time=20220513T234214Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-13 14:42:58 UTC	10654	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 0a7286d2-c82e-4dc2-be08-0876afe2f706 Date: Fri, 13 May 2022 14:42:58 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 14:39:58 UTC	104	OUT	GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-13 14:39:58 UTC	148	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 2626 Content-Type: image/png Last-Modified: Mon, 30 Aug 2021 15:07:35 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDk2QkM3RTY2MTJGOUU" MS-CV: 43KkWTor8EuznZWC.0 Access-Control-Expose-Headers: MS-CV Date: Fri, 13 May 2022 14:39:58 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-13 14:39:58 UTC	148	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 03 00 00 00 4e a3 7e 47 00 00 02 d3 50 4c 54 45 1d b9 54 23 ba 58 35 c0 66 48 c6 74 54 ca 7e 5f cd 86 6a d1 8f 70 d2 93 73 d3 95 77 d5 98 75 d4 97 72 d3 94 6e d2 91 66 cf 8b 5b cc 82 50 c8 7a 41 c4 6f 2f be 62 1e b9 55 39 c1 69 6d d1 91 99 df b1 c1 ec d0 e9 f8 ee ff ff ff fb fd fc db f4 e4 b2 e7 c5 8a da a6 5a cb 82 28 bc 5c af e6 c2 e7 f7 ed fd fe fd d4 f1 de 97 de b0 56 ca 7f 22 ba 58 33 bf 64 7d d6 9d c9 ee d6 fe fe fe f3 fb f6 ae e6 c1 61 ce 87 20 ba 56 63 ce 89 bd ea cd ef fa f2 9c e0 b4 43 c4 70 2b bd 5e 86 d9 a3 e7 f7 ec c7 ed d4 60 cd 86 2d be 60 96 de af f4 fb f6 6b d1 8f 27 bc 5c 90 dc ab d8 f3 e2 63 ce 88 e8 f8 ee c4 ec d2 44 c5 72 42 c4 70 cc ef d8 fc fe fc 98 df b1 25 Data Ascii: PNGIHDR,,N~GPLTET#X5fHtT~_jpswurnf[PzAo/bU9imZ(\V"X3d}a VcCp+^`-`k'\cDrBp%