Edit tour

Windows Analysis Report
PO#86637.lzh

Overview

General Information

Sample name:	PO#86637.lzh
Analysis ID:	1503690
MD5:	a7027b59b7eb9c0daa50085eacacd962
SHA1:	722bb45f95b9810e2c6a70d457a300e319690a7b
SHA256:	7c4244fe67e40aab19462fd4aac61daf6856ba63046ce94e14730ba79608ac5d
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected FormBook

Binary is likely a compiled AutoIt script file

Found direct / indirect Syscall (likely to bypass EDR)

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Switches to a custom stack to bypass stack traces

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Uncommon Svchost Parent Process

Uses a known web browser user agent for HTTP communication

Yara signature match

Classification

Process Tree

System is w10x64_ra

OpenWith.exe (PID: 6924 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)

Acrobat.exe (PID: 5252 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PO#86637.lha" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5496 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2296 --field-trial-handle=1584,i,3108067972313439679,11837552442743094877,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

msedge.exe (PID: 3516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dwinzip%26filters%3Dufn%253a%2522WinZip%2522%2Bsid%253a%2522b48dd0f0-bb36-6274-cfec-3c3a69d12ee4%2522%26asbe%3DAS%26form%3DWNSGPH%26qs%3DMB%26cvid%3Da63159470eb544349f42372c14c71861%26pq%3Dwinzip%26cc%3DCH%26setlang%3Den-CH%26nclid%3D99325A50A46066F842A6B684698F464A%26ts%3D1725388663068%26nclidts%3D1725388663%26tsms%3D068%26wsso%3DModerate&timestamp=1725388663068&source=WindowsSearchBox&campaign=addedgeprot&medium=AutoSuggest MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7680 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4668 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3156 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7988 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7440 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7680 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7136 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6692 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

7zFM.exe (PID: 7840 cmdline: "C:\Program Files\7-Zip\7zFM.exe" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)

PO#86637.exe (PID: 1640 cmdline: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" MD5: A69359922021282F5801578D336F5478)

svchost.exe (PID: 2680 cmdline: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

at.exe (PID: 2708 cmdline: "C:\Windows\SysWOW64\at.exe" MD5: 2AE20048111861FA09B709D3CC551AD6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2be90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e2f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x163e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Sigma Signatures

System Summary

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe, ParentProcessId: 1640, ParentProcessName: PO#86637.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , ProcessId: 2680, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe, ParentProcessId: 1640, ParentProcessName: PO#86637.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe" , ProcessId: 2680, ProcessName: svchost.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	ReversingLabs: Detection: 27%
Source: C:\Users\user\Desktop\PO#86637.exe	ReversingLabs: Detection: 27%

Multi AV Scanner detection for submitted file

Source: PO#86637.lzh

ReversingLabs: Detection: 18%

Yara detected FormBook

Source: Yara match	File source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.9.254:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.140.48.70:443 -> 192.168.2.17:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.10.24:443 -> 192.168.2.17:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.115.155.233:443 -> 192.168.2.17:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.80.11.217:443 -> 192.168.2.17:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.156:443 -> 192.168.2.17:49855 version: TLS 1.2

Source:	Binary string: at.pdb source: svchost.exe, 0000002C.00000003.2184901347.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000002C.00000003.2184934124.000000000342B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO#86637.exe, 0000002B.00000003.2089074053.0000000004720000.00000004.00001000.00020000.00000000.sdmp, PO#86637.exe, 0000002B.00000003.2089899134.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2225802504.0000000003665000.00000004.00000020.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2229897884.0000000003812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO#86637.exe, 0000002B.00000003.2089074053.0000000004720000.00000004.00001000.00020000.00000000.sdmp, PO#86637.exe, 0000002B.00000003.2089899134.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2225802504.0000000003665000.00000004.00000020.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2229897884.0000000003812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: at.pdbGCTL source: svchost.exe, 0000002C.00000003.2184901347.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000002C.00000003.2184934124.000000000342B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: at.exe, 0000002D.00000002.2426859935.0000000003FEC000.00000004.10000000.00040000.00000000.sdmp, at.exe, 0000002D.00000002.2416451219.0000000003503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: at.exe, 0000002D.00000002.2426859935.0000000003FEC000.00000004.10000000.00040000.00000000.sdmp, at.exe, 0000002D.00000002.2416451219.0000000003503000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 40.126.24.148 40.126.24.148
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/4bnLx4S3ZRMpYV30k3R5vRy8JVg.js?bu=DygxeIQBiQGMAYEBe37EAccBMbcBMcoB&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/CYGXBN1kkA_ojDY5vKbCoG4Zy0E.css?bu=C6QJlgOrBIAK5QjPCN4GXV1dXQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OSAAS.96AB7892FAA95B223FEB6A7FBF0DC50B&w=72&h=72&c=1&rs=1&pcl=1b1a19&o=6&pid=5.1 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.r4TV7c5KCyRojdt-tMkPMQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.UQPTR-3zKpzkx3TaxM2S_AHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.dPV13t-NIQXujgNcHVEciQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/oT6Um3bDKq3bSDJ4e0e-YJ5MXCI.css?bu=B74CSK0CiwFdXcoC&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /search?q=winzip&filters=ufn%3a%22WinZip%22+sid%3a%22b48dd0f0-bb36-6274-cfec-3c3a69d12ee4%22&asbe=AS&form=WNSGPH&qs=MB&cvid=a63159470eb544349f42372c14c71861&pq=winzip&cc=CH&setlang=en-CH&nclid=99325A50A46066F842A6B684698F464A&ts=1725388663068&nclidts=1725388663&tsms=068&wsso=Moderate HTTP/1.1Host: www.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Edge-Shopping-Flag: 1Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rb/3D/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /qbox?query=winzip&language=en-GB&pt=EdgBox&cvid=99c46d95263a45e3983eccc76418966b&oit=0&pgcl=22&richanswersentity=1 HTTP/1.1Host: www.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; MUIDB=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
Source: global traffic	HTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/HKVHYcn2F03UYfUjEXCezjXI7xI.css?bu=MbwKtgrCCrYKpgu2CqwLtgq0C7YKuwu2CsELtgrHC7YKzQu2CtQKtgraCrYKzgq2CrYKnQu2CukKtgrvCrYK4wq2CrYK_wqCC7YKtgqaC4gLtgqOC5ELtgr2C7YK0wu2CqQM&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?77453ee86d773752161d0fc259c7de35 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-s.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/A9mqfv7p4Ys0JWeD_Wr4HECl1Hk.css HTTP/1.1Host: r.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
Source: global traffic	HTTP traffic detected: GET /rp/JPMwlwl2eqCiCAxwP9hi1ARiPMY.css HTTP/1.1Host: r.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.bing.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?075dbd9af6fd5d2875fc46f04eb98374 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-s.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbYK&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=24&h=24&o=6&pid=AdsPlus HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=32&h=32&qlt=90&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.97e12d37-d949-483a-b53c-0aeebb85aa14&w=32&h=32&qlt=91&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=OIP.LBFV9yDCx36GxTgXQYqB8QHaD4&w=80&h=80&c=1&vt=10&bgcl=6ca92d&r=0&o=6&pid=5.1 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.kyjVck3pdU62sIG9EngdlgEsDh&w=197&h=110&c=7&rs=1&qlt=90&o=6&pid=1.7 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=32&h=32&qlt=92&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=e12f30ea-0034-45ca-acd1-a6d36d219f6f&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%2223BF662100D3455AA1D74F4B66171165%22%7d HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /suggestionchips/api/v1/cannedChips HTTP/1.1Host: services.bingapis.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeOrigin: https://www.bing.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /suggestionchips/api/v1/cannedChips HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 48sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47content-type: application/jsonAccept: /Origin: https://www.bing.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon/?url=winzip.com HTTP/1.1Host: services.bingapis.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1725388666&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=2055&id=264960&checkda=1 HTTP/1.1Host: login.live.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: DIDC=ct%3D1725388672%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C529_BAY.0.D.ChCs/2DyNzkoi4TKn%252B6PUDUK9dCp939PQv8IMdogE4o8ds3H9xM1XGyBbg%252BC8EAlbNZeP3MMtKkV4DUCprSvAQhTOimuyWcPprn1LBm7Kq6wCrwYZtd09rYzkYDniujOjqF/1JyaoDUddBPPRePJMXcFkTrEucWmCfiovUCvg3Xua0YyamZnhZcbwDepyraJcY3HGizDwGQqMfXZpiAtxmrB9/VvOtbPfHBBaDR3MDQ042FWN9BoADEuwzOSGGdisVV1EPsSYAyFus37jkJXbFVUPRBbjQw3sgu1xmfv91OVZ0i%252BhrwsLT1rio6uRaFzFr4F8N5IwfUVVsWlT9rK1l5uEHnpMjjb2BBIVRiw/2BWucn2zkVoJ3yjw/P8nWdkuAB7ssAloFtVjVy1WmqylAcJGGuPO6FANbzQvLiFeNeFPklkH4fqXXGkW5wMH3LMyUkUGTcimcdcNAV6fmdYupVihZJWdnNx7x7AELEiIzYlPgswFLpfo9blKr8hcfnEffNkIjx6Cx%252BfUsYYK9wesTo%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DSG92omCUMD3abAHpDSXX5ccOdZ9XpIKY%26hash%3Di1EAx%252Fwllr4a%252B2M1Z4eB6ZSdjTA9TXI8N8vsTfgidVc%253D%26dd%3D1;DIDCL=ct%3D1725388672%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C529_BAY.0.D.ChCs/2DyNzkoi4TKn%252B6PUDUK9dCp939PQv8IMdogE4o8ds3H9xM1XGyBbg%252BC8EAlbNZeP3MMtKkV4DUCprSvAQhTOimuyWcPprn1LBm7Kq6wCrwYZtd09rYz
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/_BjeFNPDJ-N9umMValublyrbq4Y.css?bu=CZEMtgqWDLYKmgy2CrYKtgq2Cg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6b06c882a75823505167567cbf685a11 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: wac-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?2c18cefe35ee80f4525d82e7bd6f6a58 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: arm-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 01 Dec 2022 01:48:07 GMTIf-None-Match: 0x8DAD33E1828A12FConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ef90066794e7fbf2c4307aec87a4bfad HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: arm-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=37e99b54c35150aba9f6ffc1187b67ed&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22t-ring-s.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1155,%22T%22:1},{%22RequestID%22:%22t-ring-s.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:736,%22T%22:1},{%22RequestID%22:%22wac-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22arm-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:721,%22T%22:1},{%22RequestID%22:%22arm-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:1531,%22T%22:1}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4Z8eGLcJkgpNRfm3HRHk0Y0wjt0.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/584482RVjBIoEvVSe0RsuS1I4YQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 01 Dec 2022 01:48:05 GMTIf-None-Match: 0x8DAD33E17220C49Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/7qE8F5KwI2I-qzKXHQ_haqEQFp4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/CLHrhPHUrUN-iFM4IkduCxl7WR4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Mon, 15 Jan 2024 10:48:17 GMTIf-None-Match: 0x8DC15B77B3A4269Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Wed, 17 Aug 2022 04:17:21 GMTIf-None-Match: 0x8DA800761A20249Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c4b161c99a0372b8676972343e514ed HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: spo-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725993467&P2=404&P3=2&P4=BwQF5lsxh8EaLT2zctzzbyeHV8%2fSNFykt%2buyZCO8P%2b%2bBHypvhKAoClwKSWK8R%2bIC6yGgVjhD2DOCmHoeZwNU%2bQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 0uZlkQNZKJRIWJcPXAiZLcSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?519be78b529dcbdb458b3202dc4e4612 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: spo-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/DccpWCpoNzCwM4Qymi_Ji67Ilso.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:29 GMTIf-None-Match: 0x8DA97625997A48DConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/DeXEsiBxNlNYwy8wCH-j-y9vyyQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?1a0c722c55a08beb882aeeeed13c6c93 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp-afd.azurefd.usConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?5853de9b452a309e6673d24396b5f587 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: rum8.perf.linkedin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/Dj6m3cC0PNbgt98rgkHoHGstYio.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Tue, 16 Jan 2024 20:09:29 GMTIf-None-Match: 0x8DC16CF0BCEC7F7Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?eba71e35e96bde1d4f68426951d193ee HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: rum8.perf.linkedin.comConnection: Keep-AliveCookie: bcookie="v=2&a032e56d-2c0b-48d4-8209-55bfe533b6e8"
Source: global traffic	HTTP traffic detected: GET /rp/EYNLM9RfkEXFtD8WH1unvJjwzGA.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:27 GMTIf-None-Match: 0x8DA976258BD0737Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=5c843836690b46813c1d0bd40299617c&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:732,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:720,%22T%22:1},{%22RequestID%22:%22fp-afd.azurefd.us%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1458,%22T%22:1},{%22RequestID%22:%22fp-afd.azurefd.us%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22rum8.perf.linkedin.com%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:721,%22T%22:1},{%22RequestID%22:%22rum8.perf.linkedin.com%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:1451,%22T%22:1}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/GW3DpE2qmyibnbFrEIzpiD0iGLk.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 13 Apr 2023 18:36:40 GMTIf-None-Match: 0x8DB3C4E060FBF01Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/H2o2aAdMNmIKi9n_0u2zBUgFjSI.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/ItXelcbPuR2pmNxuviaeY9LBfAA.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/IzN53754HzumOkp7dE4kA_kUm2o.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/J5ingqB83ULnpq2YxsgmqkKjOiY.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/LisgCZCwGQ4lRz4go9tlwPslw_k.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:38 GMTIf-None-Match: 0x8DA97625F309043Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?1776ebbf9888644f27097264d86e7bdd HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: dual-s-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/MgSq5EEOyYvlI1qVlLOXfgRHmzM.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Fri, 31 Mar 2023 14:29:27 GMTIf-None-Match: 0x8DB31F4552933B9Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?4720d07ef2f0e5b46e7a2d7f8a3c23cb HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: dual-s-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?f005e19f14f37cbb0f1ac7fe08a2344e HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: 355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/O3tqfzItSDaOT-3Shw63sAGRY9w.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?70446a1560670fad9e4b6eef9515c793 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: 355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/OpS_lnWNBIaw7PcEykd-nVeRCo4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d759cbbc37642ccf561f44cfa6236618 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: chi23prdapp02-canary-opaph.netmon.azure.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4808Host: login.live.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAagbM2AyuMQ1nMvpIcQ109TnEV6oVFyAbOUzHEcX3M9m/hNZosfweNJCYpAL6on%2B0FFx9eMoZ4PZ/HhCu3QEjCK0L7kj2OV0Z6753MOpH0zE5X7DoykJ0Jp7Rl5jyVV5ClDT3FWZr1jQ3O1io8mCnsku2lZjmvMj4ok3Z3VijgY%2BP794Ux3niXwnFaHdALcup11NdYMBs%2B/v1OrpP76sNWhePMyO%2BSr5alJdvm76ak73quIPOe%2BPbUhOjLvC8XVlZursW%2B/LbJR8u/G3FJsFciMVLd7wWhTmbGdqsW1JCn2ApDeU79VGyMwpdwO641xD9dJK9BXfInIVkRZqy3A1aEIQZgAAECqC/KXJVrDifdR904gPWIOwATiyOyqQFXU%2B0UkUOHUmyzR2DO3icanaTNy055/lQdaIlpbdeLykohebHGcctEkXCTEpW%2BgFWr0WHML3o4NHWIZwWRFcDAgfzqhijt0oOqexiNjIY11us2vfCPz/ji1yKQEYwLZBzhPcJWmBmJ0LHjlzuwXAyda2PMfhgIY4kLyQOWdQhfD34j3PTEVTmsM4duNiOruBGHZiEdZiadzl0FzuieUn6vOX3%2BEOEY4UnAclEW1tlSmCjUJpsd/kNcq0dCt05rLvqEOdQCxL8GxjB2ehwqkO/rpBKUjnjKR%2BfZOb5jwclrs08gXC%2BLjG%2B5o9A6Zj3Nmu%2BmrH7LvXCiObhsT6cXjFoK7gWSeyFkMbjCuKWvpdCPel4Kw/U8bjembe7ThTyPEB6I0mmaBJ62rW1YtvuDqLcRiyKlz%2B6buBaV6ASPT7qQ71b9XKG/meCzNwDXO/UTVCWFi4Tsu9%2BRKUlfdRGWgMXi7M6SH60lalBkvNN9q/onK/IuEeHat4KgFO6dB8D5CNEK1kJga6ZW1sGNmTXZFVgn0Z7ELMqWJXjGhHAGfSJvYlQNQqtbuKj5v8ptcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1725388723User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 22EA1B0BB209438982A2D8218B58721AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingth&ndcParam=QWthbWFp HTTP/1.1Host: aefd.nelreports.netConnection: keep-aliveOrigin: https://www.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=D4vH3fEBGN6CPxh&MD=aM5C1EF6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/4bnLx4S3ZRMpYV30k3R5vRy8JVg.js?bu=DygxeIQBiQGMAYEBe37EAccBMbcBMcoB&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/CYGXBN1kkA_ojDY5vKbCoG4Zy0E.css?bu=C6QJlgOrBIAK5QjPCN4GXV1dXQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OSAAS.96AB7892FAA95B223FEB6A7FBF0DC50B&w=72&h=72&c=1&rs=1&pcl=1b1a19&o=6&pid=5.1 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.r4TV7c5KCyRojdt-tMkPMQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.UQPTR-3zKpzkx3TaxM2S_AHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.dPV13t-NIQXujgNcHVEciQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: th.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/oT6Um3bDKq3bSDJ4e0e-YJ5MXCI.css?bu=B74CSK0CiwFdXcoC&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /search?q=winzip&filters=ufn%3a%22WinZip%22+sid%3a%22b48dd0f0-bb36-6274-cfec-3c3a69d12ee4%22&asbe=AS&form=WNSGPH&qs=MB&cvid=a63159470eb544349f42372c14c71861&pq=winzip&cc=CH&setlang=en-CH&nclid=99325A50A46066F842A6B684698F464A&ts=1725388663068&nclidts=1725388663&tsms=068&wsso=Moderate HTTP/1.1Host: www.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Edge-Shopping-Flag: 1Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rb/3D/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /qbox?query=winzip&language=en-GB&pt=EdgBox&cvid=99c46d95263a45e3983eccc76418966b&oit=0&pgcl=22&richanswersentity=1 HTTP/1.1Host: www.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; MUIDB=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
Source: global traffic	HTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/HKVHYcn2F03UYfUjEXCezjXI7xI.css?bu=MbwKtgrCCrYKpgu2CqwLtgq0C7YKuwu2CsELtgrHC7YKzQu2CtQKtgraCrYKzgq2CrYKnQu2CukKtgrvCrYK4wq2CrYK_wqCC7YKtgqaC4gLtgqOC5ELtgr2C7YK0wu2CqQM&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?77453ee86d773752161d0fc259c7de35 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-s.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/A9mqfv7p4Ys0JWeD_Wr4HECl1Hk.css HTTP/1.1Host: r.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
Source: global traffic	HTTP traffic detected: GET /rp/JPMwlwl2eqCiCAxwP9hi1ARiPMY.css HTTP/1.1Host: r.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.bing.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?075dbd9af6fd5d2875fc46f04eb98374 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-s.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbYK&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=24&h=24&o=6&pid=AdsPlus HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=32&h=32&qlt=90&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.97e12d37-d949-483a-b53c-0aeebb85aa14&w=32&h=32&qlt=91&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=OIP.LBFV9yDCx36GxTgXQYqB8QHaD4&w=80&h=80&c=1&vt=10&bgcl=6ca92d&r=0&o=6&pid=5.1 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /th?id=OVP.kyjVck3pdU62sIG9EngdlgEsDh&w=197&h=110&c=7&rs=1&qlt=90&o=6&pid=1.7 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /th?id=ODLS.18aef07c-0ed9-4dd5-be67-ccb8e3218768&w=32&h=32&qlt=92&pcl=fffffa&o=6&pid=1.2 HTTP/1.1Host: th.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0&DM=0&BRW=N&BRH=M&CW=1232&CH=910&SCW=1217&SCH=2985&DPR=1.0&UTC=-240; USRLOC=HS=1&ELOC=LAT=40.748390197753906\|LON=-73.98461151123047\|N=New%20York%2C%20New%20York\|ELT=1\|
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=D4vH3fEBGN6CPxh&MD=aM5C1EF6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=e12f30ea-0034-45ca-acd1-a6d36d219f6f&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%2223BF662100D3455AA1D74F4B66171165%22%7d HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon/?url=winzip.com HTTP/1.1Host: services.bingapis.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1725388666&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=2055&id=264960&checkda=1 HTTP/1.1Host: login.live.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: DIDC=ct%3D1725388672%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C529_BAY.0.D.ChCs/2DyNzkoi4TKn%252B6PUDUK9dCp939PQv8IMdogE4o8ds3H9xM1XGyBbg%252BC8EAlbNZeP3MMtKkV4DUCprSvAQhTOimuyWcPprn1LBm7Kq6wCrwYZtd09rYzkYDniujOjqF/1JyaoDUddBPPRePJMXcFkTrEucWmCfiovUCvg3Xua0YyamZnhZcbwDepyraJcY3HGizDwGQqMfXZpiAtxmrB9/VvOtbPfHBBaDR3MDQ042FWN9BoADEuwzOSGGdisVV1EPsSYAyFus37jkJXbFVUPRBbjQw3sgu1xmfv91OVZ0i%252BhrwsLT1rio6uRaFzFr4F8N5IwfUVVsWlT9rK1l5uEHnpMjjb2BBIVRiw/2BWucn2zkVoJ3yjw/P8nWdkuAB7ssAloFtVjVy1WmqylAcJGGuPO6FANbzQvLiFeNeFPklkH4fqXXGkW5wMH3LMyUkUGTcimcdcNAV6fmdYupVihZJWdnNx7x7AELEiIzYlPgswFLpfo9blKr8hcfnEffNkIjx6Cx%252BfUsYYK9wesTo%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DSG92omCUMD3abAHpDSXX5ccOdZ9XpIKY%26hash%3Di1EAx%252Fwllr4a%252B2M1Z4eB6ZSdjTA9TXI8N8vsTfgidVc%253D%26dd%3D1;DIDCL=ct%3D1725388672%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C529_BAY.0.D.ChCs/2DyNzkoi4TKn%252B6PUDUK9dCp939PQv8IMdogE4o8ds3H9xM1XGyBbg%252BC8EAlbNZeP3MMtKkV4DUCprSvAQhTOimuyWcPprn1LBm7Kq6wCrwYZtd09rYz
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/_BjeFNPDJ-N9umMValublyrbq4Y.css?bu=CZEMtgqWDLYKmgy2CrYKtgq2Cg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6b06c882a75823505167567cbf685a11 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: wac-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?2c18cefe35ee80f4525d82e7bd6f6a58 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: arm-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 01 Dec 2022 01:48:07 GMTIf-None-Match: 0x8DAD33E1828A12FConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?ef90066794e7fbf2c4307aec87a4bfad HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: arm-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=37e99b54c35150aba9f6ffc1187b67ed&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22t-ring-s.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1155,%22T%22:1},{%22RequestID%22:%22t-ring-s.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:736,%22T%22:1},{%22RequestID%22:%22wac-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22arm-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:721,%22T%22:1},{%22RequestID%22:%22arm-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:1531,%22T%22:1}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4Z8eGLcJkgpNRfm3HRHk0Y0wjt0.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/584482RVjBIoEvVSe0RsuS1I4YQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 01 Dec 2022 01:48:05 GMTIf-None-Match: 0x8DAD33E17220C49Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/7qE8F5KwI2I-qzKXHQ_haqEQFp4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/CLHrhPHUrUN-iFM4IkduCxl7WR4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Mon, 15 Jan 2024 10:48:17 GMTIf-None-Match: 0x8DC15B77B3A4269Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Wed, 17 Aug 2022 04:17:21 GMTIf-None-Match: 0x8DA800761A20249Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6c4b161c99a0372b8676972343e514ed HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: spo-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725993467&P2=404&P3=2&P4=BwQF5lsxh8EaLT2zctzzbyeHV8%2fSNFykt%2buyZCO8P%2b%2bBHypvhKAoClwKSWK8R%2bIC6yGgVjhD2DOCmHoeZwNU%2bQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 0uZlkQNZKJRIWJcPXAiZLcSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?519be78b529dcbdb458b3202dc4e4612 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: spo-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/DccpWCpoNzCwM4Qymi_Ji67Ilso.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:29 GMTIf-None-Match: 0x8DA97625997A48DConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/DeXEsiBxNlNYwy8wCH-j-y9vyyQ.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?1a0c722c55a08beb882aeeeed13c6c93 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp-afd.azurefd.usConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?5853de9b452a309e6673d24396b5f587 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: rum8.perf.linkedin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/Dj6m3cC0PNbgt98rgkHoHGstYio.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Tue, 16 Jan 2024 20:09:29 GMTIf-None-Match: 0x8DC16CF0BCEC7F7Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?eba71e35e96bde1d4f68426951d193ee HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: rum8.perf.linkedin.comConnection: Keep-AliveCookie: bcookie="v=2&a032e56d-2c0b-48d4-8209-55bfe533b6e8"
Source: global traffic	HTTP traffic detected: GET /rp/EYNLM9RfkEXFtD8WH1unvJjwzGA.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:27 GMTIf-None-Match: 0x8DA976258BD0737Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=5c843836690b46813c1d0bd40299617c&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:732,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:720,%22T%22:1},{%22RequestID%22:%22fp-afd.azurefd.us%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:1458,%22T%22:1},{%22RequestID%22:%22fp-afd.azurefd.us%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22rum8.perf.linkedin.com%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:721,%22T%22:1},{%22RequestID%22:%22rum8.perf.linkedin.com%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:1451,%22T%22:1}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/GW3DpE2qmyibnbFrEIzpiD0iGLk.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 13 Apr 2023 18:36:40 GMTIf-None-Match: 0x8DB3C4E060FBF01Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/H2o2aAdMNmIKi9n_0u2zBUgFjSI.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/ItXelcbPuR2pmNxuviaeY9LBfAA.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/IzN53754HzumOkp7dE4kA_kUm2o.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/J5ingqB83ULnpq2YxsgmqkKjOiY.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /rp/LisgCZCwGQ4lRz4go9tlwPslw_k.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Thu, 15 Sep 2022 21:36:38 GMTIf-None-Match: 0x8DA97625F309043Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?1776ebbf9888644f27097264d86e7bdd HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: dual-s-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/MgSq5EEOyYvlI1qVlLOXfgRHmzM.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comIf-Modified-Since: Fri, 31 Mar 2023 14:29:27 GMTIf-None-Match: 0x8DB31F4552933B9Connection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?4720d07ef2f0e5b46e7a2d7f8a3c23cb HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: dual-s-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?f005e19f14f37cbb0f1ac7fe08a2344e HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: 355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/O3tqfzItSDaOT-3Shw63sAGRY9w.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?70446a1560670fad9e4b6eef9515c793 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: 355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/OpS_lnWNBIaw7PcEykd-nVeRCo4.br.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?d759cbbc37642ccf561f44cfa6236618 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: chi23prdapp02-canary-opaph.netmon.azure.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAagbM2AyuMQ1nMvpIcQ109TnEV6oVFyAbOUzHEcX3M9m/hNZosfweNJCYpAL6on%2B0FFx9eMoZ4PZ/HhCu3QEjCK0L7kj2OV0Z6753MOpH0zE5X7DoykJ0Jp7Rl5jyVV5ClDT3FWZr1jQ3O1io8mCnsku2lZjmvMj4ok3Z3VijgY%2BP794Ux3niXwnFaHdALcup11NdYMBs%2B/v1OrpP76sNWhePMyO%2BSr5alJdvm76ak73quIPOe%2BPbUhOjLvC8XVlZursW%2B/LbJR8u/G3FJsFciMVLd7wWhTmbGdqsW1JCn2ApDeU79VGyMwpdwO641xD9dJK9BXfInIVkRZqy3A1aEIQZgAAECqC/KXJVrDifdR904gPWIOwATiyOyqQFXU%2B0UkUOHUmyzR2DO3icanaTNy055/lQdaIlpbdeLykohebHGcctEkXCTEpW%2BgFWr0WHML3o4NHWIZwWRFcDAgfzqhijt0oOqexiNjIY11us2vfCPz/ji1yKQEYwLZBzhPcJWmBmJ0LHjlzuwXAyda2PMfhgIY4kLyQOWdQhfD34j3PTEVTmsM4duNiOruBGHZiEdZiadzl0FzuieUn6vOX3%2BEOEY4UnAclEW1tlSmCjUJpsd/kNcq0dCt05rLvqEOdQCxL8GxjB2ehwqkO/rpBKUjnjKR%2BfZOb5jwclrs08gXC%2BLjG%2B5o9A6Zj3Nmu%2BmrH7LvXCiObhsT6cXjFoK7gWSeyFkMbjCuKWvpdCPel4Kw/U8bjembe7ThTyPEB6I0mmaBJ62rW1YtvuDqLcRiyKlz%2B6buBaV6ASPT7qQ71b9XKG/meCzNwDXO/UTVCWFi4Tsu9%2BRKUlfdRGWgMXi7M6SH60lalBkvNN9q/onK/IuEeHat4KgFO6dB8D5CNEK1kJga6ZW1sGNmTXZFVgn0Z7ELMqWJXjGhHAGfSJvYlQNQqtbuKj5v8ptcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1725388723User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 22EA1B0BB209438982A2D8218B58721AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: www.teksales.space

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Tue, 03 Sep 2024 18:38:47 GMTAlt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"Connection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.2db67568.1725388727.ab3d7d1Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *

Source: Reporting and NEL.22.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
Source: Reporting and NEL.22.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE
Source: Reporting and NEL.22.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.22.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.21.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.21.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.21.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.21.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 5f7f8576-3f49-4326-a5dc-d7384e635032.tmp.22.dr	String found in binary or memory: https://clients2.google.com
Source: 5f7f8576-3f49-4326-a5dc-d7384e635032.tmp.22.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.22.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Web Data.21.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.21.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.21.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log10.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log10.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log9.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr, HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log10.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr, HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log11.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log10.21.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://gaana.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: Reporting and NEL.22.dr	String found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: Session_13369862266388791.21.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 000003.log4.21.dr, Session_13369862266388791.21.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://m.kugou.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://m.vk.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://music.amazon.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://music.apple.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://music.yandex.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://open.spotify.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://tidal.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://twitter.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://web.telegram.org/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://web.whatsapp.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.deezer.com/
Source: content_new.js.21.dr, content.js.21.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.21.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.instagram.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.last.fm/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.messenger.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.office.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.tiktok.com/
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://www.youtube.com
Source: 34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.162:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.9.254:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.150.240.254:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.140.48.70:443 -> 192.168.2.17:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.10.24:443 -> 192.168.2.17:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.115.155.233:443 -> 192.168.2.17:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.80.11.217:443 -> 192.168.2.17:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.156:443 -> 192.168.2.17:49855 version: TLS 1.2

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Binary is likely a compiled AutoIt script file

Source: PO#86637.exe, 0000002B.00000000.2069840791.0000000000795000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1c9066c5-0
Source: PO#86637.exe, 0000002B.00000000.2069840791.0000000000795000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_6b4fd174-0
Source: PO#86637.exe.33.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_0622601b-d
Source: PO#86637.exe.33.dr	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_348a8728-c
Source: PO#86637.exe0.33.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_9b208236-f
Source: PO#86637.exe0.33.dr	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_f8d3ff90-6

Source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.evad.winLZH@66/187@11/20

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5296

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6924:120:WilError_03

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-03 14-37-36-412.log

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PO#86637.lzh

ReversingLabs: Detection: 18%

Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PO#86637.lha"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2296 --field-trial-handle=1584,i,3108067972313439679,11837552442743094877,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dwinzip%26filters%3Dufn%253a%2522WinZip%2522%2Bsid%253a%2522b48dd0f0-bb36-6274-cfec-3c3a69d12ee4%2522%26asbe%3DAS%26form%3DWNSGPH%26qs%3DMB%26cvid%3Da63159470eb544349f42372c14c71861%26pq%3Dwinzip%26cc%3DCH%26setlang%3Den-CH%26nclid%3D99325A50A46066F842A6B684698F464A%26ts%3D1725388663068%26nclidts%3D1725388663%26tsms%3D068%26wsso%3DModerate&timestamp=1725388663068&source=WindowsSearchBox&campaign=addedgeprot&medium=AutoSuggest
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4668 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3156 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7988 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7680 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6692 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe"
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Windows\SysWOW64\at.exe "C:\Windows\SysWOW64\at.exe"
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PO#86637.lha"	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2296 --field-trial-handle=1584,i,3108067972313439679,11837552442743094877,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4668 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3156 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7988 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7680 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6692 --field-trial-handle=1988,i,18419746295436683660,3132393094174873482,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Windows\SysWOW64\at.exe "C:\Windows\SysWOW64\at.exe"
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe"

Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wldp.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: profapi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: propsys.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: thumbcache.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: policymanager.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: d3d11.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dcomp.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dxgi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: mrmcorer.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: iertutil.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: mrmdeploy.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: bcp47mrm.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.ui.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: inputhost.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: edputil.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wkscli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: netutils.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: provsvc.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: apphelp.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: urlmon.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: srvcli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sspicli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: appresolver.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: slc.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: userenv.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sppc.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: pcacli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: mpr.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: mswsock.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\at.exe	Section loaded: schedcli.dll
Source: C:\Windows\SysWOW64\at.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\at.exe	Section loaded: wininet.dll

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: at.pdb source: svchost.exe, 0000002C.00000003.2184901347.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000002C.00000003.2184934124.000000000342B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO#86637.exe, 0000002B.00000003.2089074053.0000000004720000.00000004.00001000.00020000.00000000.sdmp, PO#86637.exe, 0000002B.00000003.2089899134.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2225802504.0000000003665000.00000004.00000020.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2229897884.0000000003812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO#86637.exe, 0000002B.00000003.2089074053.0000000004720000.00000004.00001000.00020000.00000000.sdmp, PO#86637.exe, 0000002B.00000003.2089899134.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2225802504.0000000003665000.00000004.00000020.00020000.00000000.sdmp, at.exe, 0000002D.00000003.2229897884.0000000003812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: at.pdbGCTL source: svchost.exe, 0000002C.00000003.2184901347.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000002C.00000003.2184934124.000000000342B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: at.exe, 0000002D.00000002.2426859935.0000000003FEC000.00000004.10000000.00040000.00000000.sdmp, at.exe, 0000002D.00000002.2416451219.0000000003503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: at.exe, 0000002D.00000002.2426859935.0000000003FEC000.00000004.10000000.00040000.00000000.sdmp, at.exe, 0000002D.00000002.2416451219.0000000003503000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Program Files\7-Zip\7zFM.exe	File created: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe			Jump to dropped file
Source: C:\Program Files\7-Zip\7zFM.exe	File created: C:\Users\user\Desktop\PO#86637.exe			Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Program Files\7-Zip\7zFM.exe

Process created: C:\Windows\SysWOW64\at.exe "C:\Windows\SysWOW64\at.exe"

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\7-Zip\7zFM.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\at.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	API/Special instruction interceptor: Address: 46C3244
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8AD324
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8B0774
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8B0154
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8AD8A4
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8ADA44
Source: C:\Windows\SysWOW64\svchost.exe	API/Special instruction interceptor: Address: 7FFA5E8AD1E4
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD324
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8B0774
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD944
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD504
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD544
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD1E4
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8B0154
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8AD8A4
Source: C:\Windows\SysWOW64\at.exe	API/Special instruction interceptor: Address: 7FFA5E8ADA44

Source: C:\Program Files\7-Zip\7zFM.exe	Window / User API: foregroundWindowGot 587
Source: C:\Program Files\7-Zip\7zFM.exe	Window / User API: foregroundWindowGot 558

Source: C:\Windows\System32\OpenWith.exe TID: 6928

Thread sleep count: 267 > 30

Jump to behavior

Source: C:\Windows\SysWOW64\at.exe

Last function: Thread delayed

Source: C:\Program Files\7-Zip\7zFM.exe

File Volume queried: C:\ FullSizeInformation

Source: Web Data.21.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.21.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.21.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.21.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.21.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.21.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.21.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.21.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: 7zFM.exe, 00000021.00000002.2433546512.0000026332030000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: at.exe, 0000002D.00000002.2416451219.0000000003503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllcj
Source: Web Data.21.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.21.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.21.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.21.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.21.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.21.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.21.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.21.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.21.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.21.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Source: C:\Program Files\7-Zip\7zFM.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\svchost.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\at.exe	Process queried: DebugPort

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\7-Zip\7zFM.exe	NtResumeThread: Indirect: 0x2D15AE1
Source: C:\Program Files\7-Zip\7zFM.exe	NtMapViewOfSection: Indirect: 0x2D1599F
Source: C:\Program Files\7-Zip\7zFM.exe	NtMapViewOfSection: Indirect: 0x2D159E3

Maps a DLL or memory area into another process

Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: NULL target: C:\Windows\SysWOW64\at.exe protection: execute and read and write
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Program Files\7-Zip\7zFM.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\at.exe	Section loaded: NULL target: C:\Program Files\7-Zip\7zFM.exe protection: read write
Source: C:\Windows\SysWOW64\at.exe	Section loaded: NULL target: C:\Program Files\7-Zip\7zFM.exe protection: execute and read and write

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\svchost.exe	Thread register set: target process: 7840
Source: C:\Windows\SysWOW64\at.exe	Thread register set: target process: 7840

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 30B9008

Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PO#86637.lha"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe"

Source: PO#86637.exe, 0000002B.00000000.2069840791.0000000000795000.00000002.00000001.01000000.0000000E.sdmp, PO#86637.exe.33.dr, PO#86637.exe0.33.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Documents and Settings VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\All Users VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\Application Data VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\Cookies VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\Local Settings VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\NetHood VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\PrintHood VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\Users\user\SendTo VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\7-Zip\7zFM.exe	Queries volume information: C:\ VolumeInformation

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0000002C.00000002.2302394340.00000000089D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2225502087.0000000000401000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	312 Process Injection	1 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Abuse Elevation Control Mechanism	312 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	15 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	112 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PO#86637.lzh	19%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\7zO0AE0B901\PO#86637.exe	27%	ReversingLabs
C:\Users\user\Desktop\PO#86637.exe	27%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://login.microsoftonline.com/	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	0%	URL Reputation	safe
https://outlook.live.com/mail/0/	0%	URL Reputation	safe
https://powerpoint.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://aefd.nelreports.net/api/report?cat=bingaotak	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://outlook.live.com/mail/compose?isExtension=true	0%	URL Reputation	safe
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	0%	URL Reputation	safe
https://www.messenger.com	0%	URL Reputation	safe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	0%	URL Reputation	safe
https://www.deezer.com/	0%	URL Reputation	safe
https://word.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	0%	URL Reputation	safe
https://outlook.office.com/mail/0/	0%	URL Reputation	safe
https://m.soundcloud.com/	0%	URL Reputation	safe
https://music.amazon.com	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge	0%	URL Reputation	safe
https://open.spotify.com	0%	URL Reputation	safe
https://excel.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://www.onenote.com/stickynotesstaging?isEdgeHub=true	0%	URL Reputation	safe
https://bzib.nelreports.net/api/report?cat=bingbusiness	0%	URL Reputation	safe
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
https://www.tiktok.com/	0%	URL Reputation	safe
https://www.onenote.com/stickynotes?isEdgeHub=true	0%	URL Reputation	safe
https://music.yandex.com	0%	URL Reputation	safe
https://chromewebstore.google.com/	0%	URL Reputation	safe
https://m.kugou.com/	0%	Avira URL Cloud	safe
https://rum8.perf.linkedin.com/apc/trans.gif?eba71e35e96bde1d4f68426951d193ee	0%	Avira URL Cloud	safe
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	0%	URL Reputation	safe
https://www.youtube.com	0%	Avira URL Cloud	safe
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	0%	URL Reputation	safe
https://web.whatsapp.com	0%	Avira URL Cloud	safe
https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp	0%	Avira URL Cloud	safe
https://www.last.fm/	0%	Avira URL Cloud	safe
https://355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.com/apc/trans.gif?70446a1560670fad9e4b6eef9515c793	0%	Avira URL Cloud	safe
https://www.office.com	0%	Avira URL Cloud	safe
https://www.instagram.com	0%	Avira URL Cloud	safe
https://tidal.com/	0%	Avira URL Cloud	safe
https://outlook.office.com/mail/compose?isExtension=true	0%	Avira URL Cloud	safe
https://services.bingapis.com/suggestionchips/api/v1/cannedChips	0%	Avira URL Cloud	safe
https://web.skype.com/?browsername=edge_canary_shoreline	0%	Avira URL Cloud	safe
https://355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.com/apc/trans.gif?f005e19f14f37cbb0f1ac7fe08a2344e	0%	Avira URL Cloud	safe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	0%	Avira URL Cloud	safe
https://latest.web.skype.com/?browsername=edge_canary_shoreline	0%	Avira URL Cloud	safe
https://i.y.qq.com/n2/m/index.html	0%	Avira URL Cloud	safe
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo	0%	Avira URL Cloud	safe
https://web.telegram.org/	0%	Avira URL Cloud	safe
https://gaana.com/	0%	Avira URL Cloud	safe
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	0%	Avira URL Cloud	safe
https://chi23prdapp02-canary-opaph.netmon.azure.com/apc/trans.gif?d759cbbc37642ccf561f44cfa6236618	0%	Avira URL Cloud	safe
https://twitter.com/	0%	Avira URL Cloud	safe
https://vibe.naver.com/today	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://www.google.com/chrome	0%	Avira URL Cloud	safe
https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE	0%	Avira URL Cloud	safe
https://web.skype.com/?browsername=edge_stable_shoreline	0%	Avira URL Cloud	safe
https://m.vk.com/	0%	Avira URL Cloud	safe
https://services.bingapis.com/favicon/?url=winzip.com	0%	Avira URL Cloud	safe
https://identity.nel.measure.office.net/api/report?catId=GW	0%	Avira URL Cloud	safe
https://www.iheart.com/podcast/	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore/	0%	Avira URL Cloud	safe
https://y.music.163.com/m/	0%	Avira URL Cloud	safe
https://clients2.googleusercontent.com	0%	Avira URL Cloud	safe
https://bard.google.com/	0%	Avira URL Cloud	safe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx	0%	Avira URL Cloud	safe
https://fp-afd.azurefd.us/apc/trans.gif?1a0c722c55a08beb882aeeeed13c6c93	0%	Avira URL Cloud	safe
https://rum8.perf.linkedin.com/apc/trans.gif?5853de9b452a309e6673d24396b5f587	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.225	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
s-part-0029.t-0009.t-msedge.net	13.107.246.57	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	true	unknown
bzib.nelreports.net	unknown	unknown	true	unknown
www.teksales.space	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.com/apc/trans.gif?70446a1560670fad9e4b6eef9515c793	false	Avira URL Cloud: safe	unknown
https://rum8.perf.linkedin.com/apc/trans.gif?eba71e35e96bde1d4f68426951d193ee	false	Avira URL Cloud: safe	unknown
https://services.bingapis.com/suggestionchips/api/v1/cannedChips	false	Avira URL Cloud: safe	unknown
https://355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.com/apc/trans.gif?f005e19f14f37cbb0f1ac7fe08a2344e	false	Avira URL Cloud: safe	unknown
https://chi23prdapp02-canary-opaph.netmon.azure.com/apc/trans.gif?d759cbbc37642ccf561f44cfa6236618	false	Avira URL Cloud: safe	unknown
https://services.bingapis.com/favicon/?url=winzip.com	false	Avira URL Cloud: safe	unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://rum8.perf.linkedin.com/apc/trans.gif?5853de9b452a309e6673d24396b5f587	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx	false	Avira URL Cloud: safe	unknown
https://fp-afd.azurefd.us/apc/trans.gif?1a0c722c55a08beb882aeeeed13c6c93	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Web Data.21.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/	000003.log4.21.dr, Session_13369862266388791.21.dr	false	URL Reputation: safe	unknown
https://web.whatsapp.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	Web Data.21.dr	false	URL Reputation: safe	unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://m.kugou.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/mail/0/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp	Reporting and NEL.22.dr	false	Avira URL Cloud: safe	unknown
https://www.last.fm/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://powerpoint.new?from=EdgeM365Shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Web Data.21.dr	false	URL Reputation: safe	unknown
https://aefd.nelreports.net/api/report?cat=bingaotak	Reporting and NEL.22.dr	false	URL Reputation: safe	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.22.dr	false	URL Reputation: safe	unknown
https://tidal.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.instagram.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://web.skype.com/?browsername=edge_canary_shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://gaana.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	Session_13369862266388791.21.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/compose?isExtension=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Web Data.21.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://www.messenger.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://outlook.office.com/mail/compose?isExtension=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://i.y.qq.com/n2/m/index.html	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.deezer.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://word.new?from=EdgeM365Shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://web.telegram.org/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/mail/0/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Web Data.21.dr	false	Avira URL Cloud: safe	unknown
https://m.soundcloud.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://music.amazon.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://vibe.naver.com/today	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.21.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://open.spotify.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://twitter.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://excel.new?from=EdgeM365Shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://web.skype.com/?browsername=edge_stable_shoreline	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE	Reporting and NEL.22.dr	false	Avira URL Cloud: safe	unknown
https://m.vk.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.22.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome	content_new.js.21.dr, content.js.21.dr	false	Avira URL Cloud: safe	unknown
https://www.tiktok.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW	Reporting and NEL.22.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://www.iheart.com/podcast/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://music.yandex.com	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://chromewebstore.google.com/	manifest.json.21.dr	false	URL Reputation: safe	unknown
https://clients2.googleusercontent.com	5f7f8576-3f49-4326-a5dc-d7384e635032.tmp.22.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore/	manifest.json.21.dr	false	Avira URL Cloud: safe	unknown
https://y.music.163.com/m/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown
https://bard.google.com/	34849f89-4dfc-4027-aa21-c0649b431a68.tmp.21.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.24.148	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
23.59.250.99	unknown	United States	20940	AKAMAI-ASN1EU	false
23.59.250.11	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.185.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
104.18.33.89	unknown	United States	13335	CLOUDFLARENETUS	false
2.23.209.186	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
40.126.24.84	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.183	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
104.117.182.49	unknown	United States	20940	AKAMAI-ASN1EU	false
104.126.37.136	unknown	United States	20940	AKAMAI-ASN1EU	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.57	s-part-0029.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.59.250.83	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1503690
Start date and time:	2024-09-03 20:36:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	47
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO#86637.lzh
Detection:	MAL
Classification:	mal100.troj.evad.winLZH@66/187@11/20

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.185.206, 13.107.6.158, 2.19.11.120, 2.19.11.100, 142.250.65.163, 142.250.80.67
Excluded domains from analysis (whitelisted): fp.msedge.net, cdp-f-ssl-tlu-net.trafficmanager.net, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, dual-s-ring.msedge.net, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, wac-ring.msedge.net, spo-ring.msedge.net, clients2.google.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, r.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, fp-afd.azurefd.us, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, rum8.perf.linkedin.com, t-ring-s.msedge.net, 355ac56fa7f2d2a6fa7b4afa1b0659b9.azr.footprintdns.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, arm-ring.msedge.net, api.edgeoffer.microsoft.com, wildcardtlu-ssl.ec.azureedge.net, settings-win.data.microsoft.com, b-0005.b-msedge.net, edge.microsoft.com, busines
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: PO#86637.lzh

Simulations

Behavior and APIs

Time	Type	Description
14:37:12	API Interceptor	1x Sleep call for process: OpenWith.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
40.126.24.148	https://myqrcode.mobi/30dceb3b	Get hash	malicious	HTMLPhisher	Browse
	https://cloudfiles.to/2cCuCHNsE6x	Get hash	malicious	HTMLPhisher	Browse
	http://8acs9yh98-frosty-disk-c127.emeraldfredia.workers.dev/	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse
	Mackietransportation_sharepoint_online_.rtf	Get hash	malicious	HTMLPhisher	Browse
	https://u43142955.ct.sendgrid.net/ls/click?upn=u001.Gwt2bd6jafSW0bhGOZxCpEKonz8pYRFaSgcqUPWXSSMsvMJYlYDYcuLg-2BVNTnviK-2B7EkH8G3ZVMNOihZ9jk5nwWbiX8pZwzmePiOaZz6r0deKflLbbTZNxr9pGa8a02KUsvEB9poUS-2BYXqaOcbKNJ1iK36YnVlOYK13e2OQssXKqcLouRTA-2FEgN4fq4U6QDHxIXxZgVE43bOCrvpxEZGZ3fNpRmG9Gs-2Bn-2BMTP-2B1mvX5XYmWFxX8DOS1YCDAdrT02R-2BqmTD5eIww6zedCl2tTLHv2FVZysarKX8qrT4PRAK54Qw9ZMaA2gKcz3yO2rwJef12BE9nkvzRgDo3Xp7sO51vG-2BJLYiMQUriEaqA5ZZY0-3DrRRM_EipWn1QLPyPxUOFJOTMsdyewm8SCX28bQkcXfbX-2BkREsqeHm5d4tigVzMYHCs6gyDv-2FFMdEKuADyncHriNl4RNZAb8Xb3FZ5-2FODqZB7X0SD6G7aV1Iv0cnPaqEhQnwfN8Yt0GPVv07b0IU3zRH0pDR6aAD58zb-2BfBjRJbvdQmxqIqwHRp41PL2s-2FmDhw20DwmfgwlGJB-2BIvQXky0maNt6Q-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://u43142955.ct.sendgrid.net/ls/click?upn=u001.Gwt2bd6jafSW0bhGOZxCpEKonz8pYRFaSgcqUPWXSSMsvMJYlYDYcuLg-2BVNTnviK-2B7EkH8G3ZVMNOihZ9jk5nwWbiX8pZwzmePiOaZz6r0deKflLbbTZNxr9pGa8a02KUsvEB9poUS-2BYXqaOcbKNJ1iK36YnVlOYK13e2OQssXKqcLouRTA-2FEgN4fq4U6QDHxIXxZgVE43bOCrvpxEZGZ3fNpRmG9Gs-2Bn-2BMTP-2B1mvX5XYmWFxX8DOS1YCDAdrT02R-2BqmTD5eIww6zedCl2tTLHv2FVZysarKX8qrT4PRAK54Qw9ZMaA2gKcz3yO2rwJef12BE9nkvzRgDo3Xp7sO51vG-2BJLYiMQUriEaqA5ZZY0-3DrOpk_ayFC7OIc8KTVxwlow050Uk2L8VfRIEGVGKphG55vq-2B9GxQcLZb4i2c-2FL13ykrhFohgqpg-2BxNbVudxU8RhoLv9qAl8V0zphdrhkdYBJohNzR0qlINTnbbV3RAeVGvBKv23ZYEvntCED6HJW999l9UAlgeA880TU5-2FlSgFYgXoZlMJNZ9BgUN3V8Hu70q3wQyNrrLyaI2j1Rn-2BeYvdMTL2Jg-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	W8kxmMRqUB.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse
	https://ergv54ergrz.s3.amazonaws.com/uhdigth1.html	Get hash	malicious	Unknown	Browse
	https://4af7549b.8529c6e312800ec39f0414e1.workers.dev	Get hash	malicious	HTMLPhisher	Browse
	https://u43046827.ct.sendgrid.net/ls/click?upn=u001.9VHLeMPT-2FpgU5o8m-2F14MwvUfe0bWbtnJUI8Zq0olKrWHB65SHPLEcoF8PygluFz3tM9xm-2BgSb-2FXs1hN955wBZg-3D-3DWQ1a_HugXHfUURLjio0NDJvkCDhedd6ryxBamWBqA3Uoq0PhwHvltbg0s-2F-2F3Syr-2B5YzCc9T1AL3nYX5XHvHAzVR7pEkVw-2FefYjfGAgXEHr-2Bxv8UN9-2B2uA7NfLReF-2FKHmdycojNEeIKFwihOeDc0oJ0-2Bond-2FRWOKrbFXDRmg4PoOeUaAOnlW0L18SBVAQx2xHhUr1yYvYxeh2DzHe1C-2BJui7zdrXDogBFLSn-2FGSyCqdJTxVpc-3D	Get hash	malicious	HTMLPhisher	Browse
152.195.19.97	http://ustteam.com/	Get hash	malicious	Unknown	Browse	www.ust.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	https://static.rock.so/file/mAm512rA~/mAm512rA/2d214e336544c4cd0b1aaafcfffd0f29/HarringtonElectric.pdf	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://xz0816.cn/	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
s-part-0029.t-0009.t-msedge.net	malicious.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.57
	TBIG.exe	Get hash	malicious	AveMaria, UACMe, XRed	Browse	13.107.246.57
	1RGKUwuqi0.exe	Get hash	malicious	Remcos, PureLog Stealer, XRed	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	0m4MDxiRIE.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.57
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.57
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
sni1gl.wpc.nucdn.net	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	oDkJQOSVzf.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	file.exe	Get hash	malicious	Unknown	Browse	23.44.133.38
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=lTCgUqihHkmFBEet2SbJL2ghryGY169Ih8KbdC_V2rZUQUFOTzhQMTZVVVI2V1RWNjNGNFhXRjdWVy4u&d=DwMFAg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.83.5.113
	Pensacola Country Club.pdf	Get hash	malicious	Unknown	Browse	2.16.241.17
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.42
	https://xop.cjm.mybluehost.me/epubs/2022/AFI/shelves/22Q2-AFI-Motion-Shelf/	Get hash	malicious	Phisher	Browse	2.16.238.162
	http://bestbuy.beautybyjoulexa.com.au/citrix/fxc/bWljaGFlbHNjb2ZpZWxkQGRpc25leS5jb20=	Get hash	malicious	HTMLPhisher	Browse	2.16.241.15
	https://bergtool-my.sharepoint.com/:f:/p/officemgr/EkAEY_TxWUpGjuhgV5jRSO8BD2acB1HjNb72Far_j2tXBg?e=T7fVyK	Get hash	malicious	EvilProxy	Browse	2.16.241.15
	http://partmopspot.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=back4	Get hash	malicious	Unknown	Browse	23.67.131.82
	LETTER ATTACHED.pdf	Get hash	malicious	HTMLPhisher	Browse	2.16.100.168
	https://1drv.ms/o/s!Anj1aub9f0oSf85OHsWb-1KGYts?e=cSo5yQ	Get hash	malicious	Unknown	Browse	88.221.110.248
MICROSOFT-CORP-MSN-AS-BLOCKUS	malicious.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://docsend.com/view/s/p589qibnit8ety2y	Get hash	malicious	Unknown	Browse	150.171.27.10
	INVCherokeebrick.html	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=lTCgUqihHkmFBEet2SbJL2ghryGY169Ih8KbdC_V2rZUQUFOTzhQMTZVVVI2V1RWNjNGNFhXRjdWVy4u&d=DwMFAg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.21.237
	qkkcfptf.exe	Get hash	malicious	Tofsee	Browse	52.101.42.0
	vekvtia.exe	Get hash	malicious	Tofsee	Browse	52.101.8.49
	knkduwqg.exe	Get hash	malicious	Tofsee	Browse	52.101.11.0
	foufdsk.exe	Get hash	malicious	Tofsee	Browse	52.101.40.26
	UUJycuNA6D.exe	Get hash	malicious	Tofsee	Browse	52.101.40.26
EDGECASTUS	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	malicious.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	INVCherokeebrick.html	Get hash	malicious	Unknown	Browse	152.199.21.175
	https://pensiuneaeladi.ro/cli	Get hash	malicious	HtmlDropper	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/nQjnFkp_p_s&urlhash=iY4u&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	https://adminmanager863141.invisionapp.com/freehand/-KiGROBwjb	Get hash	malicious	Unknown	Browse	152.195.15.58
	http://bestbuy.beautybyjoulexa.com.au/citrix/fxc/bWljaGFlbHNjb2ZpZWxkQGRpc25leS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/o4pSLJjGIwU&urlhash=CUME&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	http://www.harmonyhomesestateagency.com	Get hash	malicious	Unknown	Browse	152.199.23.125
MICROSOFT-CORP-MSN-AS-BLOCKUS	malicious.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://docsend.com/view/s/p589qibnit8ety2y	Get hash	malicious	Unknown	Browse	150.171.27.10
	INVCherokeebrick.html	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=lTCgUqihHkmFBEet2SbJL2ghryGY169Ih8KbdC_V2rZUQUFOTzhQMTZVVVI2V1RWNjNGNFhXRjdWVy4u&d=DwMFAg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.21.237
	qkkcfptf.exe	Get hash	malicious	Tofsee	Browse	52.101.42.0
	vekvtia.exe	Get hash	malicious	Tofsee	Browse	52.101.8.49
	knkduwqg.exe	Get hash	malicious	Tofsee	Browse	52.101.11.0
	foufdsk.exe	Get hash	malicious	Tofsee	Browse	52.101.40.26
	UUJycuNA6D.exe	Get hash	malicious	Tofsee	Browse	52.101.40.26

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://cwayq.ru/smt/Link.htm	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	malicious.html	Get hash	malicious	HTMLPhisher	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://www.louisvillesports.org/	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://docsend.com/view/s/p589qibnit8ety2y	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	depositremittance.html	Get hash	malicious	HTMLPhisher	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://static.rock.so/file/mAm512rA~/mAm512rA/2d214e336544c4cd0b1aaafcfffd0f29/HarringtonElectric.pdf	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://sites.google.com/view/roof-engineering-corporation/home&c=E,1,k4HyicC7mrqeK4IQaP1pz5SuSOl_69BoovtbPbLW58x_13zjzi6F2RPSaPKMlA21F9iABlXChLYYEcgiZeviVXFPg4GhRAPI_9Ul0DIsi9MU&typo=1	Get hash	malicious	HTMLPhisher	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	INVCherokeebrick.html	Get hash	malicious	Unknown	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
	https://pensiuneaeladi.ro/cli	Get hash	malicious	HtmlDropper	Browse	204.79.197.222 13.107.246.254 13.107.138.254 4.150.240.254 20.115.155.233 20.80.11.217 52.123.129.254 20.140.48.70 40.127.169.103 20.73.194.208 2.23.209.182 20.190.160.22 51.124.78.146 184.28.90.27 20.190.160.20 2.23.209.162 52.108.9.254 108.174.10.24
6271f898ce5be7dd52b0fc260d0662b3	https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/nQjnFkp_p_s&urlhash=iY4u&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	2.23.209.156
	https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/o4pSLJjGIwU&urlhash=CUME&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	2.23.209.156
	http://10eurodisconto.com?rid=iVbb6Xl	Get hash	malicious	Unknown	Browse	2.23.209.156
	https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1E	Get hash	malicious	HTMLPhisher	Browse	2.23.209.156
	Order enquiry.xla.xlsx	Get hash	malicious	Unknown	Browse	2.23.209.156
	BankPaymAdviceVend.Report.docx	Get hash	malicious	Unknown	Browse	2.23.209.156
	https://decktop.us/MUYKd1	Get hash	malicious	Unknown	Browse	2.23.209.156
	https://tmx.velsol.com/Reporting/Document.aspx?MasterAgreementID=i1339-005394573&ID=aQAxADMAMwA5AC0AMAAwADUAMwA5ADQANQA3ADMA.	Get hash	malicious	Unknown	Browse	2.23.209.156
	https://poge5h0vrx6.typeform.com/to/W4wmNoC2	Get hash	malicious	HTMLPhisher	Browse	2.23.209.156
	(No subject) (63).eml	Get hash	malicious	HTMLPhisher	Browse	2.23.209.156
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Unknown	Browse	13.107.5.88
	newvideozones.click.ps1	Get hash	malicious	Unknown	Browse	13.107.5.88
	provenotrobot.b-cdn.net.ps1	Get hash	malicious	Unknown	Browse	13.107.5.88
	spam-check1.b-cdn.net.ps1	Get hash	malicious	Unknown	Browse	13.107.5.88
	file.exe	Get hash	malicious	Unknown	Browse	13.107.5.88
	https://www.linkedin.com/redir/redirect?url=https://lookerstudio.google.com/s/o4pSLJjGIwU&urlhash=CUME&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	13.107.5.88
	https://m.exactag.com/cl.aspx?extProvApi=sixt-crm_newsletter&extProvId=313&extPu=nl_rac_de&extLi=DE_COR_RENT_CRM_B2C_24_CW33_From%20Intermediate%20Push_ONT_NLW_de_DE_Streichpreis_138402&extCr=Footer_rent&extSi=nl_rac_de_2408_DE&url=http%3a%2f%2ftarumian.am/yaer/ZHdhcm5lckBmbGJsYXd5ZXJzLmNvbQ==	Get hash	malicious	Phisher	Browse	13.107.5.88
	Payment_USD305,000A98E8090KDHKS3300.exe	Get hash	malicious	LummaC Stealer, Snake Keylogger, VIP Keylogger	Browse	13.107.5.88
	https://m.exactag.com/cl.aspx?extProvApi=sixt-crm_newsletter&extProvId=313&extPu=nl_rac_de&extLi=DE_COR_RENT_CRM_B2C_24_CW33_From%20Intermediate%20Push_ONT_NLW_de_DE_Streichpreis_138402&extCr=Footer_rent&extSi=nl_rac_de_2408_DE&url=http%3a%2f%2ftarumian.am/yaer/ZHdhcm5lckBmbGJsYXd5ZXJzLmNvbQ==	Get hash	malicious	Phisher	Browse	13.107.5.88

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2183267076187105
Encrypted:	false
SSDEEP:	6:PRgxS39+q2PsHO2nKuAl9OmbnIFUt82RgJnF3JZmw+2RgJnF39VkwOsHO2nKuAlz:Pmg39+vkHVHAahFUt82mPJ/+2mP9V514
MD5:	C9565D8F53610483EB324C6D91DAE187
SHA1:	B199C6B61D903271AC1E282A9F3040560A1CB77A
SHA-256:	805193D8D0C1AFF8699E384E60391C8C32905B1BB13DB48EE09958A3F567F682
SHA-512:	DA1A0A60735827F49CD953351DE2A49310F0A94FF7C758C37A7EA559D1A0266B1E57A3194819B9E60B5EAEE42691EF8FBD5B98E763636CA53B0F9CF9F89C65E8
Malicious:	false
Preview:	2024/09/03-14:37:37.156 1b4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/03-14:37:37.159 1b4c Recovering log #3.2024/09/03-14:37:37.159 1b4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	65801
Entropy (8bit):	6.10167673989485
Encrypted:	false
SSDEEP:	1536:dMGQ5XMBD4z5OITaU90TpzZrEP+pa9UJUifobYRvu:dMrJMd1gaWwpIUDKM2
MD5:	1B76C9CCAC5D6A4359CB6FC4B81F5907
SHA1:	9AFEFC63118376C90D1811214F334BC39AA524FF
SHA-256:	D0C5A7DFB1E42AEA5F5BCC93DD01ECF270426E9E3A3112C6FAFE780007313E13
SHA-512:	E1B1243B3F50D6598716DCE5D2DC133C39C1E4C7F8A6B4AF2E96A78E5ABAF31AFB02D51332734E912D7B3B76085DA3FBAE9D33CF6034AF0CE0F59F841E6FACD9
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725388738"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1184768
Entropy (8bit):	7.135989343485847
Encrypted:	false
SSDEEP:	24576:RAHnh+eWsN3skA4RV1Hom2KXMmHa1aRT+70E3nKvrNLR8wI5:oh+ZkldoPK8Ya1u63nMrNtu
MD5:	A69359922021282F5801578D336F5478
SHA1:	97EA5B630FDF991839AA565F743C9D058EF15278
SHA-256:	32F54AEC617924A0C4AEF987083214424660A28A38EDA00C481B1BFA1E9B0E04
SHA-512:	81870E1DF4EEBEDCE6A41EFF3E16944C36AA981E28DBFA476AC5F0D76D496E15CC102DC45AD5EA7C94E51B1A8D487F896080FAB9D1EAEDDF861D47A9E8973760
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 27%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L....s.f.........."..........0....................@..........................p............@...@.......@.........................\|.......xl......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...xl.......n...4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................

File type:	LHa (2.x) archive data [lh5], with "PO#86637.exe"
Entropy (8bit):	7.999402970270212
TrID:	LHARC/LZARK compressed archive (6/4) 100.00%
File name:	PO#86637.lzh
File size:	759'529 bytes
MD5:	a7027b59b7eb9c0daa50085eacacd962
SHA1:	722bb45f95b9810e2c6a70d457a300e319690a7b
SHA256:	7c4244fe67e40aab19462fd4aac61daf6856ba63046ce94e14730ba79608ac5d
SHA512:	685ff4ce761e832a822d2ce2b0aa534cf9bae76498ccc5784b2593949874a293faae77ccde02b3fbe8e99e0c9770bc78a9fe16ce2106c06666dc565a97a7e7f2
SSDEEP:	12288:mJNvrsMD9MuEpeoSi3zyVjYbSrzDkqcWcOSt6F1E5e2dDk1Bh+MIRk+g+LRhQk:qNv4efEcoB3GVj0S3vZnnE5eGDk3heRF
TLSH:	05F433CE7D747B12F81812F5B612C8380FD9DA69CFF85EF405F258087178D24AAE6A58
File Content Preview:	"r-lh5-..........#Y ..PO#86637.exe..L`......)z...`<W....H.P.j..,..........(.JE.m2....nfI..3...UK5.m......].t.]Vkiai.j....F.,O?.....w{.{..}.w..{..s.....Y$....M..PA.... .r...C.... ..../.z.....4..^.9O...t.n...v..W..{...NW..J..wr..w+..QJ...G...do...<....3x...

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 3, 2024 20:37:46.083662987 CEST	192.168.2.17	1.1.1.1	0x2a48	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:46.083795071 CEST	192.168.2.17	1.1.1.1	0x93a2	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Sep 3, 2024 20:37:46.268867016 CEST	192.168.2.17	1.1.1.1	0xbcee	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:46.269030094 CEST	192.168.2.17	1.1.1.1	0xf8e	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Sep 3, 2024 20:37:49.527893066 CEST	192.168.2.17	1.1.1.1	0xbf7a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.528053045 CEST	192.168.2.17	1.1.1.1	0xacea	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 3, 2024 20:37:49.528328896 CEST	192.168.2.17	1.1.1.1	0x3496	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.528491974 CEST	192.168.2.17	1.1.1.1	0x8029	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 3, 2024 20:37:49.535669088 CEST	192.168.2.17	1.1.1.1	0xc08a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.535821915 CEST	192.168.2.17	1.1.1.1	0x815e	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Sep 3, 2024 20:39:18.722003937 CEST	192.168.2.17	1.1.1.1	0x469b	Standard query (0)	www.teksales.space	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 3, 2024 20:37:45.027615070 CEST	1.1.1.1	192.168.2.17	0xcef6	No error (0)	svc.ha-teams.office.com	svc.ms-acdc-teams.office.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:45.133774042 CEST	1.1.1.1	192.168.2.17	0xe093	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:45.133774042 CEST	1.1.1.1	192.168.2.17	0xe093	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:45.134985924 CEST	1.1.1.1	192.168.2.17	0x4a0e	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:46.091274977 CEST	1.1.1.1	192.168.2.17	0x93a2	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:46.091289043 CEST	1.1.1.1	192.168.2.17	0x2a48	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:46.275494099 CEST	1.1.1.1	192.168.2.17	0xbcee	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:46.275494099 CEST	1.1.1.1	192.168.2.17	0xbcee	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.225	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:46.277131081 CEST	1.1.1.1	192.168.2.17	0xf8e	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:47.952967882 CEST	1.1.1.1	192.168.2.17	0x647f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:47.952967882 CEST	1.1.1.1	192.168.2.17	0x647f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:47.961219072 CEST	1.1.1.1	192.168.2.17	0xe952	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:48.166418076 CEST	1.1.1.1	192.168.2.17	0x53a	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:48.188405037 CEST	1.1.1.1	192.168.2.17	0x608b	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:48.188405037 CEST	1.1.1.1	192.168.2.17	0x608b	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:48.797904968 CEST	1.1.1.1	192.168.2.17	0xf3fe	No error (0)	shed.dual-low.s-part-0029.t-0009.t-msedge.net	s-part-0029.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:48.797904968 CEST	1.1.1.1	192.168.2.17	0xf3fe	No error (0)	s-part-0029.t-0009.t-msedge.net		13.107.246.57	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.155821085 CEST	1.1.1.1	192.168.2.17	0x9402	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:49.156754971 CEST	1.1.1.1	192.168.2.17	0xf6ae	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:49.156754971 CEST	1.1.1.1	192.168.2.17	0xf6ae	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.534554958 CEST	1.1.1.1	192.168.2.17	0xbf7a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.534554958 CEST	1.1.1.1	192.168.2.17	0xbf7a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.534619093 CEST	1.1.1.1	192.168.2.17	0xacea	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 3, 2024 20:37:49.535136938 CEST	1.1.1.1	192.168.2.17	0x3496	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.535136938 CEST	1.1.1.1	192.168.2.17	0x3496	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.535458088 CEST	1.1.1.1	192.168.2.17	0x8029	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 3, 2024 20:37:49.542536020 CEST	1.1.1.1	192.168.2.17	0xc08a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.542536020 CEST	1.1.1.1	192.168.2.17	0xc08a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:49.542608023 CEST	1.1.1.1	192.168.2.17	0x815e	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Sep 3, 2024 20:37:51.190004110 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:51.190004110 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:52.200859070 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:52.200859070 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:53.202159882 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:53.202159882 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:55.209194899 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:55.209194899 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:37:59.229914904 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 20:37:59.229914904 CEST	1.1.1.1	192.168.2.17	0x367f	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 3, 2024 20:39:18.731959105 CEST	1.1.1.1	192.168.2.17	0x469b	Name error (3)	www.teksales.space	none	none	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=D4vH3fEBGN6CPxh&MD=aM5C1EF6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-03 18:37:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: b66c7d97-05ab-4da8-ad07-9bff3783fe1c MS-RequestId: 31a83062-d472-4a21-87d1-3b4755e262f1 MS-CV: jsMC7AyhUkysx5gQ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 03 Sep 2024 18:37:13 GMT Connection: close Content-Length: 24490
2024-09-03 18:37:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-03 18:37:14 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:23 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-03 18:37:24 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=252497 Date: Tue, 03 Sep 2024 18:37:23 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:24 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-03 18:37:25 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=252550 Date: Tue, 03 Sep 2024 18:37:24 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-03 18:37:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:27 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-09-03 18:37:27 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-03 18:37:29 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 03 Sep 2024 18:36:27 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: 09b15d31-423a-4b15-9d22-b148798aa868 PPServer: PPV: 30 H: PH1PEPF00011E5A V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 03 Sep 2024 18:37:27 GMT Connection: close Content-Length: 10173
2024-09-03 18:37:29 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:30 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-09-03 18:37:30 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-03 18:37:31 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 03 Sep 2024 18:36:30 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: dec94e17-74a4-44f0-b9cf-4c1c3c61f15c PPServer: PPV: 30 H: SN1PEPF0002F1B3 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 03 Sep 2024 18:37:30 GMT Connection: close Content-Length: 10173
2024-09-03 18:37:31 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:33 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-09-03 18:37:33 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-03 18:37:33 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 03 Sep 2024 18:36:33 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: cd289438-ea90-4c08-80d8-2bf531f4070e PPServer: PPV: 30 H: PH1PEPF00011E58 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 03 Sep 2024 18:37:33 GMT Connection: close Content-Length: 10173
2024-09-03 18:37:33 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:35 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-09-03 18:37:35 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-03 18:37:36 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 03 Sep 2024 18:36:35 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: 06ed80d9-aaf2-45b9-8f86-d9ed6eda32dd PPServer: PPV: 30 H: SN1PEPF0002F1B3 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 03 Sep 2024 18:37:34 GMT Connection: close Content-Length: 10173
2024-09-03 18:37:36 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:42 UTC	749	OUT	GET /rb/16/jnc,nj/4bnLx4S3ZRMpYV30k3R5vRy8JVg.js?bu=DygxeIQBiQGMAYEBe37EAccBMbcBMcoB&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de
2024-09-03 18:37:42 UTC	1226	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Sat, 31 Aug 2024 01:30:47 GMT X-EventID: 66d2edfc513e47a5943f3149f86490b1 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: DUBEEAP0000E06B X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=142864 Expires: Thu, 05 Sep 2024 10:18:46 GMT Date: Tue, 03 Sep 2024 18:37:42 GMT Content-Length: 21924 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.08d01702.1725388662.91ee564 Timing-Allow-Origin: *
2024-09-03 18:37:42 UTC	15158	IN	Data Raw: 2f 2a 21 44 69 73 61 62 6c 65 4a 61 76 61 73 63 72 69 70 74 50 72 6f 66 69 6c 65 72 2a 2f 0a 76 61 72 20 42 4d 3d 42 4d 7c 7c 7b 7d 3b 42 4d 2e 63 6f 6e 66 69 67 3d 7b 42 3a 7b 74 69 6d 65 6f 75 74 3a 31 65 33 2c 64 65 6c 61 79 3a 37 35 30 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 2c 73 65 6e 64 6c 69 6d 69 74 3a 32 30 2c 6d 61 78 50 61 79 6c 6f 61 64 53 69 7a 65 3a 37 65 33 7d 2c 56 3a 7b 64 69 73 74 61 6e 63 65 3a 32 30 7d 2c 4e 3a 7b 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 45 3a 7b 62 75 66 66 65 72 3a 33 30 2c 74 69 6d 65 6f 75 74 3a 35 65 33 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 43 3a 7b 64 69 73 74 61 6e 63 65 3a 35 30 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 76 74 28 29 7b 69 Data Ascii: /!DisableJavascriptProfiler/var BM=BM\|\|{};BM.config={B:{timeout:1e3,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:7e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:50}},function(n){function vt(){i
2024-09-03 18:37:42 UTC	6766	IN	Data Raw: 6e 64 2c 69 29 2c 70 74 3d 74 28 6f 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 69 29 2c 77 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 2c 69 29 2c 62 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 69 29 2c 6f 74 3d 6e 75 6c 6c 2c 73 74 3d 6e 2e 6c 61 79 6f 75 74 28 29 3b 66 6f 72 28 74 74 3d 30 3b 74 74 3c 73 74 2e 6c 65 6e 67 74 68 3b 74 74 2b 2b 29 7b 76 61 72 20 62 3d 73 74 5b 74 74 5d 2c 64 74 3d 62 2e 5f 65 2c 68 74 3d 62 2e 5f 73 3b 69 66 28 68 74 26 26 67 3d 3d 3d 68 74 29 7b 6f 74 3d 62 2e 69 3b 62 2e 78 3c 68 2e 77 26 26 62 2e 79 3c 68 2e 68 26 26 28 66 3d 65 74 29 3b 62 72 65 61 6b 7d 7d 72 74 3d 7b 5f 72 3a 6f 2c 74 3a 65 74 2c 69 3a 70 2e 6c 65 6e 67 74 68 2c 6c 3a 6f 74 2c 68 3a 77 5b 31 5d 2c 70 3a 77 5b 32 5d 2e 6c 65 6e Data Ascii: nd,i),pt=t(o.requestStart,i),wt=t(o.responseStart,i),bt=t(o.responseEnd,i),ot=null,st=n.layout();for(tt=0;tt<st.length;tt++){var b=st[tt],dt=b._e,ht=b._s;if(ht&&g===ht){ot=b.i;b.x<h.w&&b.y<h.h&&(f=et);break}}rt={_r:o,t:et,i:p.length,l:ot,h:w[1],p:w[2].len

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:43 UTC	764	OUT	GET /rb/19/cir3,ortl,cc,nc/CYGXBN1kkA_ojDY5vKbCoG4Zy0E.css?bu=C6QJlgOrBIAK5QjPCN4GXV1dXQ&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:44 UTC	1211	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Wed, 26 Jun 2024 16:57:25 GMT X-EventID: 66c0f3d4bd3e40cdb2f9b7a841fef111 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: DUBEEAP0000E01B X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=129336 Expires: Thu, 05 Sep 2024 06:33:19 GMT Date: Tue, 03 Sep 2024 18:37:43 GMT Content-Length: 20421 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.3ad01702.1725388663.1573f911 Timing-Allow-Origin: *
2024-09-03 18:37:44 UTC	15173	IN	Data Raw: 2e 73 77 5f 70 6c 75 73 2c 2e 73 77 5f 75 70 2c 2e 73 77 5f 64 6f 77 6e 2c 2e 73 77 5f 73 74 2c 2e 73 77 5f 73 74 68 2c 2e 73 77 5f 73 74 65 2c 2e 73 77 5f 74 70 63 62 6b 2c 2e 73 77 5f 70 6c 61 79 2c 2e 73 77 5f 70 6c 61 79 64 2c 2e 73 77 5f 70 6c 61 79 61 2c 2e 73 77 5f 70 6c 61 79 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 4d 44 4c 32 20 41 73 73 65 74 73 22 7d 2e 73 77 5f 70 6c 75 73 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 ee 9c 90 22 7d 2e 73 77 5f 70 6c 61 79 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 61 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 64 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 70 3a 61 66 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 63 6f Data Ascii: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:""}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;co
2024-09-03 18:37:44 UTC	5248	IN	Data Raw: 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6e 73 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6c 67 6f 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 6e 61 76 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 6c 69 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 62 5f 63 61 70 74 69 6f 6e 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 Data Ascii: ipt+script+.b_algo,body[dir] #b_results>.b_ans+script+script+.b_ans,body[dir] #b_results>.b_algo+script+script+.b_ans,body[dir] #b_results>.b_nav+script+script+.b_algo{margin-top:4px}body[dir] #b_results>li>:last-child,body[dir] .b_caption>:last-child,b

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:43 UTC	798	OUT	GET /th?id=OSAAS.96AB7892FAA95B223FEB6A7FBF0DC50B&w=72&h=72&c=1&rs=1&pcl=1b1a19&o=6&pid=5.1 HTTP/1.1 Referer: https://www.bing.com/ Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: th.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:44 UTC	745	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 689 Cache-Control: public, max-age=829331 Date: Tue, 03 Sep 2024 18:37:43 GMT X-Cache: TCP_HIT from a2-23-208-7.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-) Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07d01702.1725388663.13f730c6 X-Check-Cacheable: YES
2024-09-03 18:37:44 UTC	689	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 0a 0a 0a 0a 0a 0a 0b 0c 0c 0b 0f 10 0e 10 0f 16 14 13 13 14 16 22 18 1a 18 1a 18 22 33 20 25 20 20 25 20 33 2d 37 2c 29 2c 37 2d 51 40 38 38 40 51 5e 4f 4a 4f 5e 71 65 65 71 8f 88 8f bb bb fb 01 0a 0a 0a 0a 0a 0a 0b 0c 0c 0b 0f 10 0e 10 0f 16 14 13 13 14 16 22 18 1a 18 1a 18 22 33 20 25 20 20 25 20 33 2d 37 2c 29 2c 37 2d 51 40 38 38 40 51 5e 4f 4a 4f 5e 71 65 65 71 8f 88 8f bb bb fb ff c2 00 11 08 00 48 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 00 05 06 01 03 07 04 ff da 00 08 01 01 00 00 00 00 a9 00 00 00 06 3a 17 ba ab 5a 0c 75 f8 68 5a a0 26 ed 5a 28 20 00 00 00 ff c4 00 19 01 01 01 00 03 01 00 00 00 00 00 00 00 00 00 00 Data Ascii: JFIF""3 % % 3-7,),7-Q@88@Q^OJO^qeeq""3 % % 3-7,),7-Q@88@Q^OJO^qeeqHH":ZuhZ&Z(

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:43 UTC	798	OUT	GET /th?id=OVP.r4TV7c5KCyRojdt-tMkPMQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1 Referer: https://www.bing.com/ Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: th.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:44 UTC	747	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1296 X-Check-Cacheable: YES Cache-Control: public, max-age=844009 Date: Tue, 03 Sep 2024 18:37:43 GMT X-Cache: TCP_MISS from a2-23-208-12.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-) Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.0cd01702.1725388663.1e170de
2024-09-03 18:37:44 UTC	797	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff 01 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff ff c2 00 11 08 00 51 00 90 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 08 01 01 00 00 00 00 eb 1d 36 d8 24 a5 24 3a 6d ee 53 cb 07 d0 b9 92 4e dd 6b d4 03 01 f9 69 23 4a ad ba f0 ce 9c cf 53 f2 d2 4e e9 65 e9 6b 40 18 d7 9c Data Ascii: JFIF!!-(-=8338=]BGBGB]XgXXgX}{s{}!!-(-=8338=]BGBGB]XgXXgX}{s{}Q"6$$:mSNki#JSNek@
2024-09-03 18:37:44 UTC	499	IN	Data Raw: ad 3b 27 9d 63 fa d3 b2 27 8b 78 8b 64 c9 d9 3c df 14 3e e2 b7 b2 08 7c 67 1a 3a 62 5b 86 53 c3 f2 aa 3f 8e cd 66 2b 4f f7 1e e6 e6 31 98 55 4d 42 58 80 38 93 1e 9d 31 59 5e 9b 03 f8 8e 6c e1 87 19 54 02 4f 26 10 d3 7d 62 a4 18 00 53 6b 1b f2 19 c2 1b 72 7f 97 48 c9 62 61 c2 0b b9 02 56 f8 2c a5 51 c1 68 9b b7 cc 1d 13 4a 8f d5 ea 63 73 a7 cc 30 bd 4f db 3c c7 09 d4 fd b0 f8 86 0c 82 09 7e d8 f5 e8 5c 85 66 2b c0 da 3b a1 c8 98 95 54 21 53 d4 0c a6 f5 19 98 dd 9a c0 93 ec 23 5d c1 b2 b1 37 5f ed b2 8c 49 51 f4 9b dc ff 00 ce 70 eb ea 9b d2 62 02 83 7c 88 0d 94 b1 a7 7d 5a 2c a6 e5 49 27 8c 0e f4 c0 c9 01 17 dc 23 b8 20 9b 92 62 59 2e 73 33 0a d8 3a 56 7a 8e cc ff 00 c7 70 9e 61 84 ea 7e d9 f3 d8 63 d7 db 3e 7b 0f 6b dd fb 76 c7 19 c7 40 c8 c1 c3 de 36 49 Data Ascii: ;'c'xd<>\|g:b[S?f+O1UMBX81Y^lTO&}bSkrHbaV,QhJcs0O<~\f+;T!S#]7_IQpb\|}Z,I'# bY.s3:Vzpa~c>{kv@6I

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:43 UTC	798	OUT	GET /th?id=OVP.UQPTR-3zKpzkx3TaxM2S_AHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1 Referer: https://www.bing.com/ Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: th.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:44 UTC	746	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1565 X-Check-Cacheable: YES Cache-Control: public, max-age=728890 Date: Tue, 03 Sep 2024 18:37:43 GMT X-Cache: TCP_MISS from a2-23-208-8.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-) Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.08d01702.1725388663.91ee904
2024-09-03 18:37:44 UTC	797	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff 01 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff ff c2 00 11 08 00 51 00 90 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 02 01 03 06 05 04 ff da 00 08 01 01 00 00 00 00 d1 79 7d 99 82 2b 4b a8 85 b9 95 3d 9c ad b7 87 df 9d 88 a8 b9 01 27 c8 be 9f 1e d6 ba f3 37 bd 25 b2 92 89 e6 03 ae 73 14 b7 4b 75 Data Ascii: JFIF!!-(-=8338=]BGBGB]XgXXgX}{s{}!!-(-=8338=]BGBGB]XgXXgX}{s{}Q"y}+K='7%sKu
2024-09-03 18:37:44 UTC	768	IN	Data Raw: fe eb 3b 64 54 ea 0c 58 7e 66 8e 36 f9 7c db 1e 5e d9 e2 bb 6d 9e 32 b9 58 a3 66 ec 01 a5 98 98 ac 46 24 61 2c cb b6 6b a7 70 a4 b8 56 f2 5d 6d a2 1c 39 ed 83 34 98 cb 8a 2f cc b1 bb 32 49 fc 25 6b e9 a3 38 7c b7 7e cb 26 ab 9f a5 58 c4 25 97 73 92 41 2a 40 cd b8 ad 5d c5 1b 96 12 cc 6a 5c 91 f0 5c b4 71 e4 a8 5c 9a 80 b3 e9 50 e1 08 0a 32 6a 0e 1b 7f b0 93 47 18 99 1d 05 ad e9 95 36 b7 6c 64 a7 c7 97 10 53 56 7b 66 27 ee 53 62 c3 62 6c df ca 76 32 6a 2d 24 e5 ab 98 85 7b 29 6f 24 11 96 4c ef c8 20 54 8a 9e 34 e1 6c 52 88 60 8f 4f c2 f8 92 21 42 25 3b bb b1 67 62 cc 77 93 c7 60 13 7e c8 0a 18 9b 8b 00 ee 35 6b 0a a6 74 98 5b 22 be 8b 87 f7 7b 7e 51 5a 2c 1f f2 6c ff 00 61 5a 2c 1e af a8 b3 e5 15 a3 c1 fb bd 9f 2d 0b 18 46 dd 87 b5 e4 14 d6 b0 4a 40 6b 16 Data Ascii: ;dTX~f6\|^m2XfF$a,kpV]m94/2I%k8\|~&X%sA*@]j\\q\P2jG6ldSV{f'Sbblv2j-${)o$L T4lR`O!B%;gbw`~5kt["{~QZ,laZ,-FJ@k

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:43 UTC	798	OUT	GET /th?id=OVP.dPV13t-NIQXujgNcHVEciQHgFo&w=144&h=81&c=7&rs=1&qlt=30&pcl=1b1a19&o=6&pid=1.7 HTTP/1.1 Referer: https://www.bing.com/ Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: th.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:44 UTC	748	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1531 X-Check-Cacheable: YES Cache-Control: public, max-age=755260 Date: Tue, 03 Sep 2024 18:37:43 GMT X-Cache: TCP_MISS from a2-23-208-22.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-) Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.16d01702.1725388663.164e1e9c
2024-09-03 18:37:44 UTC	800	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff 01 1b 1b 1b 1b 1c 1b 1e 21 21 1e 2a 2d 28 2d 2a 3d 38 33 33 38 3d 5d 42 47 42 47 42 5d 8d 58 67 58 58 67 58 8d 7d 97 7b 73 7b 97 7d e0 b0 9c 9c b0 e0 ff d9 ce d9 ff ff ff ff ff ff ff ff ff ff ff ff c2 00 11 08 00 51 00 90 03 01 22 00 02 11 01 03 11 01 ff c4 00 19 00 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 02 03 04 01 05 ff da 00 08 01 01 00 00 00 00 ca 00 00 38 1d 40 04 dc df 09 db 82 a9 68 d5 65 86 6c d9 9c b6 45 3c 96 cf 4a cb 4c 98 fc e9 fb 74 55 65 7c cd 47 7d 3d 7b 1d cb e7 f9 Data Ascii: JFIF!!-(-=8338=]BGBGB]XgXXgX}{s{}!!-(-=8338=]BGBGB]XgXXgX}{s{}Q"8@helE<JLtUe\|G}={
2024-09-03 18:37:44 UTC	731	IN	Data Raw: 49 94 10 14 1b f7 02 7b 0d 65 56 eb 58 8b d6 45 a0 8a 0d ed 44 56 3c ae 80 fd 68 fa 04 32 9d 3b 21 fa 4f a9 f8 d2 41 3c 9c 51 09 e3 96 ae 69 52 46 47 65 ec 40 2f c7 be ae 7b cd 4b 33 cc e5 da ae 68 41 3b 14 02 36 bb 0b ad 0e d1 50 62 22 48 90 15 72 40 a8 71 25 24 8e 4d 06 ca a6 fd b5 ef 74 e4 3d 7b dd 39 0f 49 f2 aa 3b 05 d1 61 e6 68 63 12 2d 67 fa d7 6c d6 cf 4d 89 00 f1 8d bd 6a 79 83 aa 00 9f 78 9c 7a 30 d3 22 61 cb 33 0c f0 96 31 8e fc f4 ef 86 32 c2 99 94 c6 4c 92 3f 9b 57 c3 69 85 cb 1f ee d9 8b 7d b9 e9 bd 95 63 99 41 88 46 da 76 ca 6e e4 5e a4 f6 44 2a 4a 42 7e 93 80 4e 5d 3a e0 a3 46 20 87 68 c1 1f 9c b5 62 16 11 0c 39 34 c1 fb 40 37 35 14 fd 7c 11 69 bf 91 f3 f1 a1 da 2b 0c 98 31 0c 65 b1 88 af 6e 20 ad 5f 07 e3 d3 69 ab e0 fc 7a 6d ac d8 4f 1c Data Ascii: I{eVXEDV<h2;!OA<QiRFGe@/{K3hA;6Pb"Hr@q%$Mt={9I;ahc-glMjyxz0"a312L?Wi}cAFvn^D*JB~N]:F hb94@75\|i+1en _izmO

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:44 UTC	462	OUT	GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: fp.msedge.net Connection: Keep-Alive
2024-09-03 18:37:44 UTC	429	IN	HTTP/1.1 200 OK Cache-Control: public,max-age=900 Content-Length: 19801 Content-Type: application/json; charset=utf-8 ETag: "1612073033" Access-Control-Allow-Origin: * Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1DBA1BA85AC44DFB98B33BDFC3484B8E Ref B: EWR30EDGE0816 Ref C: 2024-09-03T18:37:44Z Date: Tue, 03 Sep 2024 18:37:43 GMT Connection: close
2024-09-03 18:37:44 UTC	3750	IN	Data Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b Data Ascii: {"s":5000,"n":3,"e":[{"e":".azr.footprintdns.com","w":5000,"m":128},{"e":".clo.footprintdns.com","w":2000,"m":1},{"e":".clo.footprintdns.com","w":100,"m":128},{"e":".nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
2024-09-03 18:37:44 UTC	48	IN	Data Raw: 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 35 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 Data Ascii: re.com","w":3,"m":128},{"e":"cpq25prdapp02-canar
2024-09-03 18:37:44 UTC	4096	IN	Data Raw: 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 71 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 76 6c 30 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 Data Ascii: y-opaph.netmon.azure.com","w":3,"m":128},{"e":"cq1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"c-ring.msedge.net","w":2000,"m":3},{"e":"c-ring-fallback.msedge.net","w":50,"m":3},{"e":"cvl02prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e
2024-09-03 18:37:44 UTC	4096	IN	Data Raw: 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 67 76 78 30 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d Data Ascii: :"fra23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"graph.azurefd.net","w":1,"m":1},{"e":"graph.azurefd.net","w":1,"m":8},{"e":"graph.microsoft.com","w":1,"m":1},{"e":"graph.microsoft.com","w":1,"m":8},{"e":"gvx01prdapp01-canary-opaph.netm
2024-09-03 18:37:44 UTC	4096	IN	Data Raw: 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 73 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 73 61 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 Data Ascii: {"e":"nag20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"o-ring.msedge.net","w":100,"m":3},{"e":"o-ring-fallback.msedge.net","w":50,"m":3},{"e":"osa20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"osa22prdapp02-canary-opaph.netmon.a
2024-09-03 18:37:44 UTC	3715	IN	Data Raw: 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 37 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 70 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 73 70 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 73 70 6f 76 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 Data Ascii: prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"sn7prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"spo-ring.msedge.net","w":2000,"m":3},{"e":"spo-ring-fallback.msedge.net","w":50,"m":3},{"e":"spov-ring-fallback.msedge.net","w":50

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:45 UTC	754	OUT	GET /rb/19/cir3,ortl,cc,nc/oT6Um3bDKq3bSDJ4e0e-YJ5MXCI.css?bu=B74CSK0CiwFdXcoC&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:45 UTC	1209	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Wed, 21 Feb 2024 02:23:36 GMT X-EventID: 66be614c0512428b981f870fd7d1df7f UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: DUBEEAP0000E0BA X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=351058 Expires: Sat, 07 Sep 2024 20:08:43 GMT Date: Tue, 03 Sep 2024 18:37:45 GMT Content-Length: 6022 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.27d01702.1725388665.baf9a32 Timing-Allow-Origin: *
2024-09-03 18:37:45 UTC	6022	IN	Data Raw: 2e 62 5f 73 65 61 72 63 68 62 6f 78 53 75 62 6d 69 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 72 70 2f 34 69 5a 49 7a 5f 6f 41 4c 31 79 70 37 64 69 5f 36 44 39 65 32 65 6e 58 69 4d 4d 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 34 32 70 78 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 30 70 78 20 33 38 70 78 7d 2e 62 5f 6c 6f 67 6f 7b 77 69 64 74 68 3a 32 32 70 78 3b 68 65 69 67 68 74 3a 33 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 7d 2e 62 5f 6c 6f 67 6f 3a 61 66 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 64 Data Ascii: .b_searchboxSubmit{background:url(/rp/4iZIz_oAL1yp7di_6D9e2enXiMM.png) no-repeat -42px 0;background-size:320px 38px}.b_logo{width:22px;height:37px;position:relative;display:inline-block;overflow:hidden;direction:ltr}.b_logo:after{position:absolute;top:0;d

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO#86637.lzh

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5e6c3e25-165f-433e-9aaa-9148b808474b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5296

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
PO#86637.lzh

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:45 UTC	1136	OUT	GET /search?q=winzip&filters=ufn%3a%22WinZip%22+sid%3a%22b48dd0f0-bb36-6274-cfec-3c3a69d12ee4%22&asbe=AS&form=WNSGPH&qs=MB&cvid=a63159470eb544349f42372c14c71861&pq=winzip&cc=CH&setlang=en-CH&nclid=99325A50A46066F842A6B684698F464A&ts=1725388663068&nclidts=1725388663&tsms=068&wsso=Moderate HTTP/1.1 Host: www.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-03 18:37:46 UTC	3361	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0 Expires: Tue, 03 Sep 2024 18:36:46 GMT X-EventID: 66d7577aa6494ee7b1239bcd66a9399e X-AS-SetSessionMarket: de-ch Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy-Report-Only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-x1Sma3WRzoTe2kHagNVFSNoAgfRfNlcQt8qFSBy1V9A='; base-uri 'self';report-to csp-endpoint Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]} Report-To: {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]} P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true} Cross-Origin-Embedder-Policy-Report-Only: 'require-corp; report-to=\"crossorigin-errors\"' Cross-Origin-Opener-Policy-Report-Only: 'same-origin; report-to=\"crossorigin-errors\"' Date: Tue, 03 Sep 2024 18:37:46 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Set-Cookie: MUID=296F673E836866D21C8673D1822B6714; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Set-Cookie: MUIDB=296F673E836866D21C8673D1822B6714; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; HttpOnly Set-Cookie: USRLOC=HS=1; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: SRCHD=AF=WNSGPH; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUSR=DOB=20240903; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Set-Cookie: _SS=SID=1A6B8580A36667FE1D22916FA225666E; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: CortanaAppUID=99325A50A46066F842A6B684698F464A; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.08d01702.1725388666.91ef00d
2024-09-03 18:37:46 UTC	102	IN	Data Raw: 30 30 30 30 30 30 35 41 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 0d 0a Data Ascii: 0000005A<!DOCTYPE html><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml
2024-09-03 18:37:46 UTC	16296	IN	Data Raw: 30 30 30 30 33 46 39 43 0d 0a 22 20 78 6d 6c 6e 73 3a 57 65 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6c 69 76 65 2e 63 6f 6d 2f 57 65 62 2f 22 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 78 31 53 6d 61 33 57 52 7a 6f 54 65 32 6b 48 61 67 4e 56 46 53 4e 6f 41 67 66 52 66 4e 6c 63 51 74 38 71 46 53 42 79 31 56 39 41 3d 22 20 3e 2f 2f 3c 21 5b 43 44 41 54 41 5b 0d 0a 73 69 5f 53 54 3d 6e 65 77 20 44 61 74 65 0d 0a 2f 2f 5d 5d 3e 3c 2f 73 63 72 69 70 74 3e 3c 68 65 61 64 3e 3c 21 2d 2d 70 63 2d 2d 3e 3c 74 69 74 6c 65 3e 77 69 6e 7a 69 70 20 2d 20 53 65 61 72 63 68 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 Data Ascii: 00003F9C" xmlns:Web="http://schemas.live.com/Web/"><script type="text/javascript" nonce="x1Sma3WRzoTe2kHagNVFSNoAgfRfNlcQt8qFSBy1V9A=" >//<![CDATA[si_ST=new Date//...</script><head>...pc--><title>winzip - Search</title><meta content="text/html; cha
2024-09-03 18:37:46 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 30 7d 23 62 5f 72 65 73 75 6c 74 73 20 2e 62 5f 61 64 20 2e 62 5f 76 6c 69 73 74 32 63 6f 6c 2c 23 62 5f 72 65 73 75 6c 74 73 20 2e 62 5f 61 64 20 2e 62 5f 66 61 63 74 72 6f 77 2c 23 62 5f 72 65 73 75 6c 74 73 20 2e 62 5f 61 64 20 2e 62 5f 62 63 66 61 63 74 72 6f 77 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 36 70 78 7d 23 62 5f 72 65 73 75 6c 74 73 20 2e 62 5f 61 64 20 2e 73 62 5f 61 64 52 41 20 2e 62 5f 76 6c 69 73 74 32 63 6f 6c 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 73 78 5f 63 69 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 35 65 35 65 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 3b 77 69 64 74 68 3a 38 30 70 78 3b 68 65 69 67 68 74 3a 36 30 70 78 7d 2e 62 5f 66 61 76 69 63 6f 6e 7b 6d 61 72 67 Data Ascii: 000040000}#b_results .b_ad .b_vlist2col,#b_results .b_ad .b_factrow,#b_results .b_ad .b_bcfactrow{margin-top:-6px}#b_results .b_ad .sb_adRA .b_vlist2col{padding-left:0}.sx_ci{border:1px solid #e5e5e5;margin-top:3px;width:80px;height:60px}.b_favicon{marg
2024-09-03 18:37:46 UTC	12	IN	Data Raw: 6f 72 64 65 72 2d 62 6f 74 74 0d 0a Data Ascii: order-bott
2024-09-03 18:37:46 UTC	1189	IN	Data Raw: 30 30 30 30 30 34 39 39 0d 0a 6f 6d 3a 33 70 78 20 73 6f 6c 69 64 20 23 63 63 63 7d 23 62 5f 68 65 61 64 65 72 20 2e 73 63 6f 70 65 62 61 72 5f 70 69 70 65 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 23 62 5f 68 65 61 64 65 72 20 2e 62 5f 73 63 6f 70 65 62 61 72 20 6c 69 2e 62 5f 6e 6f 68 6f 76 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 23 62 5f 72 65 73 75 6c 74 73 20 2e 62 5f 6c 69 6e 65 63 6c 61 6d 70 31 2c 23 62 5f 63 6f 6e 74 65 78 74 20 2e 62 5f 6c 69 6e 65 63 6c 61 6d 70 31 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 2d 63 6c 61 6d 70 3a 31 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 6f 76 65 72 66 6c Data Ascii: 00000499om:3px solid #ccc}#b_header .scopebar_pipe{border-bottom:none}#b_header .b_scopebar li.b_nohov:hover{border-bottom:none}#b_results .b_lineclamp1,#b_context .b_lineclamp1{display:-webkit-box;-webkit-line-clamp:1;-webkit-box-orient:vertical;overfl
2024-09-03 18:37:46 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2d 74 6f 70 3a 38 70 78 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 7a 2d 69 6e 64 65 78 3a 33 30 30 30 39 7d 23 71 73 5f 73 65 61 72 63 68 42 6f 78 3a 68 6f 76 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 35 29 2c 30 20 32 70 78 20 34 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 34 29 7d 23 71 73 5f 73 65 6c 65 63 74 65 64 54 65 78 74 7b 6f 72 64 65 72 3a 32 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 20 31 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 Data Ascii: 00004000-top:8px;display:none;cursor:pointer;font-weight:600;z-index:30009}#qs_searchBox:hover{box-shadow:0 0 0 1px rgba(0,0,0,.05),0 2px 4px 1px rgba(0,0,0,.14)}#qs_selectedText{order:2;margin:auto 12px;overflow:hidden;text-overflow:ellipsis;white-spac
2024-09-03 18:37:46 UTC	12	IN	Data Raw: 5f 6c 6f 67 6f 3a 61 66 74 65 0d 0a Data Ascii: _logo:afte
2024-09-03 18:37:46 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 72 7b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 2d 34 38 70 78 20 30 7d 40 6d 65 64 69 61 28 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 73 3a 61 63 74 69 76 65 29 7b 2e 62 5f 6c 6f 67 6f 7b 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 2d 61 64 6a 75 73 74 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 7d 7d 2e 62 5f 6c 6f 67 6f 41 72 65 61 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 3b 77 69 64 74 68 3a 31 34 30 70 78 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 20 30 20 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 62 5f 6c 6f 67 6f 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b Data Ascii: 00004000r{transform-origin:-48px 0}@media(forced-colors:active){.b_logo{forced-color-adjust:none;background-color:#000}}.b_logoArea{text-align:right;width:140px;height:40px;margin:0 20px 0 0;vertical-align:top}.b_logo{text-align:left;vertical-align:top;
2024-09-03 18:37:46 UTC	12	IN	Data Raw: 76 65 72 5f 69 74 65 6d 3a 68 0d 0a Data Ascii: ver_item:h
2024-09-03 18:37:46 UTC	7964	IN	Data Raw: 30 30 30 30 31 46 31 30 0d 0a 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 63 6f 6c 6f 72 3a 23 31 31 31 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 23 62 2d 73 63 6f 70 65 4c 69 73 74 49 74 65 6d 2d 6d 65 6e 75 20 2e 62 5f 73 70 5f 6f 76 65 72 5f 69 74 65 6d 2e 64 69 76 69 64 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 7d 23 62 2d 73 63 6f 70 65 4c 69 73 74 49 74 65 6d 2d 6d 65 6e 75 20 2e 62 5f 73 70 5f 6f 76 65 72 5f 69 74 65 6d 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 39 70 78 3b 74 65 78 74 2d 74 72 61 Data Ascii: 00001F10over{background:#f5f5f5;color:#111;border-bottom:none}#b-scopeListItem-menu .b_sp_over_item.divider{border-top:1px solid #ddd}#b-scopeListItem-menu .b_sp_over_item a{display:inline-block;width:100%;height:100%;padding:0;line-height:39px;text-tra

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:46 UTC	743	OUT	GET /rb/3D/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:46 UTC	1210	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Thu, 07 Dec 2023 22:46:12 GMT X-EventID: 66cd6a41a27a4a1991dac2f0a4c0f1a4 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: DUBEEAP0000E030 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=170261 Expires: Thu, 05 Sep 2024 17:55:27 GMT Date: Tue, 03 Sep 2024 18:37:46 GMT Content-Length: 15967 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.2fd01702.1725388666.9eddfd3 Timing-Allow-Origin: *
2024-09-03 18:37:46 UTC	15174	IN	Data Raw: 68 74 6d 6c 7b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 6f 64 79 5b 64 69 72 5d 20 74 61 62 6c 65 2c 62 6f 64 79 5b 64 69 72 5d 20 74 64 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 53 61 6e 73 2d 53 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 62 6f 64 79 5b 64 69 72 5d 7b 6d 61 72 67 69 6e 3a 30 7d 62 6f 64 79 20 2e 74 61 6c 6c 55 78 7b Data Ascii: html{-ms-user-select:none;overflow-y:hidden;overflow-x:hidden;cursor:default}body[dir] table,body[dir] td{margin:0;padding:0}body{font-size:15px;line-height:20px;font-family:"Segoe UI",Arial,Helvetica,Sans-Serif;color:#000}body[dir]{margin:0}body .tallUx{
2024-09-03 18:37:46 UTC	793	IN	Data Raw: 74 28 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 29 3a 6e 6f 74 28 2e 63 6f 72 74 61 6e 61 49 63 6f 6e 29 20 2e 69 63 6f 6e 20 69 6d 67 7b 77 69 64 74 68 3a 31 33 70 78 3b 68 65 69 67 68 74 3a 31 33 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 6d 69 6e 2d 77 69 64 74 68 3a 34 34 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 6e 6f 72 6d 61 6c 69 7a 65 64 42 69 67 Data Ascii: t(.secondaryIcon):not(.cortanaIcon) .icon img{width:13px;height:13px}.asPadding .doubleLine .secondaryIcon>.icon{min-width:44px;min-height:44px;max-height:44px}body[dir] .asPadding .doubleLine .secondaryIcon>.icon{padding-top:6px}.asPadding .normalizedBig

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:46 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-03 18:37:46 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Tue, 03 Sep 2024 18:37:45 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=0f60106f5ba8f78edacc2698bdde648fc9ccae752f545c6d9b8d13c2be8a63f2;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=0f60106f5ba8f78edacc2698bdde648fc9ccae752f545c6d9b8d13c2be8a63f2;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:46 UTC	864	OUT	GET /qbox?query=winzip&language=en-GB&pt=EdgBox&cvid=99c46d95263a45e3983eccc76418966b&oit=0&pgcl=22&richanswersentity=1 HTTP/1.1 Host: www.bing.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MUID=296F673E836866D21C8673D1822B6714; MUIDB=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
2024-09-03 18:37:46 UTC	1116	IN	HTTP/1.1 200 OK Content-Length: 619 Content-Type: application/json; charset=utf-8 Cache-Control: public, max-age=300 X-EventID: 66d7577ac9014363818f87a665d3b28b UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= Content-Security-Policy-Report-Only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-sXMW2RYCLzr9FGEtkTjMuRu43thiERAhft0K+Pla2L0='; base-uri 'self';report-to csp-endpoint Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Tue, 03 Sep 2024 18:37:46 GMT Connection: close Set-Cookie: SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; domain=.bing.com; expires=Sun, 28-Sep-2025 18:37:46 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.02d01702.1725388666.242d5dd5
2024-09-03 18:37:46 UTC	619	IN	Data Raw: 5b 22 77 69 6e 7a 69 70 22 2c 5b 22 77 69 6e 7a 69 70 22 2c 22 77 69 6e 7a 69 70 20 64 6f 77 6e 6c 6f 61 64 22 2c 22 77 69 6e 7a 69 70 20 37 22 2c 22 77 69 6e 7a 69 70 20 66 72 65 65 22 2c 22 77 69 6e 7a 69 70 20 75 6e 69 6e 73 74 61 6c 6c 22 2c 22 77 69 6e 7a 69 70 20 72 61 72 22 2c 22 77 69 6e 7a 69 70 20 77 69 6e 64 6f 77 73 20 31 30 22 2c 22 77 69 6e 7a 69 70 20 64 72 69 76 65 72 20 75 70 64 61 74 65 72 22 2c 22 77 69 6e 7a 69 70 20 70 72 6f 20 73 75 69 74 65 22 2c 22 77 69 6e 7a 69 70 20 6c 6f 67 69 6e 22 2c 22 77 69 6e 7a 69 70 20 75 74 69 6c 69 74 69 65 73 20 73 75 69 74 65 22 2c 22 77 69 6e 7a 69 70 20 66 72 65 65 20 64 6f 77 6e 6c 6f 61 64 20 77 69 6e 64 6f 77 73 20 31 30 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c Data Ascii: ["winzip",["winzip","winzip download","winzip 7","winzip free","winzip uninstall","winzip rar","winzip windows 10","winzip driver updater","winzip pro suite","winzip login","winzip utilities suite","winzip free download windows 10"],["","","","","","","",

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:47 UTC	870	OUT	GET /rb/6h/cir3,ortl,cc,nc/HKVHYcn2F03UYfUjEXCezjXI7xI.css?bu=MbwKtgrCCrYKpgu2CqwLtgq0C7YKuwu2CsELtgrHC7YKzQu2CtQKtgraCrYKzgq2CrYKnQu2CukKtgrvCrYK4wq2CrYK_wqCC7YKtgqaC4gLtgqOC5ELtgr2C7YK0wu2CqQM&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de; TOptOut=1
2024-09-03 18:37:47 UTC	1248	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Mon, 02 Sep 2024 01:32:32 GMT X-EventID: 66d5bf46dd7f4c4f99f13d5416499bd4 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: DUBEEAP0000E012 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=327507 Expires: Sat, 07 Sep 2024 13:36:14 GMT Date: Tue, 03 Sep 2024 18:37:47 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.37d01702.1725388667.12240255 Timing-Allow-Origin: *
2024-09-03 18:37:47 UTC	15136	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 40 6b 65 79 66 72 61 6d 65 73 20 61 6c 67 6f 50 6c 61 63 65 68 6f 6c 64 65 72 53 68 69 6d 6d 65 72 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 31 30 30 25 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 31 30 30 25 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 6f 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 3b 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a Data Ascii: 00006000@keyframes algoPlaceholderShimmer{0%{transform:translateX(-100%)}100%{transform:translateX(100%)}}@keyframes fadein{0%{opacity:0}100%{opacity:1}}@-moz-keyframes fadein{0%{opacity:0}100%{opacity:1}}@-o-keyframes fadein{0%{opacity:0;}100%{opacity:
2024-09-03 18:37:47 UTC	9452	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 5f 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 38 70 78 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 6d 65 6e 75 2d 69 74 65 6d 5f 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 38 70 78 7d 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 76 69 64 65 72 7b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 76 69 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 34 70 78 20 31 32 70 78 7d 2e 64 61 72 6b 54 68 65 6d 65 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 Data Ascii: menu-item_details{padding-left:28px}body[dir='rtl'] .contextMenu .menu-item_details{padding-right:28px}.contextMenu .divider{border:0;border-top:1px solid rgba(0,0,0,.2)}body[dir] .contextMenu .divider{padding:0;margin:4px 12px}.darkTheme .contextMenu .di
2024-09-03 18:37:47 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 74 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 33 36 70 78 20 2b 20 31 32 70 78 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 2c 62 6f 64 79 5b 64 69 72 5d 20 23 63 6f 70 69 6c 6f 74 4c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 6d 61 72 67 69 6e 3a 31 32 70 78 20 31 32 70 78 20 30 20 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 32 70 78 7d 2e 64 61 72 6b 54 68 65 6d 65 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 2c 2e 64 61 72 6b 54 68 65 6d 65 20 23 63 6f 70 69 6c 6f 74 4c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 Data Ascii: 00006000t:calc(100% - 36px + 12px);background-color:#fff;box-sizing:content-box}body[dir] #loadingScreen,body[dir] #copilotLoadingScreen{margin:12px 12px 0 12px;padding-top:12px}.darkTheme #loadingScreen,.darkTheme #copilotLoadingScreen{background-color
2024-09-03 18:37:47 UTC	8204	IN	Data Raw: 3a 6e 6f 6e 65 7d 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 74 6f 70 52 65 73 75 6c 74 54 65 6d 70 6c 61 74 65 49 6e 47 72 6f 75 70 73 20 2e 73 75 67 67 44 65 74 61 69 6c 73 43 6f 6e 74 61 69 6e 65 72 2c 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 73 75 67 67 44 65 74 61 69 6c 73 43 6f 6e 74 61 69 6e 65 72 2c 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 67 72 6f 75 70 20 2e 74 6f 70 52 65 73 75 6c 74 54 65 6d 70 6c 61 74 65 49 6e 47 72 6f 75 70 73 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 Data Ascii: :none}body[dir='ltr'] .topResults .suggestion.topResultTemplateInGroups .suggDetailsContainer,body[dir='ltr'] .topResults .suggestion.withOpenPreviewPaneBtn .suggDetailsContainer,body[dir='ltr'] .group .topResultTemplateInGroups.suggestion.withOpenPreview
2024-09-03 18:37:47 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6f 6e 2c 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 70 72 65 76 69 65 77 4f 70 65 6e 65 64 49 63 6f 6e 2c 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 49 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 65 64 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 2c 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 69 6e 67 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 Data Ascii: 00004000on,.openPreviewPaneBtn{align-items:center;justify-content:center}.openPreviewPaneBtn .previewOpenedIcon,.openPreviewPaneBtn .openPreviewIcon{display:none}.previewPaneOpened .openPreviewPaneBtn,.previewPaneOpening .openPreviewPaneBtn{display:none
2024-09-03 18:37:47 UTC	12	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3a 74 0d 0a Data Ascii: ransform:t
2024-09-03 18:37:47 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 72 61 6e 73 6c 61 74 65 28 33 30 30 25 2c 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6c 6f 61 64 2d 69 6e 66 69 6e 69 74 65 2d 62 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 31 35 30 25 2c 30 29 7d 32 34 2e 39 39 25 7b 6f 70 61 63 69 74 79 3a 30 7d 32 35 25 7b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 31 35 30 25 2c 30 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 31 36 36 2e 36 36 25 2c 30 29 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6c 6f 61 64 2d 69 6e 66 69 6e 69 74 65 2d 61 2d 72 74 6c 7b 30 25 7b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f Data Ascii: 00004000ranslate(300%,0)}}@keyframes load-infinite-b{0%{opacity:0;transform:translate(-150%,0)}24.99%{opacity:0}25%{opacity:1;transform:translate(-150%,0)}100%{transform:translate(166.66%,0);opacity:1}}@keyframes load-infinite-a-rtl{0%{opacity:1;transfo
2024-09-03 18:37:47 UTC	12	IN	Data Raw: 73 75 67 67 65 73 74 69 6f 6e 0d 0a Data Ascii: suggestion
2024-09-03 18:37:47 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2e 73 61 5f 68 76 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 3a 6e 6f 74 28 2e 66 6f 63 75 73 61 62 6c 65 29 3a 6e 6f 74 28 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 65 64 29 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 30 30 7d 23 72 6f 6f 74 2e 64 61 72 6b 54 68 65 6d 65 3a 6e 6f 74 28 2e 77 69 6e 31 31 29 3a 6e 6f 74 28 2e 66 69 6c 65 45 78 70 6c 6f 72 65 72 29 3a 6e 6f 74 28 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 29 20 2e 67 72 6f 75 70 43 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 61 62 6c 65 2e 73 75 67 67 65 73 74 69 6f 6e 3a 6e 6f 74 28 2e 66 6f 63 75 73 61 62 6c 65 29 3a 68 6f 76 Data Ascii: 00004000.sa_hv.withOpenPreviewPaneBtn:not(.focusable):not(.previewPaneOpened){background-color:rgba(0,0,0,.1);border-color:#000}#root.darkTheme:not(.win11):not(.fileExplorer):not(.zeroInput19H1) .groupContainer .selectable.suggestion:not(.focusable):hov
2024-09-03 18:37:47 UTC	12	IN	Data Raw: 74 61 29 3a 62 65 66 6f 72 65 0d 0a Data Ascii: ta):before

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:47 UTC	594	OUT	GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-03 18:37:47 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135751 X-GUploader-UploadID: AD-8ljt95Cf_eYffvRTg3kEmZ1ntCRzj1WBIJ5LSv3iPx8MiMxekuHCr1XmWUvVKM1lN307nBPo X-Goog-Hash: crc32c=IDdmTg== Server: UploadServer Date: Mon, 02 Sep 2024 19:26:09 GMT Expires: Tue, 02 Sep 2025 19:26:09 GMT Cache-Control: public, max-age=31536000 Age: 83498 Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-03 18:37:47 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.\|ws+LT>&&Pjanss9ga:SY>J:9
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z\|pQ"k<`ZT\|uKC1Yg4ewWe5
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b\|wt7nvtD<C}\|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](\|
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu\|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 Data Ascii: 4=%2n$hgffa,_@uYk\|9.Y1+x8aBP\|].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=eZkLS65mj}0"$MmDhP
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 Data Ascii: nh"\|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF\|V1lvgf&3]1g>Lc(s.u,2
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
2024-09-03 18:37:47 UTC	1390	IN	Data Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:47 UTC	483	OUT	GET /apc/trans.gif?77453ee86d773752161d0fc259c7de35 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: t-ring-s.msedge.net Connection: Keep-Alive
2024-09-03 18:37:47 UTC	314	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 18:37:47 GMT Content-Type: image/gif Content-Length: 43 Last-Modified: Wed, 28 Aug 2024 13:05:21 GMT Connection: close ETag: "66cf2091-2b" x-azure-ref: 20240903T183747Z-16579567576xfl5xzh7yws029s00000009sg00000000cp28 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-09-03 18:37:47 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:47 UTC	1178	OUT	GET /rp/A9mqfv7p4Ys0JWeD_Wr4HECl1Hk.css HTTP/1.1 Host: r.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.bing.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MUID=296F673E836866D21C8673D1822B6714; _EDGE_S=F=1&SID=1A6B8580A36667FE1D22916FA225666E&mkt=de-ch; _EDGE_V=1; USRLOC=HS=1; SRCHD=AF=WNSGPH; SRCHUID=V=2&GUID=B7EDAFD4CF51435693759398AF016438&dmnchg=1; SRCHUSR=DOB=20240903; SRCHHPGUSR=SRCHLANG=en&PV=10.0.0; _SS=SID=1A6B8580A36667FE1D22916FA225666E; CortanaAppUID=99325A50A46066F842A6B684698F464A
2024-09-03 18:37:48 UTC	895	IN	HTTP/1.1 200 OK Content-Length: 14537 Content-Type: text/css; charset=utf-8 Content-MD5: Igqh3ZD16vinm/T5as0B5w== Last-Modified: Wed, 26 Jun 2024 11:37:07 GMT ETag: 0x8DC95D44F8C5A17 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: f9fd3dec-d01e-0096-79d5-dc0d7d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * Cache-Control: public, no-transform, max-age=43584 Expires: Wed, 04 Sep 2024 06:44:11 GMT Date: Tue, 03 Sep 2024 18:37:47 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.1ad01702.1725388667.1b39030c Timing-Allow-Origin: * report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
2024-09-03 18:37:48 UTC	14537	IN	Data Raw: 2e 62 5f 73 79 64 53 74 61 6e 64 61 6c 6f 6e 65 20 23 62 5f 73 79 64 43 6f 6e 76 43 6f 6e 74 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 2e 62 5f 73 79 64 43 6f 6e 76 4d 6f 64 65 20 2e 62 5f 73 79 64 4e 65 77 45 6e 74 65 72 70 72 69 73 65 48 65 61 64 65 72 20 23 69 64 5f 72 68 2c 2e 62 5f 73 79 64 43 6f 6e 76 4d 6f 64 65 20 2e 62 5f 73 79 64 4e 65 77 45 6e 74 65 72 70 72 69 73 65 48 65 61 64 65 72 20 64 69 76 23 72 68 5f 72 77 6d 2c 2e 62 5f 73 79 64 43 6f 6e 76 4d 6f 64 65 20 2e 62 69 6e 67 63 68 61 74 65 6e 74 65 72 70 72 69 73 65 20 23 69 64 5f 72 68 2c 2e 62 5f 73 79 64 43 6f 6e 76 4d 6f 64 65 20 2e 62 69 6e 67 63 68 61 74 65 6e 74 65 72 70 72 69 73 65 20 64 69 76 23 72 68 5f 72 77 6d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e Data Ascii: .b_sydStandalone #b_sydConvCont{transform:translateY(0)}.b_sydConvMode .b_sydNewEnterpriseHeader #id_rh,.b_sydConvMode .b_sydNewEnterpriseHeader div#rh_rwm,.b_sydConvMode .bingchatenterprise #id_rh,.b_sydConvMode .bingchatenterprise div#rh_rwm{display:non

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:47 UTC	775	OUT	GET /rp/JPMwlwl2eqCiCAxwP9hi1ARiPMY.css HTTP/1.1 Host: r.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.bing.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8 Purpose: prefetch Sec-MS-GEC: 3210E5A42F77AA95A2BEAD240AA5031AA05AFA8BA3EB44794395A9D68533E4C0 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.bing.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-09-03 18:37:48 UTC	938	IN	HTTP/1.1 200 OK Content-Length: 21478 Content-Type: text/css; charset=utf-8 Content-MD5: 5qURC1045N0z4Z8Q4Kowxw== Last-Modified: Fri, 30 Aug 2024 08:09:53 GMT ETag: 0x8DCC8CB211307E3 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 0381dab3-101e-001f-7b13-fbb7a8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * Akamai-GRN: 0.7e257e68.1725046393.1ec68cc report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Cache-Control: public, no-transform, max-age=89744 Expires: Wed, 04 Sep 2024 19:33:31 GMT Date: Tue, 03 Sep 2024 18:37:47 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.1cd01702.1725388667.18c2b675 Timing-Allow-Origin: *
2024-09-03 18:37:48 UTC	15446	IN	Data Raw: 23 73 77 5f 61 73 20 2e 73 61 5f 73 67 5f 69 63 6f 6e 5f 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 20 30 20 38 70 78 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 30 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 23 73 77 5f 61 73 20 2e 73 61 5f 73 67 5f 63 6f 72 6e 65 72 5f 69 63 6f 6e 7b 68 65 69 67 68 74 3a 31 38 70 78 3b 77 69 64 74 68 3a 31 38 70 78 7d 23 73 77 5f 61 73 20 2e 73 61 5f 73 67 5f 73 65 61 72 63 68 69 63 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 22 Data Ascii: #sw_as .sa_sg_icon_area{margin:0 12px 0 8px;height:30px;min-width:30px;display:flex;justify-content:center;align-items:center}#sw_as .sa_sg_corner_icon{height:18px;width:18px}#sw_as .sa_sg_searchicon{background-image:url('data:image/svg+xml,%3Csvg xmlns="
2024-09-03 18:37:48 UTC	6032	IN	Data Raw: 30 20 33 70 78 20 33 70 78 7d 23 73 77 5f 61 73 20 2e 73 61 5f 66 64 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 31 31 31 7d 2e 62 5f 73 65 61 72 63 68 62 6f 78 46 6f 72 6d 2e 61 73 5f 72 73 66 6f 72 6d 20 23 73 77 5f 61 73 20 2e 73 61 5f 61 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 67 61 70 3a 30 20 32 30 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 2c 30 20 32 70 78 20 34 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 38 29 7d 2e 62 5f 73 65 61 72 63 68 62 6f 78 46 6f 72 6d 2e 61 73 5f 72 73 66 6f 72 6d 20 23 73 77 5f Data Ascii: 0 3px 3px}#sw_as .sa_fd:hover{text-decoration:underline;color:#111}.b_searchboxForm.as_rsform #sw_as .sa_as{display:flex !important;flex-wrap:wrap;gap:0 20px;box-shadow:0 0 0 1px rgba(0,0,0,.1),0 2px 4px 1px rgba(0,0,0,.18)}.b_searchboxForm.as_rsform #sw_

Timestamp	Bytes transferred	Direction	Data
2024-09-03 18:37:48 UTC	483	OUT	GET /apc/trans.gif?075dbd9af6fd5d2875fc46f04eb98374 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: t-ring-s.msedge.net Connection: Keep-Alive
2024-09-03 18:37:48 UTC	314	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 18:37:48 GMT Content-Type: image/gif Content-Length: 43 Last-Modified: Wed, 28 Aug 2024 17:37:29 GMT Connection: close ETag: "66cf6059-2b" x-azure-ref: 20240903T183748Z-16579567576txfkctmnqv2e9c400000009eg00000000fc9g X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-09-03 18:37:48 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;