Edit tour

Windows Analysis Report
Invoice_payment_confirmation_567.html

Overview

General Information

Sample Name:	Invoice_payment_confirmation_567.html
Analysis ID:	634583
MD5:	e91df87620aa68b41abc943cd4c096bf
SHA1:	4ec2d9b4832c871b0f307eb97484f925fd86d8a2
SHA256:	2aa5bffa8a9c6a8590f9cbbd68ab94dc7a8e99b630e97561e15bf2dfd8904235
Infos:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Yara detected HtmlPhish6

Yara detected HtmlPhish44

Yara detected obfuscated html page

HTML document with suspicious title

HTML document with suspicious name

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

No HTML title found

Detected potential crypto function

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

HTML body contains low number of good links

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Extensive use of GetProcAddress (often used to hide API calls)

PE file contains strange resources

Invalid 'forgot password' link found

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

None HTTPS page querying sensitive user data (password, username or email)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1640 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Invoice_payment_confirmation_567.html MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14108967426269858545,9759409369232530539,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

elevation_service.exe (PID: 3536 cmdline: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe MD5: AFD137B53BA091ACBA569255B16DF837)

ChromeRecovery.exe (PID: 1584 cmdline: "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={2b7a79f6-5644-4c8c-aac6-e0494a82c1d2} --system MD5: 49AC3C96D270702A27B4895E4CE1F42A)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Invoice_payment_confirmation_567.html	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
Invoice_payment_confirmation_567.html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author	Strings
13872.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
13872.0.pages.csv	JoeSecurity_HtmlPhish_6	Yara detected HtmlPhish_6	Joe Security

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094314Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f6e598a7210f4ba6a67368ba84fd9e2a&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: Gr8SksEb2E2KQqlU.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094314Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=7c6923c195784c839a5d7a547d2c5801&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: Gr8SksEb2E2KQqlU.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.10288.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.12bb65f7-1014-4469-bb2e-59f575e79b05?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18694.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.4e8e78d2-c2c2-4c02-8d8c-46ac3b2419e7?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16574.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.6a6f592e-efa9-4bb0-b008-7c3422ab3313?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15881.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.bcf361e4-21f7-429d-877a-6c55c1b655ff?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18858.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.1b03c26f-1753-4221-9ab1-4581f098723d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.2052.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.a0c3decd-308f-4f06-bcfb-2aa4f3afe248?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.256.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.ca4cbefc-0ab0-4144-90c1-07f5250c8c21?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.616.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.d81cfd95-c9fd-48e0-8fc3-36ff7b9e590a?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.58298.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.55988ee1-bd9b-4322-980a-a610abdc7713?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.64128.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.d58015ff-2fcf-4113-975b-e873039b6d86?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16957.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.aef04b90-a221-4ea5-a05d-0d51ac792471?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15982.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.7bbbe321-5273-45d0-814e-74f2065197d3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18124.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.afc6c372-c7a8-4eda-94fb-541bbb081d14?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31225.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.3ffd9abd-094d-4594-b6c3-8e079298b84b?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31660.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.9cf7ca2f-497e-4cb1-be08-431c9fcc4d54?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.38957.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.dcc9368c-4c77-41a2-b867-8514435d8418?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.32938.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.721cfb02-7935-45dc-9d66-2d6e6b2ff76c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39016.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.bbea1229-a466-4a8c-b428-57cb58abf084?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.41671.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.86b1d82d-8b47-4bda-99fc-8a1db0a7ac9d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.51843.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c13e8407-eaf8-447a-a5d6-9abd8bc2c1f3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.5075.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.f329a73d-1ae8-4445-aa4c-bf40f3c5d62d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /pw30spQ/90.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logincdn.msauth.net
Source: global traffic	HTTP traffic detected: GET /pw30spQ/90.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.ibb.co
Source: global traffic	HTTP traffic detected: GET /image/apps.52481.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.16c0a704-aef8-4bc4-af36-0c3b3ee0f6e2?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.54145.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.0df01b4e-7fca-47eb-b3d7-95ba7990754d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.54562.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.24af4abe-62f8-404b-b1a9-ee8fe4d32d94?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.56668.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.a2d9522a-f7d1-4f21-9ea4-8ba298101695?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.55990.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.1c9f2174-7e18-48ba-af90-e569a2444a83?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.58878.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.21987aba-4948-4f44-bf2e-eba90517f1c5?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.65344.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.2a7e9f85-6e2d-4bc7-ad81-13196f5baf00?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.62687.13510798885854323.6a8c11ad-84e9-4247-9ba9-ab3742bdbb87.e61dfadd-3bdd-4f66-beb1-6bb763b60b02?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.7873.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.7885dc21-4015-4284-a596-d3d24cf6c1b8?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.59367.13510798885854323.dbec43fa-fcea-4036-9b1c-96de66922c18.da850a8e-5b3f-49fd-b3dc-6a8c0db400e4?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.8341.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.fc0c6be7-c064-44dc-a7df-81e7097e3c93?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220526T114559Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=4aefb9ce82414c309fd50462ad7d2ded&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1531773&metered=false&nettype=ethernet&npid=sc-338389&oemName=dchdpw%2C%20Inc.&oemid=dchdpw%2C%20Inc.&ossku=Professional&smBiosDm=dchdpw7%2C1&tl=2&tsu=1531773&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAbwrbtMyfWYS5LvcRdrN/YSSKm7T30Ory91THhxVtQ/u1C3XsQR1j/Gul4xhrmxkJ/gRWPmUWRRJjWEonDG3ItND8f5ZyKAKn68VfEM82j6MiB1nRrIPc5mcvr5ppuO3MEO3yfUDxhgPzM1q2X7H6CJOKTrKEEZtndFDkdCLWN6yKLyBxwSDWaxcfmhc5AJhQpozniuJsgoCeIUxhqimnMEUPBEwYC5+lMDPYZgC/+mKsowcqL91dribsrM4GGSYJREfBbXzYBwh5TqEpzN6Vh2rv4EyZqbMSZduX6HxpSlHnrUoW4HxeMqwv68R+xcUcl1lb/NhkRpvR55/LtRTIwUDZgAACOXYsDpcd+FbsAEZgFyCIJf7AMEhmVsQI7CJNBsx1FsBJJExFGguvnAOi/SHHvVJc7NQpodB2j2TLPIPcTKqICi4CkorOVsbK3xP99Z77/WJ7w05fvan2XtdlE/Wrbq1hleWA8B0ZCDjwWcDoFY29FzLlvOQ7Xw6e1O1qmhwu6Cm0OtaITUgO7yEuNTaDXgN7PtVHWPLnsjJ7bX2wLxnK7dgderuA1hb9mCWnCI6bNR2raNpGrSf0um26og0EJ+KGevRUMPmw0xQjHDj7I4HAHkzFf1JtmkcJHatploP8ydbeo/dzo3lITpE/X41fmjCli5hr2cGbm4p8Iu/V999IoLolvTkdA/lmtU+P8uUpgG+cIDvnARNwdPuMZxY+4Fm5jRqA9WGS+Ty+SvD7gIosOI1Id4Yu4ptiN6H6tggaL5FDPRlWp/JxBsmqk8WeUMp7kMRXgCrAKJmqB3avzo2t9lmP232tukV4Pve99JdL7O+0+iLrUblDLcMSDEwqGtEMfCD/qCmplrMxiqonJvk0NMCVHEe4HMFFlRozQM0NfbGHSFLnUinvmkGSuP3/++asME0vSlN8fAzaP/aAQ==&p=Cache-Control: no-cacheMS-CV: Uk/T/jIkQkanI6jT.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220526T114559Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=4ff0e2fb91104e73a61123edaa6fd4ab&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1531773&metered=false&nettype=ethernet&npid=sc-280815&oemName=dchdpw%2C%20Inc.&oemid=dchdpw%2C%20Inc.&ossku=Professional&smBiosDm=dchdpw7%2C1&tl=2&tsu=1531773&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAWURZjUVfKJUTJc9xWC40Ue7muwDrwI0g9XGSCBJ7s24wt/bdW+AtvyjB/0UmutfLwb6Ej3ovlHV67EvJv0UJfg/gD0LCBs8ShW4w7M8ooz1iB8igTQ/XH2dXkjuZWXLBD8ERfHeb+t7B1nlAtPC9qNdihjGi9uxmXDN0sybXmX4U5H5bMUxVCPsytti91iLnAdP8TEotHP//8gXYrqPtSw0vWxr4Vmf6IIxVCA5GJ+I87Ak+YIy+ZD2igumHUTpLiXIoiPxlREa4N1OOapz/HNzW5yDkq735KuOoc7fNtx1jhbU9NeF8q3hrC751wLjtPQz9YL5Z3eIswP5XNSoCZoDZgAACAcbf248CnIasAEHKTFDi/60v/azXSuyHVRqYyq/eKh8218+yMCd5SV8cCEGQf3GoqZSPA0SSor8aNxdjm1AyE/J2osNT6Hp3hn81wEiUyPjfwfGfIIu/lwEbajXuP/w4ZP364sFA6Lpi8kvCZchJTLZjCTRccICvL4WOLRbiK/ZAzu/+zq75LFTKjOjbsWomBSF9VHe33X9IiN4sd57QS4HIe+ahbMurbU8oFZ9kIPpGzgwFFCWPV5I3y7FXgAC1ZYF5D+IiibJKnEGqdc3qnWVXMXpU95jzBJeApEudwl0dPNaPfoyXl0e8lOyp3ib0WHF7rsGZCwVPiAMOmFusQEtnPnjRh/32a/2Iri/VZu7wcskwkaYybr6Ne3o+oHQF0PgtxbRiBwJsSnY6Wm48OOtQlWd8q5XvPydUwm/yyvdpD50A9BqC9356owNCJvu95sXpGybf9x+nARuDdD8OwsHVtbKuCNiMCLBj/A7oHpzYQeFRi/mgNFmW0kt/lOdpT6DHDAz/Ky3rKa1uK5E4JcTCK5WczmWYawhi/U1na+y7CNnLdLEgYizD0EBOEC5M21rUX4zlv1b2GrYAQ==&p=Cache-Control: no-cacheMS-CV: Uk/T/jIkQkanI6jT.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114603Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114605Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114606Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=SpotifyAB.SpotifyMusic_zpdnekdrzrea0&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: GiqtprijtEm9TCQC.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114607Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114608Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114610Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114611Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9N0866FS04W8&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114611Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ10M&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114612Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ140&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114613Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NC2FBTHCJV8&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114613Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.YourPhone_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: pBohZfRMX02n5gr9.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH1CQ7L&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114614Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220526T114615Z&asid=c7a8b22123bf4f0d817b2043a0b86bd8&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ3P2&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114620Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114621Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114622Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.BingNews_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: URNjEpumaUCrKeFY.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114622Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114623Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114623Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220526T114638Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=7956cda862394f129d871e1ee9b713f2&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1531773&metered=false&nettype=ethernet&npid=sc-338387&oemName=dchdpw%2C%20Inc.&oemid=dchdpw%2C%20Inc.&ossku=Professional&rver=2&sc-mode=0&smBiosDm=dchdpw7%2C1&tl=2&tsu=1531773&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAbwrbtMyfWYS5LvcRdrN/YSSKm7T30Ory91THhxVtQ/u1C3XsQR1j/Gul4xhrmxkJ/gRWPmUWRRJjWEonDG3ItND8f5ZyKAKn68VfEM82j6MiB1nRrIPc5mcvr5ppuO3MEO3yfUDxhgPzM1q2X7H6CJOKTrKEEZtndFDkdCLWN6yKLyBxwSDWaxcfmhc5AJhQpozniuJsgoCeIUxhqimnMEUPBEwYC5+lMDPYZgC/+mKsowcqL91dribsrM4GGSYJREfBbXzYBwh5TqEpzN6Vh2rv4EyZqbMSZduX6HxpSlHnrUoW4HxeMqwv68R+xcUcl1lb/NhkRpvR55/LtRTIwUDZgAACOXYsDpcd+FbsAEZgFyCIJf7AMEhmVsQI7CJNBsx1FsBJJExFGguvnAOi/SHHvVJc7NQpodB2j2TLPIPcTKqICi4CkorOVsbK3xP99Z77/WJ7w05fvan2XtdlE/Wrbq1hleWA8B0ZCDjwWcDoFY29FzLlvOQ7Xw6e1O1qmhwu6Cm0OtaITUgO7yEuNTaDXgN7PtVHWPLnsjJ7bX2wLxnK7dgderuA1hb9mCWnCI6bNR2raNpGrSf0um26og0EJ+KGevRUMPmw0xQjHDj7I4HAHkzFf1JtmkcJHatploP8ydbeo/dzo3lITpE/X41fmjCli5hr2cGbm4p8Iu/V999IoLolvTkdA/lmtU+P8uUpgG+cIDvnARNwdPuMZxY+4Fm5jRqA9WGS+Ty+SvD7gIosOI1Id4Yu4ptiN6H6tggaL5FDPRlWp/JxBsmqk8WeUMp7kMRXgCrAKJmqB3avzo2t9lmP232tukV4Pve99JdL7O+0+iLrUblDLcMSDEwqGtEMfCD/qCmplrMxiqonJvk0NMCVHEe4HMFFlRozQM0NfbGHSFLnUinvmkGSuP3/++asME0vSlN8fAzaP/aAQ==&p=Cache-Control: no-cacheMS-CV: Uk/T/jIkQkanI6jT.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114624Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220526T114639Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=0d4a28fbeae64e4f954f41b00c93294f&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1531773&metered=false&nettype=ethernet&npid=sc-338388&oemName=dchdpw%2C%20Inc.&oemid=dchdpw%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=dchdpw7%2C1&tl=2&tsu=1531773&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAbwrbtMyfWYS5LvcRdrN/YSSKm7T30Ory91THhxVtQ/u1C3XsQR1j/Gul4xhrmxkJ/gRWPmUWRRJjWEonDG3ItND8f5ZyKAKn68VfEM82j6MiB1nRrIPc5mcvr5ppuO3MEO3yfUDxhgPzM1q2X7H6CJOKTrKEEZtndFDkdCLWN6yKLyBxwSDWaxcfmhc5AJhQpozniuJsgoCeIUxhqimnMEUPBEwYC5+lMDPYZgC/+mKsowcqL91dribsrM4GGSYJREfBbXzYBwh5TqEpzN6Vh2rv4EyZqbMSZduX6HxpSlHnrUoW4HxeMqwv68R+xcUcl1lb/NhkRpvR55/LtRTIwUDZgAACOXYsDpcd+FbsAEZgFyCIJf7AMEhmVsQI7CJNBsx1FsBJJExFGguvnAOi/SHHvVJc7NQpodB2j2TLPIPcTKqICi4CkorOVsbK3xP99Z77/WJ7w05fvan2XtdlE/Wrbq1hleWA8B0ZCDjwWcDoFY29FzLlvOQ7Xw6e1O1qmhwu6Cm0OtaITUgO7yEuNTaDXgN7PtVHWPLnsjJ7bX2wLxnK7dgderuA1hb9mCWnCI6bNR2raNpGrSf0um26og0EJ+KGevRUMPmw0xQjHDj7I4HAHkzFf1JtmkcJHatploP8ydbeo/dzo3lITpE/X41fmjCli5hr2cGbm4p8Iu/V999IoLolvTkdA/lmtU+P8uUpgG+cIDvnARNwdPuMZxY+4Fm5jRqA9WGS+Ty+SvD7gIosOI1Id4Yu4ptiN6H6tggaL5FDPRlWp/JxBsmqk8WeUMp7kMRXgCrAKJmqB3avzo2t9lmP232tukV4Pve99JdL7O+0+iLrUblDLcMSDEwqGtEMfCD/qCmplrMxiqonJvk0NMCVHEe4HMFFlRozQM0NfbGHSFLnUinvmkGSuP3/++asME0vSlN8fAzaP/aAQ==&p=Cache-Control: no-cacheMS-CV: Uk/T/jIkQkanI6jT.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114624Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220526T114625Z&asid=8a797e6ed978405692c4acbf4650873f&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 1B76BNybbUWNHzSO.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Disney.37853FC22B2CE_6rarf9sa4v8jt&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: uDw2kGtleESJezzO.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=BytedancePte.Ltd.TikTok_6yccndn6064se&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 4MWygkNr/0qcHyiJ.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: mJvN0d3F60OM+vw5.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AmazonVideo.PrimeVideo_pwbj9vvecjh7j&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: rSSOXunOFkaDfWK5.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4CJ3S?ver=6f36 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWR39G?ver=0455 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWP8kk?ver=8c62 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4CSNW?ver=60f6 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWP0UC?ver=2f44 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWR64s?ver=0ee3 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114640Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114641Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114641Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114642Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114643Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114644Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114646Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114647Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114648Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114648Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114649Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114650Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114651Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114655Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114655Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114656Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114657Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114658Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114659Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114659Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114700Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114700Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220526T114715Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=51be641ae3a54b9d9648ac13fd1c5b30&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1531774&metered=false&nettype=ethernet&npid=sc-310091&oemName=dchdpw%2C%20Inc.&oemid=dchdpw%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=dchdpw7%2C1&tl=2&tsu=1531774&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAbwrbtMyfWYS5LvcRdrN/YSSKm7T30Ory91THhxVtQ/u1C3XsQR1j/Gul4xhrmxkJ/gRWPmUWRRJjWEonDG3ItND8f5ZyKAKn68VfEM82j6MiB1nRrIPc5mcvr5ppuO3MEO3yfUDxhgPzM1q2X7H6CJOKTrKEEZtndFDkdCLWN6yKLyBxwSDWaxcfmhc5AJhQpozniuJsgoCeIUxhqimnMEUPBEwYC5+lMDPYZgC/+mKsowcqL91dribsrM4GGSYJREfBbXzYBwh5TqEpzN6Vh2rv4EyZqbMSZduX6HxpSlHnrUoW4HxeMqwv68R+xcUcl1lb/NhkRpvR55/LtRTIwUDZgAACOXYsDpcd+FbsAEZgFyCIJf7AMEhmVsQI7CJNBsx1FsBJJExFGguvnAOi/SHHvVJc7NQpodB2j2TLPIPcTKqICi4CkorOVsbK3xP99Z77/WJ7w05fvan2XtdlE/Wrbq1hleWA8B0ZCDjwWcDoFY29FzLlvOQ7Xw6e1O1qmhwu6Cm0OtaITUgO7yEuNTaDXgN7PtVHWPLnsjJ7bX2wLxnK7dgderuA1hb9mCWnCI6bNR2raNpGrSf0um26og0EJ+KGevRUMPmw0xQjHDj7I4HAHkzFf1JtmkcJHatploP8ydbeo/dzo3lITpE/X41fmjCli5hr2cGbm4p8Iu/V999IoLolvTkdA/lmtU+P8uUpgG+cIDvnARNwdPuMZxY+4Fm5jRqA9WGS+Ty+SvD7gIosOI1Id4Yu4ptiN6H6tggaL5FDPRlWp/JxBsmqk8WeUMp7kMRXgCrAKJmqB3avzo2t9lmP232tukV4Pve99JdL7O+0+iLrUblDLcMSDEwqGtEMfCD/qCmplrMxiqonJvk0NMCVHEe4HMFFlRozQM0NfbGHSFLnUinvmkGSuP3/++asME0vSlN8fAzaP/aAQ==&p=Cache-Control: no-cacheMS-CV: ZzmvxQo5vEaTaf5Z.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400091688&UIT=P-&TargetID=700129702&AN=900417064&PG=PC000P0FR5.0000000IRT&REQASID=0D4A28FBEAE64E4F954F41B00C93294F&UNID=338388&ASID=67de6f61a7594a7ea4f60a45eba3a471&PERSID=1A4A490328ED3BBECC8505EAE64E45F5&GLOBALDEVICEID=6966530473343700&LOCALID=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&DS_EVTID=c959f256e9ab433b8f22f14cb639eefa&DEVOSVER=10.0.17134.1&REQT=20220526T114639&TIME=20220526T114715Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400091688&UIT=P-&TargetID=700129702&AN=900417064&PG=PC000P0FR5.0000000IRT&REQASID=0D4A28FBEAE64E4F954F41B00C93294F&UNID=338388&ASID=67de6f61a7594a7ea4f60a45eba3a471&PERSID=1A4A490328ED3BBECC8505EAE64E45F5&GLOBALDEVICEID=6966530473343700&LOCALID=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&DS_EVTID=c959f256e9ab433b8f22f14cb639eefa&DEVOSVER=10.0.17134.1&REQT=20220526T114639&TIME=20220526T114716Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.219.45:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.210.32.103:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.35.236.56:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.4:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.125.122.176:443 -> 192.168.2.4:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.4:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.4:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.4:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.4:49903 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA9029 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,

System Summary

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html

Tab title: Sign in to your account

HTML document with suspicious name

Source: Name includes: Invoice_payment_confirmation_567.html

Initial sample: invoice

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FBC8DF
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC51B0
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB7AF1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB02A1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC328B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC4A67
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC423B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC44E5
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FBF428
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC3EC9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC56B9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB7E39
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC47AC
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FBEFA0

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: String function: 00FAFE60 appears 43 times

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA9D31: CreateFileW,DeviceIoControl,CloseHandle,

Source: ChromeRecovery.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ChromeRecovery.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Invoice_payment_confirmation_567.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14108967426269858545,9759409369232530539,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Process created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={2b7a79f6-5644-4c8c-aac6-e0494a82c1d2} --system
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14108967426269858545,9759409369232530539,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Process created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={2b7a79f6-5644-4c8c-aac6-e0494a82c1d2} --system

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-628F685A-668.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\40170f90-431d-464c-874a-052c18838f36.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.phis.winHTML@34/132@10/13

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Mutant created: \BaseNamedObjects\Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA1209 LoadResource,LockResource,SizeofResource,

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

File created: C:\Program Files\Google\Chrome\ChromeRecovery

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecoveryCRX.crx	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\_metadata\verified_contents.json	Jump to behavior

Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb` source: ChromeRecovery.exe, 00000016.00000000.417257873.0000000000FC7000.00000002.00000001.01000000.00000006.sdmp, ChromeRecovery.exe, 00000016.00000002.418320809.0000000000FC7000.00000002.00000001.01000000.00000006.sdmp, ChromeRecovery.exe.21.dr
Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb source: ChromeRecovery.exe, 00000016.00000000.417257873.0000000000FC7000.00000002.00000001.01000000.00000006.sdmp, ChromeRecovery.exe, 00000016.00000002.418320809.0000000000FC7000.00000002.00000001.01000000.00000006.sdmp, ChromeRecovery.exe.21.dr

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FC39A3 push ecx; ret
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAFEA6 push ecx; ret

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FAE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

File created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Jump to dropped file

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA3298 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FB02A1 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FC525D VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FB98C3 FindFirstFileExW,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FAF243 IsDebuggerPresent,OutputDebugStringW,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FC525D VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA41A3 CreateFileW,GetFileAttributesExW,OutputDebugStringW,CloseHandle,GetLastError,WriteFile,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA13D8 GetProcessHeap,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB3E6C mov ecx, dword ptr fs:[00000030h]
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB9665 mov eax, dword ptr fs:[00000030h]

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAE2C3 FreeLibrary,FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,DeleteCriticalSection,ReleaseSemaphore,WaitForSingleObject,CloseHandle,FindCloseChangeNotification,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAFE00 SetUnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAF886 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FB323D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAE4E6 EnterCriticalSection,SetUnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAFC6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	Code function: 22_2_00FAE553 SetUnhandledExceptionFilter,LeaveCriticalSection,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA59D6 GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA8FB3 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FAFAC3 cpuid

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA3047 GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

Code function: 22_2_00FA8E0B GetVersionExW,GetProcAddress,FreeLibrary,

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	3 Security Software Discovery	Remote Desktop Protocol	1 Clipboard Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	14 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Invoice_payment_confirmation_567.html	100%	Avira	HTML/Infected.WebPage.Gen2

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	1%	Virustotal	Browse
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	0%	Metadefender	Browse
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\1640_618172239\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
part-0017.t-0009.fbs1-t-msedge.net	0%	Virustotal	Browse
cs1227.wpc.alphacdn.net	0%	Virustotal	Browse
part-0032.t-0009.fbs1-t-msedge.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
gstaticadssl.l.google.com	216.58.215.227	true	false		high
accounts.google.com	142.250.203.109	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
part-0017.t-0009.fbs1-t-msedge.net	13.107.219.45	true	false	0%, Virustotal, Browse	unknown
maxcdn.bootstrapcdn.com	104.18.10.207	true	false		high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	216.58.215.238	true	false		high
part-0032.t-0009.fbs1-t-msedge.net	13.107.219.60	true	false	0%, Virustotal, Browse	unknown
i.ibb.co	51.210.32.103	true	false		high
clients2.google.com	unknown	unknown	false		high
ka-f.fontawesome.com	unknown	unknown	false		high
code.jquery.com	unknown	unknown	false		high
cdn.jsdelivr.net	unknown	unknown	false		high
kit.fontawesome.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	true	low
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	high
https://i.ibb.co/pw30spQ/90.jpg	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dns.google	5ff0b0b0-f071-475e-a22f-2b9d6f4c7f6c.tmp.1.dr, 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, 4b148a3c-b6d3-4f11-9c05-b7cee60505f1.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.0.dr	false		high
https://ogs.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.0.dr	false		high
https://play.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.0.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.0.dr	false		high
http://llvm.org/):	pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	false		high
https://www.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry%s:	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://accounts.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://clients2.googleusercontent.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://apis.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://clients2.google.com	357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.0.dr, manifest.json2.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.107.219.60	part-0032.t-0009.fbs1-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
216.58.215.238	clients.l.google.com	United States	15169	GOOGLEUS	false
216.58.215.227	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
51.210.32.103	i.ibb.co	France	16276	OVHFR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.4
192.168.2.3
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	634583
Start date and time: 26/05/202213:44:31	2022-05-26 13:44:31 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 4s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Invoice_payment_confirmation_567.html
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.winHTML@34/132@10/13
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 99.9% (good quality ratio 94.4%) Quality average: 80.1% Quality standard deviation: 27.5%
HCA Information:	Successful, ratio: 99% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 172.217.168.10, 104.18.23.52, 104.18.22.52, 69.16.175.42, 69.16.175.10, 188.114.96.10, 188.114.97.10, 104.16.87.20, 104.16.89.20, 104.16.86.20, 104.16.85.20, 104.16.88.20, 142.250.203.106, 34.104.35.123, 142.250.203.99
Excluded domains from analysis (whitelisted): logincdn.msauth.net, cds.s5x3j6q5.hwcdn.net, cdn.jsdelivr.net.cdn.cloudflare.net, ka-f.fontawesome.com.cdn.cloudflare.net, clientservices.googleapis.com, arc.msn.com, login.live.com, sls.update.microsoft.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, global-entry-afdthirdparty-fallback.trafficmanager.net, kit.fontawesome.com.cdn.cloudflare.net, fonts.googleapis.com, fs.microsoft.com, fonts.gstatic.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, lgincdnvzeuno.ec.azureedge.net, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, lgincdnvzeuno.azureedge.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, lgincdn.trafficmanager.net, aadcdnoriginwus2.afd.azureedge.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	259472
Entropy (8bit):	6.621401853828968
Encrypted:	false
SSDEEP:	6144:wgtABO5wl1poLsQXo2fJjazGDJvvLAOk7CWn5l4rB+5Jb:wgtAFB+sQXo2ZRG7CWnaB+5Jb
MD5:	49AC3C96D270702A27B4895E4CE1F42A
SHA1:	55B90405F1E1B72143C64113E8BC65608DD3FD76
SHA-256:	82AA3FD6A25CDA9E16689CFADEA175091BE010CECAE537E517F392E0BEF5BA0F
SHA-512:	B62F6501CB4C992D42D9097E356805C88AC4AC5A46EAD4A8EEE9F8CBAE197B2305DA8AAB5B4A61891FE73951588025F2D642C32524B360687993F98C913138A0
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....zp..zp..zp...s.qzp...u..zp...t.\zp...s.izp...u.;zp...t.gzp...q.fzp..zq..{p...y.Ezp.....~zp..z..~zp...r.~zp.Rich.zp.................PE..L....a\|b.................V..........\|........p....@.......................... ......vI....@.................................Tl..........p2...............#...... $...\..T...........................(]..@............p..H............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data...d'...........j..............@....rsrc...p2.......4...x..............@..@.reloc.. $.......&..................@..B................................................................................................................................................................................................................................................................................................

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Invalid link: Forgot my password?
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Invalid link: Forgot my password?

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice_payment_confirmation_567.html	HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 13.107.219.60 13.107.219.60

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115

Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ChromeRecovery.exe.21.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: elevation_service.exe, 00000015.00000003.417345019.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413163151.000001BC7601F000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.413178414.000001BC76017000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.414606907.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 00000015.00000003.415768749.000001BC7601A000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.21.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://ajax.googleapis.com
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr, manifest.json2.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 5ff0b0b0-f071-475e-a22f-2b9d6f4c7f6c.tmp.1.dr, 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, 4b148a3c-b6d3-4f11-9c05-b7cee60505f1.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://dns.google
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp.1.dr, d2d2882c-2463-49cb-8dd6-e32aaba9ce4c.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	3.361223713678967
TrID:	HyperText Markup Language (31031/1) 100.00%
File name:	Invoice_payment_confirmation_567.html
File size:	50476
MD5:	e91df87620aa68b41abc943cd4c096bf
SHA1:	4ec2d9b4832c871b0f307eb97484f925fd86d8a2
SHA256:	2aa5bffa8a9c6a8590f9cbbd68ab94dc7a8e99b630e97561e15bf2dfd8904235
SHA512:	3b3ad36e1a51e2fb39c5cc0b12344ae1d255ed43471f1ba87a2bacc3009400ad9e85379d4095d4c3eb171c0449c9d2a12e6cfab789f25d7b9f316c8f1be24e0e
SSDEEP:	384:MxH62+4R4sdXd9sytvimzuPY3ZoTB074ulKCl01BQsMOhBjj9ROLXkY+9njnhX:Ms4R4+spBv9ROLXkYYJ
TLSH:	6733753C70A1D0AEA4BF4A7BFEE52514D9880F97C8C9B74405D4C66D2FFCE6A3014A96
File Content Preview:	<script type="text/javascript">..document.write(unescape('%3c%21%44%4f%43%54%59%50%45%20%68%74%6d%6c%3e%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%68%65%61%64%3e%0d%0a%09%3c%74%69%74%6c%65%3e%53%69%67%6e%20%69%6e%20%74%6f%20%79%6f%75%72%20%61%63%63%6f%75%6e%74%3c%2

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2022 13:45:23.999077082 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:23.999136925 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:23.999176979 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:23.999238014 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:23.999270916 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:23.999330997 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.295181036 CEST	49712	443	192.168.2.4	40.126.31.143
May 26, 2022 13:45:24.411163092 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.411220074 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.426438093 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.426491976 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.576575994 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.576702118 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.579783916 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.579893112 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.602479935 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.602514029 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.602873087 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.602931023 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.606338978 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.606395006 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.606790066 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.606909990 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.652899981 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653081894 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653208971 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653316021 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653397083 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653446913 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653486013 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653557062 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653600931 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.653640032 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.659822941 CEST	49717	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.660022974 CEST	49718	443	192.168.2.4	20.82.210.154
May 26, 2022 13:45:24.677500963 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677557945 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677599907 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677638054 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677675962 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677721024 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677758932 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677798986 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677831888 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677871943 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677911997 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677951097 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.677989960 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678028107 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678056955 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678093910 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678133011 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678172112 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678211927 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678250074 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678289890 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678375959 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678407907 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678446054 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678484917 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678528070 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678567886 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678600073 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678628922 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678668022 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678700924 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678740025 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678775072 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678812981 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678848982 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678881884 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678910017 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678936958 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.678971052 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.679018021 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679148912 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679183006 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679279089 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679357052 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679390907 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679425955 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679455042 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679482937 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679496050 CEST	49715	443	192.168.2.4	131.253.33.200
May 26, 2022 13:45:24.679508924 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679534912 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679563999 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679608107 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679642916 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679714918 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679744005 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679780960 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679847002 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.679977894 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.680007935 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.680037022 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.680071115 CEST	443	49715	131.253.33.200	192.168.2.4
May 26, 2022 13:45:24.700493097 CEST	443	49718	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.700494051 CEST	443	49717	20.82.210.154	192.168.2.4
May 26, 2022 13:45:24.734146118 CEST	443	49715	131.253.33.200	192.168.2.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2022 13:45:24.366730928 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:25.123311996 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:25.873357058 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:26.639028072 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:27.404813051 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:32.761451006 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:32.761889935 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:33.511750937 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:33.512739897 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:33.660403967 CEST	60758	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:33.686943054 CEST	60647	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:33.688909054 CEST	53	60758	8.8.8.8	192.168.2.4
May 26, 2022 13:45:33.691999912 CEST	64909	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:33.714826107 CEST	53	60647	8.8.8.8	192.168.2.4
May 26, 2022 13:45:34.162414074 CEST	54069	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.162502050 CEST	57747	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.162843943 CEST	58171	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.163075924 CEST	57594	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.163153887 CEST	60512	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.184459925 CEST	53	58171	8.8.8.8	192.168.2.4
May 26, 2022 13:45:34.185082912 CEST	53	57594	8.8.8.8	192.168.2.4
May 26, 2022 13:45:34.242783070 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:34.250360966 CEST	51679	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:34.261985064 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:34.262968063 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:34.281260967 CEST	53	51679	8.8.8.8	192.168.2.4
May 26, 2022 13:45:34.997220993 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:35.756814957 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:36.055583954 CEST	56437	53	192.168.2.4	8.8.8.8
May 26, 2022 13:45:36.074429989 CEST	53	56437	8.8.8.8	192.168.2.4
May 26, 2022 13:45:38.786935091 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:38.787955046 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:38.788258076 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:39.545197964 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:39.545476913 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:39.545486927 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:40.310965061 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:40.315821886 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:40.315840960 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:41.613907099 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:41.664767981 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:42.358340979 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:42.420785904 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:42.884995937 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:42.914860010 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:42.915271044 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:42.943600893 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:42.943664074 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:42.943702936 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:42.943743944 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:42.944730997 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:42.947643042 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:42.978532076 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:42.978900909 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:43.019601107 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:43.020133972 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:43.020401955 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:43.035093069 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:43.035145044 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:43.035171986 CEST	443	50802	216.58.215.238	192.168.2.4
May 26, 2022 13:45:43.035605907 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:43.060740948 CEST	50802	443	192.168.2.4	216.58.215.238
May 26, 2022 13:45:43.113619089 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:43.176100016 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:43.275300026 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:44.035553932 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:45:44.786024094 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:46:32.652287960 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:46:33.403722048 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:46:34.164201021 CEST	137	137	192.168.2.4	192.168.2.255
May 26, 2022 13:47:26.111500978 CEST	138	138	192.168.2.4	192.168.2.255

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:45:24 UTC	0	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094314Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f6e598a7210f4ba6a67368ba84fd9e2a&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6 Cache-Control: no-cache MS-CV: Gr8SksEb2E2KQqlU.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-26 11:45:24 UTC	3	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=1000 Content-Length: 53760 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"2,P425106554-T700342084-C128000000001392709+B+P80+S1,P425106558-T700342085-C128000000001392729+B+P80+S2"},{"BATCH_REDIRECT_STORE":"1,BB_9NXQXXLFST89_9WZDNCRFHVFW_9WZDNCRFJ3P2_9NCBCSZSJRSB_9NMPJ99VJBWV_9NBLGGH5FV99_9WZDNCRDFNG7+P0+S0"},{"BATCH_REDIRECT_STORE":"1,BB_9NBLGGGZM6WM_9WZDNCRFHWD2_9NH2GPH4JZS4_9NBLGGH6J6VK_9P6RC76MSMMJ_9WZDNCRFJ27N_9N0866FS04W8_9WZDNCRFJ10M_9WZDNCRFJ140_9NC2FBTHCJV8_9NBLGGH1CQ7L+P0+S0"},{"OPTOUTSTATE":"256"}] X-ARC-SIG: CV3yYaBv4VhjQlEo81FjVBsZOEQmgaOt83FWzENdIYwFEltlUGr8WBt/E4d2sm/2W6wytjNKsEjwZrPFNErk0MNEco59ejYjmbexgsyo0d6o1eyo9W6HvFV5xmQIPKEzLPNW6irXusiykcPEjHMGUeWeY0rPLehOWgDwoELKmGw14pC10UHRRnAS7FCWgutK37iUlB393vne/Loj5/CEiqwYY5Qg0RglGI/TovUQBxJM2Q9ANSFhTukQ5Z19GljnrOVc0irO4LjJb1ZuBWD2Uz0VJsQRayHqmbadwY/7u3+XYxdifH60gKC4goJljqYDIqggkpNf3oVfwtf2R/rovA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Thu, 26 May 2022 11:45:24 GMT Connection: close
2022-05-26 11:45:24 UTC	4	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 73 74 6f 72 65 43 61 6d 70 61 69 67 6e 49 64 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 74 65 78 74 5c 22 2c 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 7d 2c 5c 22 69 6e 73 74 61 6c 6c 41 70 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 62 6f 6f 6c 65 61 6e 5c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"u\":\"SubscribedContent\",\"c\":\"CDM\"}],\"ad\":{\"itemPropertyManifest\":{\"storeCampaignId\":{\"type\":\"text\",\"isOptional\":true},\"installApp\":{\"type\":\"boolean\
2022-05-26 11:45:24 UTC	19	IN	Data Raw: 5c 22 3a 5c 22 63 6c 69 63 6b 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 5c 22 75 72 69 5c 22 3a 5c 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 5c 2f 5c 2f 70 64 70 5c 2f 3f 70 72 6f 64 75 63 74 69 64 3d 39 6e 62 6c 67 67 68 35 66 76 39 39 26 6f 63 69 64 3d 65 6d 73 2e 64 63 6f 2e 73 74 61 72 74 70 72 6f 67 72 61 6d 6d 61 62 6c 65 26 63 63 69 64 3d 35 30 33 64 36 39 64 63 61 62 66 30 34 39 37 31 39 32 61 30 62 38 30 64 65 38 64 34 63 31 37 63 26 63 69 64 3d 6d 73 66 74 5f 31 5c 22 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6c 61 75 6e 63 68 55 72 69 5c 22 7d 2c 5c 22 6f 6e 52 65 6e 64 65 72 5c 22 3a 7b 5c 22 65 76 65 6e 74 5c 22 3a 5c 22 6f 70 70 6f 72 74 75 6e 69 74 79 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 7d Data Ascii: \":\"click\",\"parameters\":{\"uri\":\"ms-windows-store:\/\/pdp\/?productid=9nblggh5fv99&ocid=ems.dco.startprogrammable&ccid=503d69dcabf0497192a0b80de8d4c17c&cid=msft_1\"},\"action\":\"launchUri\"},\"onRender\":{\"event\":\"opportunity\",\"parameters\":{}
2022-05-26 11:45:24 UTC	35	IN	Data Raw: 74 61 72 74 70 72 6f 67 72 61 6d 6d 61 62 6c 65 26 63 63 69 64 3d 63 36 39 62 38 31 32 62 62 30 61 65 34 62 31 32 62 64 61 38 65 65 34 33 35 38 64 38 66 34 63 64 26 63 69 64 3d 6d 73 66 74 5f 31 5c 22 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6c 61 75 6e 63 68 55 72 69 5c 22 7d 2c 5c 22 6f 6e 52 65 6e 64 65 72 5c 22 3a 7b 5c 22 65 76 65 6e 74 5c 22 3a 5c 22 6f 70 70 6f 72 74 75 6e 69 74 79 5c 22 2c 5c 22 70 61 72 61 6d 65 74 65 72 73 5c 22 3a 7b 7d 2c 5c 22 61 63 74 69 6f 6e 5c 22 3a 5c 22 6e 6f 4f 70 5c 22 7d 2c 5c 22 73 68 6f 77 4e 61 6d 65 4f 6e 4d 65 64 69 75 6d 54 69 6c 65 5c 22 3a 7b 5c 22 62 6f 6f 6c 5c 22 3a 74 72 75 65 7d 2c 5c 22 73 68 6f 77 4e 61 6d 65 4f 6e 57 69 64 65 54 69 6c 65 5c 22 3a 7b 5c 22 62 6f 6f 6c 5c 22 3a 74 72 75 65 7d 2c 5c Data Ascii: tartprogrammable&ccid=c69b812bb0ae4b12bda8ee4358d8f4cd&cid=msft_1\"},\"action\":\"launchUri\"},\"onRender\":{\"event\":\"opportunity\",\"parameters\":{},\"action\":\"noOp\"},\"showNameOnMediumTile\":{\"bool\":true},\"showNameOnWideTile\":{\"bool\":true},\
2022-05-26 11:45:24 UTC	51	IN	Data Raw: 37 2d 61 64 38 31 2d 31 33 31 39 36 66 35 62 61 66 30 30 3f 66 6f 72 6d 61 74 3d 73 6f 75 72 63 65 5c 22 2c 5c 22 77 69 64 74 68 5c 22 3a 31 34 32 2c 5c 22 68 65 69 67 68 74 5c 22 3a 31 34 32 2c 5c 22 73 68 61 32 35 36 5c 22 3a 5c 22 51 50 5c 2f 4a 45 48 4a 59 57 39 38 6d 36 39 4f 4a 4c 42 42 30 59 48 33 64 78 49 6a 70 75 6d 59 72 74 74 4c 46 38 62 66 5c 2f 33 66 77 3d 5c 22 2c 5c 22 66 69 6c 65 53 69 7a 65 5c 22 3a 31 37 30 31 38 7d 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 5c 22 3a 7b 5c 22 6e 75 6d 62 65 72 5c 22 3a 32 2e 30 7d 2c 5c 22 6d 65 64 69 75 6d 54 69 6c 65 5c 22 3a 7b 5c 22 69 6d 61 67 65 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 5c 2f 69 6d 61 67 65 5c 2f 61 Data Ascii: 7-ad81-13196f5baf00?format=source\",\"width\":142,\"height\":142,\"sha256\":\"QP\/JEHJYW98m69OJLBB0YH3dxIjpumYrttLF8bf\/3fw=\",\"fileSize\":17018},\"collection\":{\"number\":2.0},\"mediumTile\":{\"image\":\"https:\/\/store-images.s-microsoft.com\/image\/a

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:45:29 UTC	98	OUT	GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-26 11:45:29 UTC	98	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 7669 Content-Type: image/png Last-Modified: Thu, 24 May 2018 00:36:00 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDVDMTBFNTJCMkI1MzM" MS-CV: zKJ18ukIb0aTWgjG.0 Access-Control-Expose-Headers: MS-CV Date: Thu, 26 May 2022 11:45:29 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-26 11:45:29 UTC	99	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 06 00 00 00 79 7d 8e 75 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 1d af 49 44 41 54 78 01 ed 9d 09 74 5d c5 79 c7 3f e9 69 df 17 5b 96 65 c9 bb 83 01 03 61 5f 62 02 04 43 ba a4 a5 24 69 9a e6 94 93 90 a6 69 d2 94 b4 64 21 4b 4f 9b e4 34 74 0b 25 6c a7 14 92 d0 24 27 10 92 1c 5a 48 a0 98 10 16 1b c2 c1 36 36 c6 36 d8 18 cb 96 6c c9 5a 2c 6b 7f d2 d3 f2 f4 3a 73 65 2d f7 e9 5d 57 cb 7d d2 cc bb bf 39 47 bc 3b 77 ee 9d f9 e6 f7 0d 7f cf 9d 3b 77 26 2d 54 79 69 4c 08 10 80 00 04 2c 20 90 6e 81 8d 98 08 01 08 40 c0 21 80 60 d1 10 20 00 01 6b 08 20 58 d6 b8 0a 43 21 00 01 04 8b 36 00 01 08 58 43 00 c1 b2 c6 55 18 0a 01 08 20 58 b4 01 08 40 c0 1a 02 08 96 35 ae c2 50 08 40 00 c1 a2 0d Data Ascii: PNGIHDR,,y}usRGBIDATxt]y?i[ea_bC$iid!KO4t%l$'ZH666lZ,k:se-]W}9G;w;w&-TyiL, n@!` k XC!6XCU X@5P@

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:46:46 UTC	2092	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-26 11:46:46 UTC	2093	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 24869a5d-23fb-4220-8380-d2bd60e4c272 MS-RequestId: 3e31ce76-eb6e-4027-b9b3-5b0de68ad29a MS-CV: NUPUzuV9Pk6Cbv3Q.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 May 2022 11:46:46 GMT Connection: close Content-Length: 35877
2022-05-26 11:46:46 UTC	2093	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-26 11:46:46 UTC	2109	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-05-26 11:46:46 UTC	2125	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:46:47 UTC	2200	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-26 11:46:47 UTC	2200	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 1c708b20-6bd4-4046-bdde-6b7f963cb38a MS-RequestId: 695610bc-3d17-49ed-825a-3711e32e2a16 MS-CV: EEWDQuAtfE2Rj4hc.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 May 2022 11:46:46 GMT Connection: close Content-Length: 35877
2022-05-26 11:46:47 UTC	2201	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-26 11:46:47 UTC	2216	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-05-26 11:46:47 UTC	2232	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:46:48 UTC	2236	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=g4DRHRYs7RSz14z&MD=8Fa6EBfD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-26 11:46:48 UTC	2236	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 MS-CorrelationId: 58d4348e-c9f7-4478-a003-b30d33ed18bf MS-RequestId: 95b157cd-38e3-4dc1-8e99-16f8add08ca3 MS-CV: faSo1sFx0E+9AYTg.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 May 2022 11:46:47 GMT Connection: close Content-Length: 35877
2022-05-26 11:46:48 UTC	2237	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-26 11:46:48 UTC	2252	IN	Data Raw: 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 5b e7 50 31 07 a1 48 30 3e 6a a4 f0 c4 72 3c 54 96 f6 da df d2 d3 50 d2 84 7b 97 ec 78 f9 43 53 fd e4 71 94 d6 61 5f 1a b6 d2 ca cf 27 33 68 64 df 14 e1 50 66 07 d7 7e 96 93 5f 64 a6 a8 6b ed 53 9c 38 61 a0 4a c0 c3 f6 42 3e ba 0e e9 8f ca a4 d9 37 47 6f e1 9f d2 fc 8f da e3 3f 6a 8f ff a8 3d fe a3 f6 f8 8f da e3 Data Ascii: AI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF[P1H0>jr<TP{xCSqa_'3hdPf~_dkS8aJB>7Go?j=
2022-05-26 11:46:48 UTC	2268	IN	Data Raw: 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 Data Ascii: oft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100"0*H0

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:46:48 UTC	2272	OUT	GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AmazonVideo.PrimeVideo_pwbj9vvecjh7j&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: Install Service MS-CV: rSSOXunOFkaDfWK5.0.2.4 Host: displaycatalog.mp.microsoft.com
2022-05-26 11:46:48 UTC	2272	IN	HTTP/1.1 200 OK Connection: close Date: Thu, 26 May 2022 11:46:47 GMT Content-Type: application/json; charset=utf-8 Server: Kestrel Transfer-Encoding: chunked Vary: Authorization MS-CorrelationId: c124ee84-c52c-4206-a6b0-86c6dba1aad1 MS-RequestId: 87cfd6f0-021b-46b2-b817-ad5b417830c5 MS-CV: rSSOXunOFkaDfWK5.0.2.4.1057843896.0.1.1057843898.2527013186.0 X-Content-Type-Options: nosniff MS-ServerId: cf5cdc-bxfkh Region: neu Node: aks-bigcatrpns-32351330-vmss00000o MS-DocumentVersions: 9P6RC76MSMMJ\|1526
2022-05-26 11:46:48 UTC	2273	IN	Data Raw: 37 61 65 37 0d 0a 7b 22 42 69 67 49 64 73 22 3a 5b 22 39 50 36 52 43 37 36 4d 53 4d 4d 4a 22 5d 2c 22 48 61 73 4d 6f 72 65 50 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 50 72 6f 64 75 63 74 73 22 3a 5b 7b 22 4c 61 73 74 4d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 34 54 31 36 3a 30 36 3a 30 36 2e 36 32 36 38 34 37 31 5a 22 2c 22 4c 6f 63 61 6c 69 7a 65 64 50 72 6f 70 65 72 74 69 65 73 22 3a 5b 7b 22 46 72 61 6e 63 68 69 73 65 73 22 3a 5b 5d 2c 22 49 6d 61 67 65 73 22 3a 5b 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 34 31 32 33 35 38 37 38 39 32 37 35 39 32 38 38 32 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 Data Ascii: 7ae7{"BigIds":["9P6RC76MSMMJ"],"HasMorePages":false,"Products":[{"LastModifiedDate":"2022-05-24T16:06:06.6268471Z","LocalizedProperties":[{"Franchises":[],"Images":[{"FileId":"3041235878927592882","EISListingIdentifier":null,"BackgroundColor":"transpare
2022-05-26 11:46:48 UTC	2276	IN	Data Raw: 2e 31 32 36 30 2e 31 34 36 31 38 39 38 35 35 33 36 39 31 39 39 30 35 2e 62 66 64 63 65 66 34 62 2d 39 36 62 65 2d 34 31 62 36 2d 62 65 38 65 2d 35 66 61 39 34 61 31 34 33 36 38 31 2e 38 31 36 62 34 65 61 38 2d 66 65 37 38 2d 34 65 66 30 2d 61 30 35 64 2d 64 32 64 62 36 35 39 38 34 66 32 61 22 2c 22 57 69 64 74 68 22 3a 36 36 7d 2c 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 34 38 33 30 35 34 33 36 35 32 36 39 32 39 34 39 37 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 30 30 33 36 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f Data Ascii: .1260.14618985536919905.bfdcef4b-96be-41b6-be8e-5fa94a143681.816b4ea8-fe78-4ef0-a05d-d2db65984f2a","Width":66},{"FileId":"3048305436526929497","EISListingIdentifier":null,"BackgroundColor":"transparent","Caption":"","FileSizeInBytes":10036,"ForegroundColo
2022-05-26 11:46:48 UTC	2280	IN	Data Raw: 33 30 37 30 38 35 36 32 31 37 32 30 34 33 35 30 32 34 31 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 33 39 38 38 35 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 33 30 30 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 22 2c 22 49 6d 61 67 65 50 75 72 70 6f 73 65 22 3a 22 54 69 6c 65 22 2c 22 55 6e 73 63 61 6c 65 64 49 6d 61 67 65 53 48 41 32 35 36 48 61 73 68 22 3a 22 6a 4c 75 4f 74 76 78 30 50 6b 6a 76 75 71 59 75 6a 5a 35 78 56 46 33 50 61 67 71 51 66 59 Data Ascii: 3070856217204350241","EISListingIdentifier":null,"BackgroundColor":"transparent","Caption":"","FileSizeInBytes":139885,"ForegroundColor":"","Height":300,"ImagePositionInfo":"","ImagePurpose":"Tile","UnscaledImageSHA256Hash":"jLuOtvx0PkjvuqYujZ5xVF3PagqQfY
2022-05-26 11:46:48 UTC	2284	IN	Data Raw: 65 49 64 22 3a 22 32 30 30 30 30 30 30 30 30 30 30 36 37 38 30 31 37 34 31 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 30 39 31 39 33 31 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 37 36 38 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 44 65 73 6b 74 6f 70 2f 37 22 2c 22 49 6d 61 67 65 50 75 72 70 6f 73 65 22 3a 22 53 63 72 65 65 6e 73 68 6f 74 22 2c 22 55 6e 73 63 61 6c 65 64 49 6d 61 67 65 53 48 41 32 35 36 48 61 73 68 22 3a 22 46 6f 45 6a 51 53 43 33 Data Ascii: eId":"2000000000067801741","EISListingIdentifier":null,"BackgroundColor":"transparent","Caption":"","FileSizeInBytes":1091931,"ForegroundColor":"","Height":768,"ImagePositionInfo":"Desktop/7","ImagePurpose":"Screenshot","UnscaledImageSHA256Hash":"FoEjQSC3
2022-05-26 11:46:48 UTC	2288	IN	Data Raw: 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 22 2c 22 50 61 63 6b 61 67 65 49 64 65 6e 74 69 74 79 4e 61 6d 65 22 3a 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 22 2c 22 50 75 62 6c 69 73 68 65 72 43 65 72 74 69 66 69 63 61 74 65 4e 61 6d 65 22 3a 22 43 4e 3d 43 41 46 43 34 36 46 37 2d 31 37 38 35 2d 34 44 32 32 2d 38 38 34 33 2d 36 32 42 42 32 33 45 39 39 41 43 45 22 2c 22 58 62 6f 78 43 72 6f 73 73 47 65 6e 53 65 74 49 64 22 3a 6e 75 6c 6c 2c 22 58 62 6f 78 43 6f 6e 73 6f 6c 65 47 65 6e 4f 70 74 69 6d 69 7a 65 64 22 3a 6e 75 6c 6c 2c 22 58 62 6f 78 43 6f 6e 73 6f 6c 65 47 65 6e 43 6f 6d 70 61 74 69 62 6c 65 22 3a 6e 75 6c 6c 7d 2c 22 41 6c 74 65 72 6e 61 74 65 49 64 73 22 3a 5b 7b 22 Data Ascii: Video.PrimeVideo_pwbj9vvecjh7j","PackageIdentityName":"AmazonVideo.PrimeVideo","PublisherCertificateName":"CN=CAFC46F7-1785-4D22-8843-62BB23E99ACE","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"
2022-05-26 11:46:48 UTC	2292	IN	Data Raw: 36 2c 5c 22 63 6f 6e 74 65 6e 74 2e 62 75 6e 64 6c 65 64 50 61 63 6b 61 67 65 73 5c 22 3a 5b 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 2e 30 5f 78 38 36 5f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 5c 22 2c 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 2e 30 5f 78 36 34 5f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 5c 22 2c 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 2e 30 5f 61 72 6d 5f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 5c 22 5d 2c 5c 22 63 6f 6e 74 65 6e 74 2e 69 73 4d 61 69 6e 5c 22 3a 66 61 6c 73 65 2c 5c 22 63 6f 6e 74 65 6e 74 2e 70 61 63 6b 61 67 65 49 64 5c 22 3a 5c 22 41 6d 61 7a 6f 6e 56 69 64 Data Ascii: 6,\"content.bundledPackages\":[\"AmazonVideo.PrimeVideo_1.0.99.0_x86__pwbj9vvecjh7j\",\"AmazonVideo.PrimeVideo_1.0.99.0_x64__pwbj9vvecjh7j\",\"AmazonVideo.PrimeVideo_1.0.99.0_arm__pwbj9vvecjh7j\"],\"content.isMain\":false,\"content.packageId\":\"AmazonVid
2022-05-26 11:46:48 UTC	2296	IN	Data Raw: 6f 77 73 2e 48 6f 6c 6f 67 72 61 70 68 69 63 22 7d 2c 7b 22 4d 61 78 56 65 72 73 69 6f 6e 22 3a 32 31 34 37 34 38 33 36 34 37 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 30 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 43 6f 72 65 22 7d 5d 7d 2c 22 45 6e 64 44 61 74 65 22 3a 22 39 39 39 38 2d 31 32 2d 33 30 54 30 30 3a 30 30 3a 30 30 2e 30 30 30 30 30 30 30 5a 22 2c 22 52 65 73 6f 75 72 63 65 53 65 74 49 64 73 22 3a 5b 22 31 22 5d 2c 22 53 74 61 72 74 44 61 74 65 22 3a 22 31 37 35 33 2d 30 31 2d 30 31 54 30 30 3a 30 30 3a 30 30 2e 30 30 30 30 30 30 30 5a 22 7d 2c 22 4c 61 73 74 4d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 34 54 31 36 3a 30 36 3a 30 36 2e 36 33 35 38 34 34 34 5a 22 2c 22 4c 69 63 65 6e Data Ascii: ows.Holographic"},{"MaxVersion":2147483647,"MinVersion":0,"PlatformName":"Windows.Core"}]},"EndDate":"9998-12-30T00:00:00.0000000Z","ResourceSetIds":["1"],"StartDate":"1753-01-01T00:00:00.0000000Z"},"LastModifiedDate":"2022-05-24T16:06:06.6358444Z","Licen
2022-05-26 11:46:48 UTC	2300	IN	Data Raw: 3a 22 57 69 6e 64 6f 77 73 2e 44 65 73 6b 74 6f 70 22 7d 5d 2c 22 50 6c 61 74 66 6f 72 6d 44 65 70 65 6e 64 65 6e 63 79 58 6d 6c 42 6c 6f 62 22 3a 22 7b 5c 22 62 6c 6f 62 2e 76 65 72 73 69 6f 6e 5c 22 3a 31 36 38 38 38 36 37 30 34 30 35 32 36 33 33 36 2c 5c 22 63 6f 6e 74 65 6e 74 2e 62 75 6e 64 6c 65 64 50 61 63 6b 61 67 65 73 5c 22 3a 5b 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 2e 30 5f 78 38 36 5f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 5c 22 2c 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 2e 30 5f 78 36 34 5f 5f 70 77 62 6a 39 76 76 65 63 6a 68 37 6a 5c 22 2c 5c 22 41 6d 61 7a 6f 6e 56 69 64 65 6f 2e 50 72 69 6d 65 56 69 64 65 6f 5f 31 2e 30 2e 39 39 Data Ascii: :"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.bundledPackages\":[\"AmazonVideo.PrimeVideo_1.0.99.0_x86__pwbj9vvecjh7j\",\"AmazonVideo.PrimeVideo_1.0.99.0_x64__pwbj9vvecjh7j\",\"AmazonVideo.PrimeVideo_1.0.99
2022-05-26 11:46:48 UTC	2303	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:45:29 UTC	106	OUT	GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-26 11:45:29 UTC	107	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 37622 Content-Type: image/png Last-Modified: Thu, 30 Sep 2021 03:30:15 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDk4M0MyOUU1MTM1NDQ" MS-CV: YXEQRcwIqUCuqc/O.0 Access-Control-Expose-Headers: MS-CV Date: Thu, 26 May 2022 11:45:29 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-26 11:45:29 UTC	107	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 92 bd 49 44 41 54 78 01 ec 9a 81 6e db 38 10 44 09 20 52 72 69 3e e3 92 d8 76 74 77 ff ff 75 e7 68 db 07 25 43 10 cb 2e 49 cb 85 81 01 31 5a 53 6e 52 e8 65 96 a4 d2 c3 f4 77 56 93 68 36 a9 e6 d7 ad 5f f5 f6 45 8f 5b 6f a2 6e 66 80 0e ab de 37 3a 4c 4f ef ab 0e 95 3a ae c2 33 22 8a 36 d6 eb 2e fd af de 88 a2 53 f3 45 8f 87 e9 d1 cc fb 74 d1 cf e2 db 30 f1 c0 63 50 da 50 87 31 e4 1c f8 a1 f9 6d 45 51 f0 13 35 41 ce 28 92 ca 6a 80 aa bb 8e 5b df 4e a7 e9 af 5c 05 23 e3 c6 9c 4c e8 52 b7 2f b1 4f b3 d3 0a 77 71 2f f5 ef 5f a5 33 a9 c4 a5 b0 f5 95 20 ba 3e 54 d3 65 7c 6a 0f a4 c9 7c 02 3f c0 9b 31 25 59 e8 99 ca bc 61 02 7a 7a fb 8c 2c 23 cd 08 24 c4 6c c4 Data Ascii: PNGIHDR,,"IDATxn8D Rri>vtwuh%C.I1ZSnRewVh6_E[onf7:LO:3"6.SEt0cPP1mEQ5A(j[N\#LR/Owq/_3 >Te\|j\|?1%Yazz,#$l
2022-05-26 11:45:29 UTC	129	IN	Data Raw: 9f 09 6e 39 ec 8d 6c 41 04 8c 2d f5 1d b9 88 b9 d6 9f 16 88 54 87 ed 3b 62 fb 0e 8e cc 43 c9 e0 f6 4e 55 91 0f 4c a7 48 31 8c 02 45 d8 ae a2 a8 ca 09 20 81 a5 90 0e 42 d9 4e 42 e9 8a 44 b3 b7 3a 7c f2 4a ab b1 56 d3 75 92 3c a2 e3 ed 32 48 2e 01 a1 08 bd f8 30 f6 2c 10 c8 ea 59 09 36 17 a8 d3 ae fd d8 ed 2e 75 04 be 99 ad 61 83 26 fd 92 96 6e a7 c8 41 f2 7f cd 83 d2 0f c4 89 6f d9 38 95 3d 15 42 f2 8e b2 94 6c a6 2d 8b a1 fb fc e6 2c df 52 b5 6f 64 87 c5 80 2b 37 ee 7b 77 0b 43 bb f4 9f 8d 91 af fc d8 75 e0 2c 83 27 5b 99 38 4a 90 f4 19 b1 90 fe 84 2b eb df db d1 2f ef df 8d 1d 64 e4 94 55 ec 20 69 b3 06 e2 5a c7 57 7e 2c 5c b5 07 07 84 a5 a5 23 93 49 17 03 28 5b f0 96 6f 90 c1 73 2e d7 a0 6b 81 6a 6d 25 3f 16 e2 71 60 6d f4 55 35 8c 24 7a 21 bb aa 7b ee Data Ascii: n9lA-T;bCNULH1E BNBD:\|JVu<2H.0,Y6.ua&nAo8=Bl-,Rod+7{wCu,'[8J+/dU iZW~,\#I([os.kjm%?q`mU5$z!{
2022-05-26 11:45:29 UTC	138	IN	Data Raw: d9 34 35 ea 0e 87 2a 84 d9 dd e9 a7 04 66 d1 e4 c4 ef 3c 7b 29 7e be 40 37 81 53 39 67 f2 6a 9b a4 c9 9e f7 3a ee 01 78 f8 14 43 02 3b f1 cb 0a 9b d5 16 3d 6d 1c ab 11 91 37 0f 89 dd b3 1d 30 13 fe 6c ac ed 08 e0 58 0f 7b f2 9b da c7 f6 fc ed 1f 48 83 e5 6f 37 d2 53 17 6b b9 4f f2 d3 c4 87 8b 19 44 e4 90 04 52 ef e4 da f1 4d ad 6d c9 bd 73 e9 3f ea 11 9f 11 3c 6a 28 32 f8 05 0d d6 74 bf 70 b1 41 16 d9 a3 3a e7 74 23 0b 62 d3 38 26 f5 95 9d 25 ab c0 c0 0c 41 51 ea 2b 9c ac 0f 9e 5a dc a6 71 b3 d4 2f 02 c6 71 7b ae 34 8e 21 a2 59 37 b7 a3 43 dc c4 b8 aa 2e 73 a3 07 36 8f 4e ff f8 e7 bf a7 e6 59 54 4f 08 e2 26 29 18 44 53 4c e6 22 65 32 a2 b1 c4 fa b9 c7 1d 82 d2 79 3f 4a 56 3b 82 9b b0 c8 61 8c 62 bd a3 a0 b5 c4 19 7d 0f 32 eb 7e de f7 ee 8e 39 a5 e4 9f 66 Data Ascii: 45*f<{)~@7S9gj:xC;=m70lX{Ho7SkODRMms?<j(2tpA:t#b8&%AQ+Zq/q{4!Y7C.s6NYTO&)DSL"e2y?JV;ab}2~9f

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice_payment_confirmation_567.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecovery.exe

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\ChromeRecoveryCRX.crx

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\_metadata\verified_contents.json

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3536_8644126\manifest.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\0508af9e-5b8a-42f4-ae13-2356a197728d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\29141829-89d2-4f4f-93f1-9015214f17d7.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2e5ea4ae-338b-4e7b-bcc0-d359481046b9.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\3b206e03-16b0-429d-9eb6-ed45004f3f87.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\65a22dc6-7c7b-4716-bebd-59ee7e686793.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\683703b1-4b89-4df1-90ff-61e32baac2c2.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6926e3a0-1b2c-4b38-a7c5-6e8de3906348.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6c210c5d-1ea1-443c-bdae-bf7e85fc998b.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\772bef35-5c47-41e8-a66b-079c7b69b05d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\8b13b6f2-05c0-4b5d-afc2-0d6a292b4bb1.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\9f91e5a2-0746-482d-b7f1-804b79820fdf.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\357ffe30-2921-4f94-97a3-98c8c0064b1c.tmp

Windows Analysis Report
Invoice_payment_confirmation_567.html

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:02 UTC	10345	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114640Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:02 UTC	10346	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: c4c69666-e059-4172-9d22-3469e25c8133 Date: Thu, 26 May 2022 11:47:02 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:02 UTC	10346	OUT	GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114641Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:02 UTC	10347	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 32d30f51-b871-4dad-85b9-a7b8de482cf1 Date: Thu, 26 May 2022 11:47:02 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:03 UTC	10347	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114641Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:03 UTC	10348	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 4b622323-ba3c-495a-963c-8df78d09cef8 Date: Thu, 26 May 2022 11:47:03 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:04 UTC	10348	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114643Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:04 UTC	10349	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 61589411-cf22-4f35-acce-ab29a99a5160 Date: Thu, 26 May 2022 11:47:03 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:04 UTC	10350	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114646Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:04 UTC	10351	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 251ce392-87da-447e-85f4-0a180ee3b237 Date: Thu, 26 May 2022 11:47:04 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:05 UTC	10352	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114648Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:05 UTC	10352	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 14f6405a-f4cd-4225-b2cf-94d145d439bc Date: Thu, 26 May 2022 11:47:05 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:45:29 UTC	107	OUT	GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-05-26 11:45:29 UTC	123	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 5777 Content-Type: image/png Last-Modified: Tue, 31 Mar 2020 18:42:54 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDdENUEzNTJCQjJGM0E" MS-CV: sE5KrZztTESl/Nvr.0 Access-Control-Expose-Headers: MS-CV Date: Thu, 26 May 2022 11:45:29 GMT Connection: close Access-Control-Allow-Origin: *
2022-05-26 11:45:29 UTC	124	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8e 00 00 00 8e 08 06 00 00 00 e7 fd 30 08 00 00 16 58 49 44 41 54 78 da ed 9d 0b 98 14 d5 95 c7 4f 55 77 cf 7b 98 27 30 03 0c 32 c0 3c 18 90 a7 02 22 2a 88 1a 5f 49 4c 76 e5 e9 aa c9 ae df ba 8b 49 24 a2 0b 7c 01 8c 51 3f 13 35 2a 2a ba 26 ab 44 57 d7 90 20 a0 e8 b2 20 a2 2c a0 3c 8d b0 40 90 37 01 86 d7 cc 30 d3 33 d3 ef 5b 5b 55 53 d5 73 eb d6 bd 55 d5 f8 98 ae ee 7b f9 ee d7 5d d3 35 35 dd 75 7f fd 3f ff 73 4e 75 23 02 1f 7c 5c c4 10 f9 29 e0 83 83 c3 07 07 87 0f 0e 0e 1f 1c 1c 3e f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 0e 0e 1f 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 3e 38 38 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 3e 04 9b c9 c1 e1 83 0a ca d7 bd 3f 07 27 45 61 f9 ba 8e c5 c1 49 Data Ascii: PNGIHDR0XIDATxOUw{'02<"_ILvI$\|Q?5*&DW ,<@703[[USsU{]55u?sNu#\|\)>\|pp>88\|pp>?'EaI

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:05 UTC	10353	OUT	GET /v1/a/pin?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=503d69dcabf0497192a0b80de8d4c17c&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=8a797e6ed978405692c4acbf4650873f&time=20220526T114649Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:05 UTC	10354	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: c26f228f-cb9a-461e-83b6-8982e4cc6e14 Date: Thu, 26 May 2022 11:47:05 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:06 UTC	10355	OUT	GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114651Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:06 UTC	10355	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 0872e60c-22c3-4a53-81b4-f986babb4180 Date: Thu, 26 May 2022 11:47:05 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-26 11:47:06 UTC	10356	OUT	GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=c69b812bb0ae4b12bda8ee4358d8f4cd&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=c7a8b22123bf4f0d817b2043a0b86bd8&time=20220526T114655Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-05-26 11:47:06 UTC	10357	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 829e9c20-2e24-4810-9c87-a9811ad5dc99 Date: Thu, 26 May 2022 11:47:06 GMT Connection: close