Create Interactive Tour

Windows Analysis Report
http://gfs214n125.userstorage.mega.co.nz

Overview

General Information

Sample URL:	http://gfs214n125.userstorage.mega.co.nz
Analysis ID:	636067
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3916 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://gfs214n125.userstorage.mega.co.nz MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 3632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14628987170268143729,8769245826119934323,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -480X-BM-FirstEnabledTime: 132061340710069592X-DeviceID: 0100748C0900F045X-BM-DeviceScale: 100X-Search-TimeZone: Bias=480; StandardBias=0; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdtELABKVRi0uEZqpkvZbEYkgCvJB4SlUfBnFRmD2KbN3pYTZ28SZF3VNMC3H20cdPTEy2p%2BLxiokgGMXunV8kWIXJeaxZdAzzuLUHW9j7/E01vJTqZufRse9f0y0F2saK3S9AHyXdqq378ixTPKVxSNJGlzn785FXCK6mRKuw7k5bxtdBrCsDUE99ZyvTyb59kNDAmtTgDhxY6EFFNUrpcHigwXFU0swLaZ3p8Ur9sRSgk6V6vnhVp%2BuOSTpcLTmggVSafY8OW%2BUAy8JE1vXokpbovFsfOOvRC0mZQsNhIPLtX861igqUCu69prtGW1qPN6UT/Ie/sT4sJE5hoUEEIDZgAACH3hEDfIurMMqAFNBoRMccrdW4NegFr%2BjoQfwEgjauLdrInkR0E5mNwDLJJ4KrYiCzYHUs4vN3WDqcNDfi0ul0h0%2BVN5jMZGPZkNw1r76tQoVw76zdWNOlrCwJavDq/cb7v7hsC3p6zp2MJqFZmYjbFX5ArphKpkV19yct%2B9VDzq65T/69JvN2lwXDTpMcppJUerEIAncVj2Qd3tUof1IggbI6nCdCVtQdw%2BwwHgATyUH1V3AahlQW5kH1V/II6GXqnYGlLCmjaLoJmw7mjSFeL2LFy3kVLqEahtNEbpQypCxV4jgjkNj5zOI76CKXiz41iXZOSrb7nsMouncSMeWksuh46eWHQnc00dBa5XYuD465TvBLvilWYUtETg5XSqlNpD7VkYVtboZWTW1crzmJqlEcSvdp4Qt2tWKUFs1ymqjWhBwSOnkMtPNjh64YfB%2BVNUwSGgta/0z5oJH1MUIJgsdlVPpDkXfP0HcyZrCIK6/dZ/%2BlXIsSV6SLjCfsHYFEGJa6IljmOmuAR9gQtSRkl7rP/3uarCsqJOCuY0ZSf1l4G3q/3U%2Bf3rB7IxbJ1ViRQy1AE%3D%26p%3DX-Agent-DeviceId: 0100748C0900F045X-BM-CBT: 1646756872X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: 56B0FB09C5A844A3BFAD59583E571607X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 85683Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1653933936860&AC=1&CPH=4ef661f2

Source: unknown	HTTPS traffic detected: 20.190.159.23:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.40.129.122:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.4.86:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.5:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.5:49829 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\e768729d-e047-4baa-9d96-f04addce0452.tmp

Jump to behavior

Source: classification engine

Classification label: clean0.win@25/93@3/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://gfs214n125.userstorage.mega.co.nz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14628987170268143729,8769245826119934323,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14628987170268143729,8769245826119934323,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62950781-F4C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://gfs214n125.userstorage.mega.co.nz	1%	Virustotal		Browse
http://gfs214n125.userstorage.mega.co.nz	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe
http://gfs214n125.userstorage.mega.co.nz/	1%	Virustotal		Browse
http://gfs214n125.userstorage.mega.co.nz/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.203.109	true	false	high
gfs214n125.userstorage.mega.co.nz	185.206.27.35	true	false	unknown
clients.l.google.com	216.58.215.238	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
http://gfs214n125.userstorage.mega.co.nz/	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.2.dr	false		high
https://dns.google	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr, a3197c04-fd94-4279-96a1-2230f05c9b02.tmp.3.dr, c455b2ac-0776-433a-81b5-58b4aee1e905.tmp.3.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.2.dr, craw_background.js.2.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.2.dr	false		high
https://ogs.google.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.2.dr	false		high
https://accounts.google.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.2.dr, manifest.json.2.dr	false		high
https://clients2.googleusercontent.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://apis.google.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.2.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.2.dr, manifest.json.2.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.2.dr	false		high
https://www.google.com/	manifest.json.2.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.2.dr, craw_background.js.2.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.2.dr	false		high
https://clients2.google.com	40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.215.238	clients.l.google.com	United States	15169	GOOGLEUS	false
185.206.27.35	gfs214n125.userstorage.mega.co.nz	France	205809	MEGAFR	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1
192.168.2.5

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	636067
Start date and time: 30/05/202211:04:42	2022-05-30 11:04:42 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://gfs214n125.userstorage.mega.co.nz
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@25/93@3/7
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 23.211.6.115, 142.250.203.110, 142.250.203.99, 74.125.108.200, 34.104.35.123, 173.222.108.226, 40.125.122.176
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, r3.sn-1gi7znek.gvt1.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, arc.msn.com, r3---sn-1gi7znek.gvt1.com, e12564.dspb.akamaiedge.net, redirector.gvt1.com, edgedl.me.gvt1.com, login.live.com, store-images.s-microsoft.com, update.googleapis.com, sls.update.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825

Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.136
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.136
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.136
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.136
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.23
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.140

Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.2.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.2.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr, a3197c04-fd94-4279-96a1-2230f05c9b02.tmp.3.dr, c455b2ac-0776-433a-81b5-58b4aee1e905.tmp.3.dr	String found in binary or memory: https://dns.google
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.2.dr, craw_background.js.2.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.2.dr, manifest.json.2.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://r3---sn-1gi7znek.gvt1.com
Source: 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.2.dr, manifest.json.2.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.2.dr, craw_background.js.2.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.2.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.2.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.2.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.2.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.2.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.2.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr, craw_window.js.2.dr, craw_background.js.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.2.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.2.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.2.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.2.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.2.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 40cb172e-06b7-463f-9689-4363ab076ab4.tmp.3.dr, 559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp.3.dr	String found in binary or memory: https://www.gstatic.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 30, 2022 11:05:45.308998108 CEST	443	49728	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.309108973 CEST	443	49728	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.309114933 CEST	49728	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.309308052 CEST	49728	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.310251951 CEST	49728	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.310277939 CEST	443	49728	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.349142075 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.349175930 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.349194050 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.349322081 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.349355936 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.349390030 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.349448919 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.393203974 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.393235922 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.393300056 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.393405914 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.393433094 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.393500090 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.393533945 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.438849926 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.438951015 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.439057112 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.439090014 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.439675093 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.439704895 CEST	443	49729	20.82.210.154	192.168.2.5
May 30, 2022 11:05:45.439749002 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:45.439778090 CEST	49729	443	192.168.2.5	20.82.210.154
May 30, 2022 11:05:47.499926090 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.499993086 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.500147104 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.500479937 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.500504017 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.585688114 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.585813999 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.586663961 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.586672068 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588046074 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588052034 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588109970 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588120937 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588129044 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588135004 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588192940 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588205099 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588215113 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588219881 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588228941 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588233948 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.588284016 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588304043 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.588337898 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.713392019 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.713504076 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:47.713524103 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.713607073 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.714726925 CEST	49730	443	192.168.2.5	131.253.33.200
May 30, 2022 11:05:47.714742899 CEST	443	49730	131.253.33.200	192.168.2.5
May 30, 2022 11:05:56.312886000 CEST	49757	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.312939882 CEST	443	49757	20.190.159.134	192.168.2.5
May 30, 2022 11:05:56.313071012 CEST	49757	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.313684940 CEST	49758	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.313728094 CEST	443	49758	20.190.159.134	192.168.2.5
May 30, 2022 11:05:56.313808918 CEST	49758	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.482666969 CEST	49757	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.482711077 CEST	443	49757	20.190.159.134	192.168.2.5
May 30, 2022 11:05:56.505034924 CEST	49758	443	192.168.2.5	20.190.159.134
May 30, 2022 11:05:56.505085945 CEST	443	49758	20.190.159.134	192.168.2.5
May 30, 2022 11:05:56.961455107 CEST	49759	443	192.168.2.5	20.190.159.136
May 30, 2022 11:05:56.961522102 CEST	443	49759	20.190.159.136	192.168.2.5
May 30, 2022 11:05:56.961641073 CEST	49759	443	192.168.2.5	20.190.159.136
May 30, 2022 11:05:56.962007046 CEST	49759	443	192.168.2.5	20.190.159.136
May 30, 2022 11:05:56.962027073 CEST	443	49759	20.190.159.136	192.168.2.5
May 30, 2022 11:05:57.122534990 CEST	49761	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.123514891 CEST	49762	443	192.168.2.5	142.250.203.109
May 30, 2022 11:05:57.123573065 CEST	443	49762	142.250.203.109	192.168.2.5
May 30, 2022 11:05:57.123653889 CEST	49762	443	192.168.2.5	142.250.203.109
May 30, 2022 11:05:57.124715090 CEST	49763	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:57.124744892 CEST	443	49763	216.58.215.238	192.168.2.5
May 30, 2022 11:05:57.124835968 CEST	49763	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:57.125349045 CEST	49764	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.128305912 CEST	49762	443	192.168.2.5	142.250.203.109
May 30, 2022 11:05:57.128350019 CEST	443	49762	142.250.203.109	192.168.2.5
May 30, 2022 11:05:57.128681898 CEST	49763	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:57.128699064 CEST	443	49763	216.58.215.238	192.168.2.5
May 30, 2022 11:05:57.153884888 CEST	80	49761	185.206.27.35	192.168.2.5
May 30, 2022 11:05:57.154009104 CEST	49761	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.154839039 CEST	49761	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.157943964 CEST	80	49764	185.206.27.35	192.168.2.5
May 30, 2022 11:05:57.158103943 CEST	49764	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.185288906 CEST	443	49762	142.250.203.109	192.168.2.5
May 30, 2022 11:05:57.185858011 CEST	49762	443	192.168.2.5	142.250.203.109
May 30, 2022 11:05:57.185914040 CEST	443	49762	142.250.203.109	192.168.2.5
May 30, 2022 11:05:57.186065912 CEST	80	49761	185.206.27.35	192.168.2.5
May 30, 2022 11:05:57.186100960 CEST	80	49761	185.206.27.35	192.168.2.5
May 30, 2022 11:05:57.186121941 CEST	80	49761	185.206.27.35	192.168.2.5
May 30, 2022 11:05:57.186175108 CEST	49761	80	192.168.2.5	185.206.27.35
May 30, 2022 11:05:57.186959982 CEST	443	49762	142.250.203.109	192.168.2.5
May 30, 2022 11:05:57.187062979 CEST	49762	443	192.168.2.5	142.250.203.109
May 30, 2022 11:05:57.187777996 CEST	443	49763	216.58.215.238	192.168.2.5

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 30, 2022 11:05:45.630889893 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:46.396594048 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:56.820276022 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:56.821069956 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:57.074206114 CEST	62704	53	192.168.2.5	8.8.8.8
May 30, 2022 11:05:57.075967073 CEST	53934	53	192.168.2.5	8.8.8.8
May 30, 2022 11:05:57.084155083 CEST	63712	53	192.168.2.5	8.8.8.8
May 30, 2022 11:05:57.095722914 CEST	53	53934	8.8.8.8	192.168.2.5
May 30, 2022 11:05:57.101845980 CEST	53	62704	8.8.8.8	192.168.2.5
May 30, 2022 11:05:57.111654997 CEST	53	63712	8.8.8.8	192.168.2.5
May 30, 2022 11:05:57.144619942 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:57.570733070 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:57.573642015 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:57.895742893 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:58.321579933 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:58.328608990 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:58.649070978 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:05:59.487829924 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.516803980 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.517328978 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.545277119 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.545332909 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.545356035 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.545378923 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.545711994 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.546806097 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.601128101 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.601533890 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.642579079 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.643801928 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.645159006 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.658724070 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.658771992 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.658801079 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.660309076 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:05:59.708530903 CEST	443	62931	216.58.215.238	192.168.2.5
May 30, 2022 11:05:59.711869955 CEST	62931	443	192.168.2.5	216.58.215.238
May 30, 2022 11:06:01.750256062 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:01.752580881 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:01.754575968 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:02.496260881 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:02.498915911 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:02.498940945 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:03.261934996 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:03.262002945 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:03.262007952 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:05.084216118 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:05.339412928 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:05.840301991 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:06.090286016 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:06.265475035 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:06.606014013 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:06.856002092 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:07.028023958 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:07.777985096 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:55.693902016 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:56.440716982 CEST	137	137	192.168.2.5	192.168.2.255
May 30, 2022 11:06:57.191045046 CEST	137	137	192.168.2.5	192.168.2.255

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:42 UTC	0	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: -480 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=480; StandardBias=0; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdtELABKVRi0uEZqpkvZbEYkgCvJB4SlUfBnFRmD2KbN3pYTZ28SZF3VNMC3H20cdPTEy2p%2BLxiokgGMXunV8kWIXJeaxZdAzzuLUHW9j7/E01vJTqZufRse9f0y0F2saK3S9AHyXdqq378ixTPKVxSNJGlzn785FXCK6mRKuw7k5bxtdBrCsDUE99ZyvTyb59kNDAmtTgDhxY6EFFNUrpcHigwXFU0swLaZ3p8Ur9sRSgk6V6vnhVp%2BuOSTpcLTmggVSafY8OW%2BUAy8JE1vXokpbovFsfOOvRC0mZQsNhIPLtX861igqUCu69prtGW1qPN6UT/Ie/sT4sJE5hoUEEIDZgAACH3hEDfIurMMqAFNBoRMccrdW4NegFr%2BjoQfwEgjauLdrInkR0E5mNwDLJJ4KrYiCzYHUs4vN3WDqcNDfi0ul0h0%2BVN5jMZGPZkNw1r76tQoVw76zdWNOlrCwJavDq/cb7v7hsC3p6zp2MJqFZmYjbFX5ArphKpkV19yct%2B9VDzq65T/69JvN2lwXDTpMcppJUerEIAncVj2Qd3tUof1IggbI6nCdCVtQdw%2BwwHgATyUH1V3AahlQW5kH1V/II6GXqnYGlLCmjaLoJmw7mjSFeL2LFy3kVLqEahtNEbpQypCxV4jgjkNj5zOI76CKXiz41iXZOSrb7nsMouncSMeWksuh46eWHQnc00dBa5XYuD465TvBLvilWYUtETg5XSqlNpD7VkYVtboZWTW1crzmJqlEcSvdp4Qt2tWKUFs1ymqjWhBwSOnkMtPNjh64YfB%2BVNUwSGgta/0z5oJH1MUIJgsdlVPpDkXfP0HcyZrCIK6/dZ/%2BlXIsSV6SLjCfsHYFEGJa6IljmOmuAR9gQtSRkl7rP/3uarCsqJOCuY0ZSf1l4G3q/3U%2Bf3rB7IxbJ1ViRQy1AE%3D%26p%3D X-Agent-DeviceId: 0100748C0900F045 X-BM-CBT: 1646756872 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: 56B0FB09C5A844A3BFAD59583E571607 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 85683 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1653933936860&AC=1&CPH=4ef661f2
2022-05-30 09:05:42 UTC	2	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>C0409E84C7EC4D16A2CDDA4805E2D3C4</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2022-05-30 09:05:42 UTC	18	OUT	Data Raw: 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 65 73 63 72 65 65 6e 2c 72 73 31 6d 75 73 69 63 70 72 6f 64 2c 43 6f 72 74 61 6e 61 53 50 41 58 61 6d 6c 48 65 61 64 65 72 22 2c 22 65 72 72 6f 72 54 79 70 65 22 3a 22 53 65 6e 64 54 69 6d 65 64 4f 75 74 22 2c 22 66 61 69 6c 43 6f 75 6e 74 22 3a 31 2c 22 54 53 22 3a 31 35 36 31 36 36 30 35 33 36 35 39 31 2c 22 52 54 53 22 3a 36 35 33 32 39 2c 22 53 45 51 22 3a 32 31 2c 22 55 54 53 22 3a 31 36 35 33 39 33 33 39 34 31 38 38 36 7d 5d 5d 3e 3c 2f 44 3e 3c 54 53 3e 31 35 36 31 36 36 30 35 33 36 35 39 31 3c 2f 54 53 3e 3c 2f 45 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 49 51 75 65 75 65 45 72 72 6f 72 3c 2f 54 3e 3c 49 47 3e 34 35 38 32 38 37 35 61 63 64 65 34 34 34 61 34 38 35 61 61 63 63 34 31 30 33 Data Ascii: pdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader","errorType":"SendTimedOut","failCount":1,"TS":1561660536591,"RTS":65329,"SEQ":21,"UTS":1653933941886}...</D><TS>1561660536591</TS></E><E><T>Event.CIQueueError</T><IG>4582875acde444a485aacc4103
2022-05-30 09:05:42 UTC	34	OUT	Data Raw: 2d 34 46 43 39 2d 38 42 41 30 2d 45 33 34 42 38 44 36 33 35 34 45 38 7d 22 2c 22 49 73 54 6f 75 63 68 22 3a 22 66 61 6c 73 65 22 2c 22 4f 53 53 4b 55 22 3a 22 34 38 22 2c 22 41 70 70 4c 69 66 65 74 69 6d 65 49 44 22 3a 22 33 37 37 36 42 43 34 41 35 45 37 43 34 30 33 32 42 41 45 44 36 41 39 37 42 42 42 38 35 38 31 37 22 2c 22 43 6f 72 74 61 6e 61 4f 70 74 49 6e 22 3a 22 74 72 75 65 22 2c 22 43 6f 72 74 61 6e 61 43 61 70 61 62 69 6c 69 74 69 65 73 22 3a 22 43 6f 72 74 61 6e 61 45 78 70 65 72 69 65 6e 63 65 2c 53 70 65 65 63 68 4c 61 6e 67 75 61 67 65 22 2c 22 49 6d 70 72 65 73 73 69 6f 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 51 46 5f 4b 45 59 53 54 52 4f 4b 45 5f 56 49 52 54 55 41 4c 5f 55 52 4c 3f 71 72 79 3d 64 Data Ascii: -4FC9-8BA0-E34B8D6354E8}","IsTouch":"false","OSSKU":"48","AppLifetimeID":"3776BC4A5E7C4032BAED6A97BBB85817","CortanaOptIn":"true","CortanaCapabilities":"CortanaExperience,SpeechLanguage","ImpressionUrl":"https://www.bing.com/QF_KEYSTROKE_VIRTUAL_URL?qry=d
2022-05-30 09:05:42 UTC	50	OUT	Data Raw: 32 36 39 22 3a 33 31 32 32 2c 22 32 37 30 22 3a 33 31 32 32 2c 22 32 38 34 22 3a 31 35 2c 22 32 39 36 22 3a 31 7d 2c 22 66 62 63 53 63 6f 72 65 22 3a 30 2e 35 37 34 36 33 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 32 2c 22 51 22 3a 22 53 79 73 74 65 6d 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 22 2c 22 4d 51 22 3a 22 69 6e 66 6f 72 6d 61 74 69 6f 6e 22 2c 22 56 61 6c 22 3a 22 50 50 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 30 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 31 33 35 30 37 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 7b 31 41 43 31 34 45 37 37 2d 30 32 45 37 2d 34 45 35 44 2d 42 37 34 34 2d 32 45 42 31 41 45 35 31 39 38 42 37 7d 5c Data Ascii: 269":3122,"270":3122,"284":15,"296":1},"fbcScore":0.57463}},{"T":"D.Url","K":1002,"Q":"System Information","MQ":"information","Val":"PP","Ho":2,"Gr":0,"DeviceSignals":{"Rank":13507,"PHits":"System.ParsingName","Id":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\
2022-05-30 09:05:42 UTC	66	OUT	Data Raw: 30 31 2c 22 38 22 3a 31 2c 22 31 30 22 3a 35 2c 22 31 36 22 3a 32 31 33 38 35 2c 22 31 39 22 3a 31 2c 22 34 32 22 3a 31 2c 22 36 34 22 3a 31 2c 22 31 33 34 22 3a 36 32 2c 22 31 33 35 22 3a 36 2e 32 2c 22 31 33 37 22 3a 36 37 2c 22 31 35 37 22 3a 31 2c 22 31 35 38 22 3a 31 31 36 39 32 2c 22 31 35 39 22 3a 39 36 39 32 2c 22 32 36 34 22 3a 31 2c 22 32 36 39 22 3a 39 36 39 32 2c 22 32 37 30 22 3a 39 36 39 32 2c 22 32 38 34 22 3a 36 32 2c 22 32 39 36 22 3a 31 7d 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 32 2c 22 51 22 3a 22 49 6e 74 65 72 61 63 74 20 6d 6f 72 65 20 65 61 73 69 6c 79 20 77 69 74 68 20 74 68 65 20 6b 65 79 62 6f 61 72 64 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 Data Ascii: 01,"8":1,"10":5,"16":21385,"19":1,"42":1,"64":1,"134":62,"135":6.2,"137":67,"157":1,"158":11692,"159":9692,"264":1,"269":9692,"270":9692,"284":62,"296":1}}},{"T":"D.Url","K":1002,"Q":"Interact more easily with the keyboard","Val":"ST","Ho":2,"Gr":1,"Devic
2022-05-30 09:05:42 UTC	82	OUT	Data Raw: 32 37 30 22 3a 37 37 38 33 2c 22 32 38 34 22 3a 33 32 2c 22 32 39 36 22 3a 31 7d 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 37 2c 22 51 22 3a 22 43 68 61 6e 67 65 20 79 6f 75 72 20 68 6f 6d 65 70 61 67 65 22 2c 22 4d 51 22 3a 22 69 6e 74 65 72 6e 65 74 20 65 78 70 6c 6f 72 65 72 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 31 33 39 35 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 43 6c 61 73 73 69 63 5f 7b 42 41 42 42 32 34 41 36 2d 30 32 34 32 2d 34 41 45 35 2d 42 44 38 33 2d 43 35 38 31 36 35 32 36 46 36 33 44 7d 22 2c 22 44 4e 61 6d 65 22 3a 22 43 68 61 6e 67 Data Ascii: 270":7783,"284":32,"296":1}}},{"T":"D.Url","K":1007,"Q":"Change your homepage","MQ":"internet explorer","Val":"ST","Ho":2,"Gr":1,"DeviceSignals":{"Rank":1395,"PHits":"System.ParsingName","Id":"Classic_{BABB24A6-0242-4AE5-BD83-C5816526F63D}","DName":"Chang
2022-05-30 09:05:42 UTC	86	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: C9F04BCFFFE34211A0279907A2F488C2 Ref B: VIEEDGE2809 Ref C: 2022-05-30T09:05:42Z Date: Mon, 30 May 2022 09:05:41 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:45 UTC	86	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220308T162905Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=d5cb2190cdcb48f5b142d01a3f2f311d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1418274&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1418274&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6 Cache-Control: no-cache MS-CV: GDgnYUGRXkOhGS9+.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-30 09:05:45 UTC	88	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 167 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"OPTOUTSTATE":"256"}] X-ARC-SIG: m2hw5wITl1CjhjFuONBHYVK6iPMGe5Oexm0TUQeSdmDcpjgksOlPPECja5bBchIoS4MddvPi6482Nqr+bDh6yIhKpq2QDwJbKL3qsoy8/N91/tihvf4OIqLoVLR/YQFIB7H57usfRTCEgQHFi7Wr3+xrez8p/WM6HRkqAl0V/Sj8u+yw/X5Epzj5gu0YBLRuv5QRE4pG2LzIaEiZw29/98Go8PmvYr21gXpHfuVWV0o+4djKNDNJxW25/2kPqGbmdLvACuVuYZnwggo3IwqHa/ZhpA5tpGSHIwfUcBZ8trqa1L90JmmPtVdJgfCO6hadCLe3pgpd94zjzL7BO4WTyw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 30 May 2022 09:05:44 GMT Connection: close
2022-05-30 09:05:45 UTC	89	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 2c 22 72 65 66 72 65 73 68 74 69 6d 65 22 3a 22 32 30 32 32 2d 30 35 2d 33 30 54 31 33 3a 30 35 3a 34 35 22 7d 7d Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}],"refreshtime":"2022-05-30T13:05:45"}}

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:27 UTC	258	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 18.10.0.17134.0.0; IDCRL-cfg 16.000.29340.5; App svchost.exe, 10.0.17134.1, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4796 Host: login.live.com
2022-05-30 09:06:27 UTC	259	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2022-05-30 09:06:27 UTC	296	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 30 May 2022 09:05:27 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: R3_BL2 x-ms-request-id: f706b3b5-30eb-4415-9327-e16fc74805b6 PPServer: PPV: 30 H: BL02PFD186A09E5 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 30 May 2022 09:06:27 GMT Connection: close Content-Length: 11093
2022-05-30 09:06:27 UTC	297	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:27 UTC	319	OUT	GET /proactive/v2/spark?cc=US&setLang=en-US HTTP/1.1 X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-Device-IsBatteryCertified: false X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-Device-IsBatteryEnabled: false X-Device-NetworkType: ethernet X-BM-DTZ: -420 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-VoiceActivationOn: false X-Device-AudioCapture: Microphone (High Definition Audio Device) X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDgAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAActggyinXwoPm6ezoZs3atOuqdT0Ty5f1ON9AVBbfGg%2BtZCjYHavyXaq2FVxoR57HiZgM9PS9zv6mWn1hDtnNmwJr6EzCIEZsTSNHTShMlCG26rL1wti8Nc%2BFPpVLbzXM5Gx8bUd8nY7oce3tqoQhosoU2vByoHdNosqvGj3v9eo9Q8V7NwU6vUjYilOM8Z5T1AnR5R63OIyhnP484k/Mi%2B8DJOL4BZ2ZpJWlIKL3H%2BP/8d7a4YjdeqeIa9Qwh6NJxVxPNnlVMRzgtrrPdrjaVGpcIKqwLQdgwNT%2BV9%2B7SWK81gwW4B0n2fZMnhr9V4XHiMV8ElMYqJYsMjJjzWburEDZgAACJdg3yRQBb1VsAEtfm0mflpkmVGKV4IvWqE3I/H7FjA3rOvPF6VP9kjQjX5utC2cpTXES5ywq1%2BQ14PEXddUOkLESuXrPmkAvOGV0FOkeG6vQElOeryel9hfW8ks0cn2Sql3KJ5mkUIxWNLmI%2BphXovQXjY4O4Z///2kZgyj55/kSLCNtYMDBF7CmTRkub0Zy1EC/mWZXuYJR3VXRGCJNsqQLoOh5RVEmaRfm99mGumkDzjkOBrcQub/TnFM5kJuIGPS0eO5gt3EFP%2BFIKeJluJoYlmlUifpm75dVJc9YjbTJmFXmC/FL/K7%2BCC324Xdrz5hFGn/cecoHQD3LW7Wd1wCKTVuYumCQZI5iqOaOBrbQgNH6oOjEsw8DBr3XgqzTmePQpaHYf64PGKMgtoIjOBK6ZqOaO75KwZUGrvvI8HFHfqGO%2BdCYXA/4qvaQsYA//KjulanDtcHEeDuzsU6vfo1EpGtykSDZ4ymDEBq0EZ2Nj7Qa%2BS77x5xkgJEzdvQLhVrXv%2BaKuMv7w64RxawXDihT7rjbjz90ypoDvvKgnVcpiGb09ta%2BM2L0wsvCi2w1cYMARHiV/mVO67aAQ%3D%3D%26p%3D X-Agent-DeviceId: 0100748C0900F045 X-BM-CBT: 1653933935 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 X-Device-isOptin: true Accept-language: en-US, en X-Device-IsEnergyHero: false X-Device-Touch: false X-Device-ClientSession: 1FC1FF0B27EF4B57A2D812274DC1A264 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Host: www.bing.com Connection: Keep-Alive Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3
2022-05-30 09:06:28 UTC	327	IN	HTTP/1.1 200 OK Cache-Control: no-store, must-revalidate, no-cache Pragma: no-cache Content-Length: 311 Content-Type: application/json; charset=utf-8 Expires: -1 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: SUID=M; domain=.bing.com; expires=Tue, 31-May-2022 09:06:28 GMT; path=/; HttpOnly Set-Cookie: MUIDB=0BA1234E3B2140EBA8746E9F98F8CAA3; expires=Sat, 24-Jun-2023 09:06:28 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=SID=0D63AA0CC7E063132181BBB8C60762EC&mkt=en-us&ui=en-us; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHUID=V=2&GUID=F0FB1BD13A3B4F1EBDC23EFA628E23A1&dmnchg=1; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHUSR=DOB=20220530; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: ANON=A=15AE84B7D111BBFC03D30025FFFFFFFF; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/ Set-Cookie: _SS=SID=0D63AA0CC7E063132181BBB8C60762EC; domain=.bing.com; path=/ Set-Cookie: BM-Identity-Error=3002; domain=.bing.com; expires=Mon, 30-May-2022 09:11:28 GMT; path=/ X-SNR-Routing: 1 X-XSS-Protection: 0 X-Search-ErrorInfo: Error:3002,Message:'FB ID missing' X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 452229D82FE941B8B73FAF81EDDEDC46 Ref B: VIEEDGE3207 Ref C: 2022-05-30T09:06:28Z Date: Mon, 30 May 2022 09:06:27 GMT Connection: close
2022-05-30 09:06:28 UTC	329	IN	Data Raw: 7b 22 42 61 73 65 50 61 67 65 22 3a 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 7d 2c 22 41 6e 73 77 65 72 73 22 3a 5b 5d 2c 22 43 6f 6e 66 69 67 22 3a 7b 22 50 72 65 66 65 74 63 68 49 6e 74 65 72 76 61 6c 22 3a 37 32 30 2c 22 42 61 Data Ascii: {"BasePage":{"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}}},"Answers":[],"Config":{"PrefetchInterval":720,"Ba

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:27 UTC	321	OUT	GET /client/config?cc=US&setlang=en-US HTTP/1.1 X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: -420 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDgAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAActggyinXwoPm6ezoZs3atOuqdT0Ty5f1ON9AVBbfGg%2BtZCjYHavyXaq2FVxoR57HiZgM9PS9zv6mWn1hDtnNmwJr6EzCIEZsTSNHTShMlCG26rL1wti8Nc%2BFPpVLbzXM5Gx8bUd8nY7oce3tqoQhosoU2vByoHdNosqvGj3v9eo9Q8V7NwU6vUjYilOM8Z5T1AnR5R63OIyhnP484k/Mi%2B8DJOL4BZ2ZpJWlIKL3H%2BP/8d7a4YjdeqeIa9Qwh6NJxVxPNnlVMRzgtrrPdrjaVGpcIKqwLQdgwNT%2BV9%2B7SWK81gwW4B0n2fZMnhr9V4XHiMV8ElMYqJYsMjJjzWburEDZgAACJdg3yRQBb1VsAEtfm0mflpkmVGKV4IvWqE3I/H7FjA3rOvPF6VP9kjQjX5utC2cpTXES5ywq1%2BQ14PEXddUOkLESuXrPmkAvOGV0FOkeG6vQElOeryel9hfW8ks0cn2Sql3KJ5mkUIxWNLmI%2BphXovQXjY4O4Z///2kZgyj55/kSLCNtYMDBF7CmTRkub0Zy1EC/mWZXuYJR3VXRGCJNsqQLoOh5RVEmaRfm99mGumkDzjkOBrcQub/TnFM5kJuIGPS0eO5gt3EFP%2BFIKeJluJoYlmlUifpm75dVJc9YjbTJmFXmC/FL/K7%2BCC324Xdrz5hFGn/cecoHQD3LW7Wd1wCKTVuYumCQZI5iqOaOBrbQgNH6oOjEsw8DBr3XgqzTmePQpaHYf64PGKMgtoIjOBK6ZqOaO75KwZUGrvvI8HFHfqGO%2BdCYXA/4qvaQsYA//KjulanDtcHEeDuzsU6vfo1EpGtykSDZ4ymDEBq0EZ2Nj7Qa%2BS77x5xkgJEzdvQLhVrXv%2BaKuMv7w64RxawXDihT7rjbjz90ypoDvvKgnVcpiGb09ta%2BM2L0wsvCi2w1cYMARHiV/mVO67aAQ%3D%3D%26p%3D X-Agent-DeviceId: 0100748C0900F045 X-BM-CBT: 1653933935 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 X-Device-isOptin: true Accept-language: en-US, en X-Device-Touch: false X-Device-ClientSession: 1FC1FF0B27EF4B57A2D812274DC1A264 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Host: www.bing.com Connection: Keep-Alive Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3
2022-05-30 09:06:28 UTC	323	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 2041 Content-Type: application/json; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: SUID=M; domain=.bing.com; expires=Tue, 31-May-2022 09:06:28 GMT; path=/; HttpOnly Set-Cookie: MUIDB=0BA1234E3B2140EBA8746E9F98F8CAA3; expires=Sat, 24-Jun-2023 09:06:28 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=SID=1A86C4DABE6B604C16A9D56EBF8C61B0&mkt=en-us&ui=en-us; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHUID=V=2&GUID=08A9E608A07340288996EE366B2F540A&dmnchg=1; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHUSR=DOB=20220530; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: ANON=A=15AE84B7D111BBFC03D30025FFFFFFFF; domain=.bing.com; expires=Thu, 30-May-2024 09:06:28 GMT; path=/ Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/ Set-Cookie: _SS=SID=1A86C4DABE6B604C16A9D56EBF8C61B0; domain=.bing.com; path=/ X-SNR-Routing: 1 X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1F7EB69E179B43538772AC4548B2D9B6 Ref B: VIEEDGE3221 Ref C: 2022-05-30T09:06:28Z Date: Mon, 30 May 2022 09:06:28 GMT Connection: close
2022-05-30 09:06:28 UTC	325	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7522010744135548
Encrypted:	false
SSDEEP:	384:RTzwYSF3+xCUVdfkPNorRvkQ3bo+/HaXGfSrNS4yx7mWOprlAmR9vhCIcEfOau8p:FuiVZ6mgjke3+0WkvHOsKackZb
MD5:	677A1D780428306DF6707047AE10A64B
SHA1:	30D03707FF841632C26AD7E4F8F4381B1487C491
SHA-256:	0DD68C3D1479554EA2192C7F2A714C221D572F086B0906818918AA1EBA7F65F6
SHA-512:	59DCF4B12EDAC8F584C1782FB2754BBCFACC772B64EB216A8656A79174073C88AF187C085D92C6CE6099F00C1B2DFD9341D98B639BDB116529E3ADE28D407B85
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.751843712239229
Encrypted:	false
SSDEEP:	384:/TzwYSF3aCtkPNorRvkQ3bo+/HaXGfSrNS4yx7mWOprlAmRmhCIcEfOau8NF1IhS:JiVZ6mLjke3+0WkvHOsKackZv
MD5:	873038C8B927E6A28880136AF2E6872F
SHA1:	1B2D7F8903625F0859FB55ACAC2ECB2CA91B196D
SHA-256:	F9553373B1D4D81E38E2B59A6C773D3215DA2BB0B927E5C85376553FABE8EEA0
SHA-512:	BB29F205B1DD1D55790B50D32B9EAEE5D35D492DAE998188153B34628AF20D260E9CCA0BF7B240EF86F43FBB176A5C1AD9C4E801E02D044A0AEE5513410F2367
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:28 UTC	329	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 35 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 65 30 37 65 39 66 34 63 38 61 65 65 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 245Context: bce07e9f4c8aee2
2022-05-30 09:06:28 UTC	329	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:28 UTC	329	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 35 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 65 30 37 65 39 66 34 63 38 61 65 65 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 31 Data Ascii: ATH 2 CON\DEVICE 1025Context: bce07e9f4c8aee2<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc1
2022-05-30 09:06:28 UTC	330	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 38 20 31 36 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 63 65 30 37 65 39 66 34 63 38 61 65 65 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 1044478 169Context: bce07e9f4c8aee2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2022-05-30 09:06:28 UTC	330	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:28 UTC	330	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 61 36 6a 6c 35 64 63 31 55 61 6e 4e 71 73 41 5a 50 6b 6f 6a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Ua6jl5dc1UanNqsAZPkojw.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:30 UTC	342	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2022-05-30 09:06:30 UTC	343	IN	HTTP/1.1 200 OK Content-Length: 55 Content-Type: application/octet-stream Last-Modified: Thu, 20 Apr 2017 16:10:39 GMT Accept-Ranges: bytes ETag: "f9c874a7f0b9d21:0" Server: Microsoft-IIS/10.0 Content-Disposition: attachment; filename=config.json X-Powered-By: ASP.NET Cache-Control: public, max-age=157727 Date: Mon, 30 May 2022 09:06:30 GMT Connection: close X-CID: 2

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:30 UTC	343	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMT User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2022-05-30 09:06:31 UTC	343	IN	HTTP/1.1 200 OK Last-Modified: Thu, 20 Apr 2017 16:10:39 GMT ETag: "f9c874a7f0b9d21:0" Content-Type: application/octet-stream Accept-Ranges: bytes Server: Microsoft-IIS/7.5 Content-Disposition: attachment; filename=config.json X-Powered-By: ASP.NET Content-Length: 55 Cache-Control: public, max-age=182614 Date: Mon, 30 May 2022 09:06:31 GMT Connection: close X-CID: 2
2022-05-30 09:06:31 UTC	344	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:32 UTC	344	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 33 63 39 30 31 63 37 36 63 62 30 35 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: 8cc3c901c76cb05c
2022-05-30 09:06:32 UTC	344	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:32 UTC	344	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 33 63 39 30 31 63 37 36 63 62 30 35 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: 8cc3c901c76cb05c<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:06:32 UTC	345	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 38 20 31 37 30 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 33 63 39 30 31 63 37 36 63 62 30 35 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 1044478 170Context: 8cc3c901c76cb05c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2022-05-30 09:06:32 UTC	345	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:32 UTC	345	IN	Data Raw: 4d 53 2d 43 56 3a 20 4b 6c 79 6b 33 78 33 58 62 30 53 62 41 51 61 43 4a 76 67 48 57 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Klyk3x3Xb0SbAQaCJvgHWQ.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:36 UTC	345	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 30 36 35 64 32 33 38 63 31 33 61 62 31 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: 33065d238c13ab12
2022-05-30 09:06:36 UTC	345	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:36 UTC	345	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 30 36 35 64 32 33 38 63 31 33 61 62 31 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: 33065d238c13ab12<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:06:36 UTC	346	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 30 36 35 64 32 33 38 63 31 33 61 62 31 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: 33065d238c13ab12
2022-05-30 09:06:36 UTC	347	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:36 UTC	347	IN	Data Raw: 4d 53 2d 43 56 3a 20 42 6e 48 41 4b 37 6b 68 54 55 61 68 52 33 78 7a 6c 73 4b 43 30 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: BnHAK7khTUahR3xzlsKC0Q.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:40 UTC	347	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 66 35 61 66 34 65 37 64 61 30 62 34 33 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: c9f5af4e7da0b43c
2022-05-30 09:06:40 UTC	347	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:40 UTC	347	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 66 35 61 66 34 65 37 64 61 30 62 34 33 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: c9f5af4e7da0b43c<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:06:40 UTC	348	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 66 35 61 66 34 65 37 64 61 30 62 34 33 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: c9f5af4e7da0b43c
2022-05-30 09:06:40 UTC	348	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:40 UTC	348	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 49 76 62 32 56 38 6b 37 55 4f 4d 36 2f 4f 53 61 31 78 2f 74 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 3Ivb2V8k7UOM6/OSa1x/tA.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:40 UTC	348	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220530T180640Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=1f3f7b2daad748c0b9cc6fa80c8c314b&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1537891&metered=false&nettype=ethernet&npid=sc-338387&oemName=oqioic%2C%20Inc.&oemid=oqioic%2C%20Inc.&ossku=Professional&rver=2&sc-mode=0&smBiosDm=oqioic7%2C1&tl=2&tsu=1537891&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6 X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcr8HwWYYADnl98O80BI+Dg5z75K5E0YhVFNqvOZAlN+AM2HpYNpN7wxAwabtcdzC+Pbvh0gogIzKDNzI/QOlMyynRbyq+PN9WzPh1rZcKoiwrbH484+yBH/e8/maBey1TCulvwXxMhdCA3SJC/rl9gN9ZQAiBOn752gdRif41Ie8Ycje0lmuc36+/LFb06FtPbDpZgNzDap3n2ffDddfiu3GhqsHHo0aZeVvlx/q5Mj39vZkVDigB1NpbFA6xVkkfP9qEiFRIkWGZd0XAUumMJXWqpDsMZVD4Jmv6EF+V+XLab9dG8/jjUjMiUKF1SHadh215McslP8JamqUjEirhUDZgAACAaf3wBcQ3rHsAHH+Gqb377xjn16+Ku3U30r9X9dP4/MkE3mnL2KN/l4GtICHv+MIQQoR8yr3h7CW5qrTYm+9jfXSkT7asiay5WuR1h6c3PYxH3aN4l12e80I9h/5ftQV3CAlfzrlc1UKmNffGlfDYa8tEfUc6vRXiwOYBiDD4WycD6rof1XEg0xF0T2A2KLaJ4m7aCgAH6bF8ZnL8QdkzcC87HIT3zU3lp1DRvi7XF4Au+NuF94a2cJZkGEexeWXPqt8BzKzCBpVZkbuRcmjQBv5MA3vM/E4EKl4cYvnC/sKNcavFQBsKFE61WupFO3lUSBqHImqx/MJ9rws/0ivSPY4uENn9OIEqsjusNbT3VyWvV1f5X3EoFcXAenwR6z1zx/reT5p43FTZtrracwACFl5S3Uk2QJ7HZxq1pvbVEsOlN9LK5gnVvZWCi5cKm9YxFwK24a5xd1SWJaOxMYVhb3hTywJsIlmWXfA8tJTbUPS1gKqAQvJFSQDdPb5D0vWhs/vWg73lp948xlUHm9TzwB1KMdgTyc4qUcBN+lMifdC9SIfPtHKqdR1QpZPZZg/R33h2EDAOIQRhHaAQ==&p= Cache-Control: no-cache MS-CV: 3Kf5DvDHekuxQHM+.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-30 09:06:41 UTC	350	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 24403 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"3,P425056668-T700379701-C128000000002408609+B+P90+S1,P425462535-T700374422-C128000000003097149+B+P80+S2,P425119424-T700340276-C128000000002624569+B+P20+S3"},{"BATCH_REDIRECT_STORE":"BWW_128000000002408609_EN-US+P0+S0"},{"BATCH_REDIRECT_STORE":"BWW_128000000003097149_EN-US+P0+S0"},{"BATCH_REDIRECT_STORE":"BWW_128000000002624569_EN-US+P0+S0"},{"OPTOUTSTATE":"256"}] X-ARC-SIG: hz5KJfEJf39yJmOf4I3xLcT/1e+YYpISTNOYaYbN78hiqwN4ZjKaG+fvkW0LUenM55q0X6uxqJCs/eanXVFj7wxiWZfgkxtFkIwGcKSThUtZngqaTZ4L2lnNhUZKXgY2phGu5F13L7kbUsL/FPQy0hgXbEz+h5o6x1O8ctIDLOQCo7DGnNbalnCgJlhM1B2jzs4BEJ+Ws8SmduCGhoQCGBFRqv2keIV12WHoqs3vJ6oVfuVgAwTyRSPq7jDxWiLVAeXgdQnfz1s7+noz00fLxiteTOUlUsOeTwzvp5xnkLNPmqdL3T6eK28RqeUoxSBzYk5drJAE+LoKHdF+O5HqQA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 30 May 2022 09:06:40 GMT Connection: close
2022-05-30 09:06:41 UTC	351	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2022-05-30 09:06:41 UTC	366	IN	Data Raw: 3d 33 33 38 33 38 37 26 4d 41 50 5f 54 49 44 3d 39 37 42 32 32 32 38 33 2d 32 36 32 36 2d 34 30 36 31 2d 42 31 34 39 2d 41 42 38 39 38 46 32 30 41 42 41 41 26 4e 43 54 3d 31 26 50 4e 3d 44 41 36 33 44 46 39 33 2d 33 44 42 43 2d 34 32 41 45 2d 41 35 30 35 2d 42 33 34 39 38 38 36 38 33 41 43 37 26 41 53 49 44 3d 31 46 33 46 37 42 32 44 41 41 44 37 34 38 43 30 42 39 43 43 36 46 41 38 30 43 38 43 33 31 34 42 26 52 45 51 41 53 49 44 3d 31 46 33 46 37 42 32 44 41 41 44 37 34 38 43 30 42 39 43 43 36 46 41 38 30 43 38 43 33 31 34 42 26 41 52 43 3d 31 26 45 4d 53 3d 31 26 41 55 54 48 3d 31 26 4c 4f 43 41 4c 45 3d 45 4e 2d 55 53 26 43 4f 55 4e 54 52 59 3d 55 53 26 48 54 44 3d 2d 31 26 4c 41 4e 47 3d 31 30 33 33 26 44 45 56 4c 41 4e 47 3d 45 4e 26 43 49 50 3d 31 30 Data Ascii: =338387&MAP_TID=97B22283-2626-4061-B149-AB898F20ABAA&NCT=1&PN=DA63DF93-3DBC-42AE-A505-B34988683AC7&ASID=1F3F7B2DAAD748C0B9CC6FA80C8C314B&REQASID=1F3F7B2DAAD748C0B9CC6FA80C8C314B&ARC=1&EMS=1&AUTH=1&LOCALE=EN-US&COUNTRY=US&HTD=-1&LANG=1033&DEVLANG=EN&CIP=10

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:43 UTC	383	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 62 36 65 31 30 63 63 61 65 63 62 37 32 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: c3b6e10ccaecb724
2022-05-30 09:06:43 UTC	383	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:43 UTC	383	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 62 36 65 31 30 63 63 61 65 63 62 37 32 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: c3b6e10ccaecb724<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:06:43 UTC	384	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 38 20 31 37 30 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 62 36 65 31 30 63 63 61 65 63 62 37 32 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 1044478 170Context: c3b6e10ccaecb724<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2022-05-30 09:06:43 UTC	384	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:43 UTC	384	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 68 7a 63 58 36 71 4b 77 45 65 74 65 59 52 71 32 6f 42 37 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uhzcX6qKwEeteYRq2oB7Vw.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:06:48 UTC	384	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 65 36 61 35 63 37 63 33 37 61 39 37 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: a64e6a5c7c37a97c
2022-05-30 09:06:48 UTC	384	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:06:48 UTC	384	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 65 36 61 35 63 37 63 33 37 61 39 37 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: a64e6a5c7c37a97c<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:06:48 UTC	385	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 65 36 61 35 63 37 63 33 37 61 39 37 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: a64e6a5c7c37a97c
2022-05-30 09:06:48 UTC	385	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:06:48 UTC	385	IN	Data Raw: 4d 53 2d 43 56 3a 20 2f 4b 64 41 34 31 4f 43 58 55 57 45 39 44 35 48 6a 43 51 34 6b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: /KdA41OCXUWE9D5HjCQ4kA.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:47 UTC	143	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: -480 X-BM-FirstEnabledTime: 132061340710069592 X-DeviceID: 0100748C0900F045 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=480; StandardBias=0; TimeZoneKeyName=Pacific Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdtELABKVRi0uEZqpkvZbEYkgCvJB4SlUfBnFRmD2KbN3pYTZ28SZF3VNMC3H20cdPTEy2p%2BLxiokgGMXunV8kWIXJeaxZdAzzuLUHW9j7/E01vJTqZufRse9f0y0F2saK3S9AHyXdqq378ixTPKVxSNJGlzn785FXCK6mRKuw7k5bxtdBrCsDUE99ZyvTyb59kNDAmtTgDhxY6EFFNUrpcHigwXFU0swLaZ3p8Ur9sRSgk6V6vnhVp%2BuOSTpcLTmggVSafY8OW%2BUAy8JE1vXokpbovFsfOOvRC0mZQsNhIPLtX861igqUCu69prtGW1qPN6UT/Ie/sT4sJE5hoUEEIDZgAACH3hEDfIurMMqAFNBoRMccrdW4NegFr%2BjoQfwEgjauLdrInkR0E5mNwDLJJ4KrYiCzYHUs4vN3WDqcNDfi0ul0h0%2BVN5jMZGPZkNw1r76tQoVw76zdWNOlrCwJavDq/cb7v7hsC3p6zp2MJqFZmYjbFX5ArphKpkV19yct%2B9VDzq65T/69JvN2lwXDTpMcppJUerEIAncVj2Qd3tUof1IggbI6nCdCVtQdw%2BwwHgATyUH1V3AahlQW5kH1V/II6GXqnYGlLCmjaLoJmw7mjSFeL2LFy3kVLqEahtNEbpQypCxV4jgjkNj5zOI76CKXiz41iXZOSrb7nsMouncSMeWksuh46eWHQnc00dBa5XYuD465TvBLvilWYUtETg5XSqlNpD7VkYVtboZWTW1crzmJqlEcSvdp4Qt2tWKUFs1ymqjWhBwSOnkMtPNjh64YfB%2BVNUwSGgta/0z5oJH1MUIJgsdlVPpDkXfP0HcyZrCIK6/dZ/%2BlXIsSV6SLjCfsHYFEGJa6IljmOmuAR9gQtSRkl7rP/3uarCsqJOCuY0ZSf1l4G3q/3U%2Bf3rB7IxbJ1ViRQy1AE%3D%26p%3D X-Agent-DeviceId: 0100748C0900F045 X-BM-CBT: 1646756872 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: 56B0FB09C5A844A3BFAD59583E571607 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 88786 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=0BA1234E3B2140EBA8746E9F98F8CAA3; _SS=CPID=1653933936860&AC=1&CPH=4ef661f2
2022-05-30 09:05:47 UTC	146	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 62 37 36 38 32 33 32 61 36 65 64 38 34 66 66 33 62 36 39 39 62 66 30 33 66 31 66 31 36 30 65 64 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>b768232a6ed84ff3b699bf03f1f160ed</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2022-05-30 09:05:47 UTC	162	OUT	Data Raw: 2c 22 54 22 3a 22 50 50 22 7d 2c 7b 22 56 22 3a 32 31 39 30 2c 22 54 22 3a 22 50 50 22 7d 5d 2c 22 49 52 54 22 3a 7b 22 31 30 30 39 2e 31 54 22 3a 7b 22 42 22 3a 32 31 38 39 2c 22 45 22 3a 32 31 38 39 2c 22 54 22 3a 22 50 50 22 7d 2c 22 31 30 31 30 2e 31 53 22 3a 7b 22 42 22 3a 32 31 39 30 2c 22 45 22 3a 32 31 39 30 2c 22 54 22 3a 22 50 50 22 7d 7d 7d 5d 2c 22 53 54 41 54 45 22 3a 7b 22 49 6e 64 65 78 65 72 22 3a 22 44 49 22 7d 2c 22 56 22 3a 22 32 22 2c 22 52 46 43 22 3a 7b 7d 2c 22 54 53 22 3a 31 35 36 31 36 36 30 35 38 39 38 35 32 2c 22 52 54 53 22 3a 31 31 38 35 39 30 2c 22 53 45 51 22 3a 35 35 2c 22 55 54 53 22 3a 31 36 35 33 39 33 33 39 34 36 38 36 39 7d 5d 5d 3e 3c 2f 44 3e 3c 54 53 3e 31 35 36 31 36 36 30 35 38 39 38 35 32 3c 2f 54 53 3e 3c 2f 45 Data Ascii: ,"T":"PP"},{"V":2190,"T":"PP"}],"IRT":{"1009.1T":{"B":2189,"E":2189,"T":"PP"},"1010.1S":{"B":2190,"E":2190,"T":"PP"}}}],"STATE":{"Indexer":"DI"},"V":"2","RFC":{},"TS":1561660589852,"RTS":118590,"SEQ":55,"UTS":1653933946869}...</D><TS>1561660589852</TS></E
2022-05-30 09:05:47 UTC	178	OUT	Data Raw: 3a 7b 22 34 22 3a 31 2c 22 37 22 3a 31 33 35 30 37 2c 22 31 30 22 3a 32 2c 22 31 39 22 3a 31 2c 22 32 35 22 3a 31 2c 22 34 32 22 3a 31 2c 22 35 39 22 3a 31 2c 22 31 33 33 22 3a 31 2c 22 31 33 36 22 3a 31 2c 22 31 33 37 22 3a 32 2c 22 32 36 34 22 3a 31 2c 22 32 39 36 22 3a 31 7d 7d 7d 5d 7d 5d 5d 5d 3e 3c 2f 44 53 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 65 73 63 72 65 65 6e 2c 72 73 31 6d 75 73 69 63 70 72 6f 64 2c 43 6f 72 74 61 Data Ascii: :{"4":1,"7":13507,"10":2,"19":1,"25":1,"42":1,"59":1,"133":1,"136":1,"137":2,"264":1,"296":1}}}]}]...</DS><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,AmbientWidescreen,rs1musicprod,Corta
2022-05-30 09:05:47 UTC	194	OUT	Data Raw: 22 52 65 67 69 6f 6e 22 3a 22 47 72 6f 75 70 73 22 2c 22 4c 22 3a 5b 7b 22 54 22 3a 22 4c 2e 42 6f 78 22 2c 22 52 65 67 69 6f 6e 22 3a 22 53 65 61 72 63 68 53 75 67 67 65 73 74 69 6f 6e 73 22 2c 22 4c 22 3a 5b 7b 22 54 22 3a 22 4c 2e 55 72 6c 22 2c 22 4b 22 3a 22 31 31 34 2e 31 22 7d 5d 7d 5d 7d 5d 7d 5d 5d 5d 3e 3c 2f 4c 3e 3c 2f 50 61 67 65 3e 3c 54 53 3e 31 35 36 31 36 36 30 35 38 38 31 38 32 3c 2f 54 53 3e 3c 4f 76 72 3e 3c 72 65 71 75 65 73 74 49 6e 66 6f 20 6b 65 79 3d 22 52 61 77 51 75 65 72 79 22 20 76 61 6c 75 65 3d 22 69 6e 65 74 65 72 6e 22 2f 3e 3c 72 65 71 75 65 73 74 49 6e 66 6f 20 6b 65 79 3d 22 49 73 51 75 65 72 79 22 20 76 61 6c 75 65 3d 22 66 61 6c 73 65 22 2f 3e 3c 72 65 71 75 65 73 74 49 6e 66 6f 20 6b 65 79 3d 22 46 6f 72 6d 22 20 76 Data Ascii: "Region":"Groups","L":[{"T":"L.Box","Region":"SearchSuggestions","L":[{"T":"L.Url","K":"114.1"}]}]}]}]...</L></Page><TS>1561660588182</TS><Ovr><requestInfo key="RawQuery" value="inetern"/><requestInfo key="IsQuery" value="false"/><requestInfo key="Form" v
2022-05-30 09:05:47 UTC	210	OUT	Data Raw: 6e 67 75 61 67 65 22 2c 22 49 6d 70 72 65 73 73 69 6f 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 51 46 5f 4b 45 59 53 54 52 4f 4b 45 5f 56 49 52 54 55 41 4c 5f 55 52 4c 3f 71 72 79 3d 69 6e 74 26 73 65 74 6c 61 6e 67 3d 65 6e 2d 55 53 26 63 63 3d 55 53 26 6e 6f 68 73 3d 31 26 63 70 3d 33 26 63 76 69 64 3d 30 62 66 30 65 39 62 38 39 66 62 30 34 66 32 34 62 35 63 31 35 39 31 62 65 62 35 32 36 34 62 33 26 69 67 3d 36 62 39 65 34 63 35 31 35 39 39 66 34 32 35 33 39 34 36 37 61 37 35 30 33 61 32 66 33 64 62 30 26 41 53 49 6e 69 74 49 47 3d 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 22 2c 22 52 65 73 6f 75 72 63 65 73 56 65 72 73 69 6f 6e 22 3a 22 38 5f 30 31 5f 30 5f Data Ascii: nguage","ImpressionUrl":"https://www.bing.com/QF_KEYSTROKE_VIRTUAL_URL?qry=int&setlang=en-US&cc=US&nohs=1&cp=3&cvid=0bf0e9b89fb04f24b5c1591beb5264b3&ig=6b9e4c51599f42539467a7503a2f3db0&ASInitIG=C0409E84C7EC4D16A2CDDA4805E2D3C4","ResourcesVersion":"8_01_0_
2022-05-30 09:05:47 UTC	226	OUT	Data Raw: 36 45 39 46 39 38 46 38 43 41 41 33 22 2c 22 41 43 56 65 72 22 3a 22 34 65 66 36 36 31 66 32 22 2c 22 46 44 50 61 72 74 6e 65 72 45 6e 74 72 79 22 3a 22 61 75 74 6f 73 75 67 67 65 73 74 22 2c 22 69 73 4f 66 66 6c 69 6e 65 22 3a 30 2c 22 77 65 62 52 65 71 75 65 73 74 65 64 22 3a 31 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 22 57 4e 53 53 54 42 22 2c 22 70 72 65 76 69 6f 75 73 45 78 70 65 72 69 65 6e 63 65 22 3a 22 53 65 61 72 63 68 42 6f 78 22 2c 22 64 65 76 69 63 65 48 69 73 74 6f 72 79 45 6e 61 62 6c 65 64 22 3a 31 2c 22 77 69 6e 64 6f 77 73 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 63 6f 72 74 61 6e 61 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 73 65 61 72 63 68 42 6f 78 49 6e 54 61 73 6b 62 61 72 22 3a 31 2c 22 74 61 73 6b 62 61 72 4f 72 69 65 6e 74 61 Data Ascii: 6E9F98F8CAA3","ACVer":"4ef661f2","FDPartnerEntry":"autosuggest","isOffline":0,"webRequested":1,"entryPoint":"WNSSTB","previousExperience":"SearchBox","deviceHistoryEnabled":1,"windowsAccount":"3","cortanaAccount":"3","searchBoxInTaskbar":1,"taskbarOrienta
2022-05-30 09:05:47 UTC	233	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 66AFB0DBA89D4AEF89BD3400728B2600 Ref B: VIEEDGE2510 Ref C: 2022-05-30T09:05:47Z Date: Mon, 30 May 2022 09:05:47 GMT Connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://gfs214n125.userstorage.mega.co.nz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\53253061-32bc-4eca-8f17-2399ed7d34da.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\5f7e8617-b609-4694-b428-c220a4d172f6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6ba5b999-cc78-4221-9f2a-44a15549204e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\92e51635-6885-43a0-a30a-7e24e195e44f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\00531126-8a29-4b6f-8cc8-7f771c9d1a2c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\130451de-bf36-479e-a65f-7b3afb1c1e54.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\14c3b0f4-d82c-48a0-95b0-240c164e0cf5.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\40cb172e-06b7-463f-9689-4363ab076ab4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\559b029e-f7a5-4f3f-adea-06a2611bb32a.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6527c771-fb6e-4f8e-8d07-1199d65be1ff.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ed33cf4-6202-43b4-b107-bdb0d97faf4e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\a3197c04-fd94-4279-96a1-2230f05c9b02.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\c455b2ac-0776-433a-81b5-58b4aee1e905.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ae28ee5c-ff0c-4e57-816b-75087be8c8fe.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

Windows Analysis Report
http://gfs214n125.userstorage.mega.co.nz

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:07:00 UTC	5319	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 39 63 64 63 66 61 66 61 62 35 38 62 61 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: e49cdcfafab58bac
2022-05-30 09:07:00 UTC	5319	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:07:00 UTC	5319	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 39 63 64 63 66 61 66 61 62 35 38 62 61 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: e49cdcfafab58bac<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:07:00 UTC	5320	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 39 63 64 63 66 61 66 61 62 35 38 62 61 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: e49cdcfafab58bac
2022-05-30 09:07:00 UTC	5320	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:07:00 UTC	5321	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 64 2f 6c 6d 38 46 66 77 45 47 33 78 4b 71 44 32 49 61 77 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 0d/lm8FfwEG3xKqD2Iawaw.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:07:04 UTC	5321	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 35 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 38 30 32 61 31 38 39 33 32 33 39 32 64 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 245Context: 7802a18932392dd
2022-05-30 09:07:04 UTC	5321	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:07:04 UTC	5321	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 35 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 38 30 32 61 31 38 39 33 32 33 39 32 64 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 31 Data Ascii: ATH 2 CON\DEVICE 1025Context: 7802a18932392dd<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc1
2022-05-30 09:07:04 UTC	5322	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 38 20 31 36 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 38 30 32 61 31 38 39 33 32 33 39 32 64 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 1044478 169Context: 7802a18932392dd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2022-05-30 09:07:04 UTC	5322	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:07:04 UTC	5322	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 70 72 70 43 30 55 2b 64 6b 4f 33 56 30 39 73 4b 30 52 78 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5prpC0U+dkO3V09sK0RxiA.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:07:18 UTC	6070	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20220530T180717Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=73f134361e284620be6aba1564d149f3&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1537891&metered=false&nettype=ethernet&npid=sc-310091&oemName=oqioic%2C%20Inc.&oemid=oqioic%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=oqioic7%2C1&tl=2&tsu=1537891&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1 Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32099&sc=6 X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAcr8HwWYYADnl98O80BI+Dg5z75K5E0YhVFNqvOZAlN+AM2HpYNpN7wxAwabtcdzC+Pbvh0gogIzKDNzI/QOlMyynRbyq+PN9WzPh1rZcKoiwrbH484+yBH/e8/maBey1TCulvwXxMhdCA3SJC/rl9gN9ZQAiBOn752gdRif41Ie8Ycje0lmuc36+/LFb06FtPbDpZgNzDap3n2ffDddfiu3GhqsHHo0aZeVvlx/q5Mj39vZkVDigB1NpbFA6xVkkfP9qEiFRIkWGZd0XAUumMJXWqpDsMZVD4Jmv6EF+V+XLab9dG8/jjUjMiUKF1SHadh215McslP8JamqUjEirhUDZgAACAaf3wBcQ3rHsAHH+Gqb377xjn16+Ku3U30r9X9dP4/MkE3mnL2KN/l4GtICHv+MIQQoR8yr3h7CW5qrTYm+9jfXSkT7asiay5WuR1h6c3PYxH3aN4l12e80I9h/5ftQV3CAlfzrlc1UKmNffGlfDYa8tEfUc6vRXiwOYBiDD4WycD6rof1XEg0xF0T2A2KLaJ4m7aCgAH6bF8ZnL8QdkzcC87HIT3zU3lp1DRvi7XF4Au+NuF94a2cJZkGEexeWXPqt8BzKzCBpVZkbuRcmjQBv5MA3vM/E4EKl4cYvnC/sKNcavFQBsKFE61WupFO3lUSBqHImqx/MJ9rws/0ivSPY4uENn9OIEqsjusNbT3VyWvV1f5X3EoFcXAenwR6z1zx/reT5p43FTZtrracwACFl5S3Uk2QJ7HZxq1pvbVEsOlN9LK5gnVvZWCi5cKm9YxFwK24a5xd1SWJaOxMYVhb3hTywJsIlmWXfA8tJTbUPS1gKqAQvJFSQDdPb5D0vWhs/vWg73lp948xlUHm9TzwB1KMdgTyc4qUcBN+lMifdC9SIfPtHKqdR1QpZPZZg/R33h2EDAOIQRhHaAQ==&p= Cache-Control: no-cache MS-CV: a5ILflxJUkW9/ZIK.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: tch0,m301,m751,mA01,mT01 Host: arc.msn.com Connection: Keep-Alive
2022-05-30 09:07:18 UTC	6074	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 167 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"OPTOUTSTATE":"256"}] X-ARC-SIG: UDS5bkwa+OiIsYAaMxqlNYtu/m5TYKyHOFRoI+1mVJ1cY97lVhCXz89tmMNtlfojjBatErDK5tCxzAF24OO6Hjn69Le1094fY9PIH7rgQk/LwqP7mSUTyLL/1SecJs4gYWXIFgWWN9feVqCA4DGu0fjWkDirbkti4VzLtbP7f1Ri1kFp/hoLKtu0oTzFBw/nEZrwPZ+3v+DuSDOARQf1grpfsnT7uSqG+Ty1f/p/LNSNR3AtB8ezZzEx4AK5DHS8knkMrAnjmHQw8Sh+rBH+TY/u1H8klla3ztzupqppj69DPNw7fNUMKiqz7z9BbYbf08W1gqfMEreDM+RFeI5ezw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 30 May 2022 09:07:17 GMT Connection: close
2022-05-30 09:07:18 UTC	6075	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 2c 22 72 65 66 72 65 73 68 74 69 6d 65 22 3a 22 32 30 32 32 2d 30 35 2d 33 30 54 31 33 3a 30 37 3a 31 38 22 7d 7d Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}],"refreshtime":"2022-05-30T13:07:18"}}

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:07:18 UTC	6072	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 32 34 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 66 65 30 38 37 63 36 34 37 64 34 36 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 246Context: 3acfe087c647d462
2022-05-30 09:07:18 UTC	6073	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 37 31 33 34 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 55 53 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 34 34 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.17134</osVer><proc>x64</proc><lcid>en-US</lcid><geoId>244</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName></agent></connect>
2022-05-30 09:07:18 UTC	6073	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 32 36 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 66 65 30 38 37 63 36 34 37 64 34 36 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 49 65 66 37 74 42 44 51 67 76 56 78 76 34 76 38 49 6c 69 73 37 43 36 69 70 50 2f 69 2f 46 6f 32 50 49 55 63 54 53 78 4b 54 75 4f 65 5a 55 56 64 74 76 35 77 2f 5a 4e 4d 6e 70 51 34 4d 52 32 62 78 33 57 32 77 48 6c 6e 4c 4b 4d 44 5a 75 4e 6f 53 52 6a 35 4c 5a 45 69 57 43 77 43 69 65 4a 54 51 72 4b 59 36 46 41 6e 4a 48 72 51 4a 6f 54 6c 50 49 79 4f 53 6e 6e 74 6d 41 4c 6e 71 38 71 67 71 6e 77 48 49 74 63 Data Ascii: ATH 2 CON\DEVICE 1026Context: 3acfe087c647d462<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYIef7tBDQgvVxv4v8Ilis7C6ipP/i/Fo2PIUcTSxKTuOeZUVdtv5w/ZNMnpQ4MR2bx3W2wHlnLKMDZuNoSRj5LZEiWCwCieJTQrKY6FAnJHrQJoTlPIyOSnntmALnq8qgqnwHItc
2022-05-30 09:07:18 UTC	6074	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 32 39 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 66 65 30 38 37 63 36 34 37 64 34 36 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 29Context: 3acfe087c647d462
2022-05-30 09:07:18 UTC	6074	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2022-05-30 09:07:18 UTC	6074	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 78 6e 4a 38 53 6f 67 79 55 4b 68 5a 67 55 30 35 63 6c 64 59 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: nxnJ8SogyUKhZgU05cldYg.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:07:29 UTC	6075	OUT	GET /SLS/%7B9482F4B4-E343-43B6-B170-9A65BC822C77%7D/x64/10.0.17134.1/0?CH=17&L=en-US&P=&PT=0x30&WUA=10.0.17134.1&MK=cwtLHkwEGLyTKwE&MD=hx5yxEAR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.81 Host: sls.update.microsoft.com
2022-05-30 09:07:30 UTC	6075	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "AIP0MQaCzKwF3Wv0wR/DNwKKGDF7CierFQWSKotQHD4=_1440" MS-CorrelationId: a35126bb-e102-4d2c-ba39-19d75c9177d5 MS-RequestId: bcdb72f2-398b-4b29-b107-02299aaafc9f MS-CV: +k8i+f92QkqIRfOQ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 30 May 2022 09:07:29 GMT Connection: close Content-Length: 35877
2022-05-30 09:07:30 UTC	6076	IN	Data Raw: 4d 53 43 46 00 00 00 00 a5 42 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 0b 87 00 00 14 00 00 00 00 00 10 00 a5 42 00 00 80 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 26 64 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 5a 10 09 f7 39 42 26 64 43 4b ed bd 05 54 5c 5b ba 2d 5c 14 ee ee 1a 08 6e 85 3b 04 0f 1a dc 25 b8 bb 04 97 c2 83 07 09 ee 4e 70 77 09 4e 70 82 05 08 ae 09 ae 21 81 07 c9 91 f4 e9 d3 dd b7 ef ff fa bf fd ee e8 1a 83 aa bd 74 af b5 f6 fa d6 fc be b9 e7 18 c8 29 8b 4a 00 ee 3f ed 04 80 ef 1f b1 1f 3f 00 48 08 08 00 04 00 0a a0 cd 05 00 60 7d cf 41 fb 5e c7 5c 0a f0 db c7 f8 fe ef a1 56 08 3b e0 a7 8f 1f c0 c4 d6 d5 c2 d1 ce d6 c6 c4 d6 99 c9 cd c6 1a e0 3a 60 5b Data Ascii: MSCFBDBId&denvironment.cabZ9B&dCKT\[-\n;%NpwNp!t)J??H`}A^\V;:`[
2022-05-30 09:07:30 UTC	6091	IN	Data Raw: 2c d5 6c a1 e1 97 4f eb 44 d5 d7 31 d1 59 e6 ed 3c 5c f9 e0 bb 34 e4 d4 f6 e5 cf 75 58 d3 7b f1 91 6f 63 a0 cc f4 c4 a6 ab e5 3a e6 92 72 35 5d 84 ce 74 71 d7 d8 f2 ba fb 90 60 ef 04 55 ed e4 64 b9 d4 aa be 35 95 a4 1a 76 94 4a 12 1a 5e d7 70 59 b4 d9 77 7c b8 ec c5 58 bc 81 dc c9 78 5c a5 6d e9 71 c6 e6 a6 15 ed 41 c6 a2 49 2e 32 71 f5 02 07 81 2e 44 1d 42 3d 03 1e a8 78 29 eb e9 65 da ba 86 6b 80 8f 49 2f fa a5 f3 e4 23 e2 fa 9b 83 90 04 f1 75 8a 79 10 c7 93 b7 8f fd 33 4b 03 4f 6b 0f 28 5b b8 32 4e 01 84 ef 42 1d 15 9c 9d 65 dd ca 7a 61 a0 dc bc b3 99 e5 39 00 ce 79 0a 31 d9 aa a7 56 81 87 c8 58 ac 9e 24 94 e7 37 68 95 73 e7 82 04 da c4 25 9d d2 29 a9 f3 9e 78 2e 57 90 a6 a6 93 ee e7 d9 05 1d 46 b8 6c d4 8d 70 2a 62 4a f8 14 89 cc 10 48 bd 5d 96 50 46 Data Ascii: ,lOD1Y<\4uX{oc:r5]tq`Ud5vJ^pYw\|Xx\mqAI.2q.DB=x)ekI/#uy3KOk([2NBeza9y1VX$7hs%)x.WFlp*bJH]PF
2022-05-30 09:07:30 UTC	6107	IN	Data Raw: 00 00 00 15 c5 e7 6b 9e 02 9b 49 99 00 00 00 00 00 15 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 20 32 30 31 30 30 1e 17 0d 32 31 30 39 33 30 31 38 32 32 32 35 5a 17 0d 33 30 30 39 33 30 31 38 33 32 32 35 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d Data Ascii: kI0*H010UUS10UWashington10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 20100210930182225Z300930183225Z0\|10UUS10UWashington10URedm

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:58 UTC	234	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-05-30 09:05:58 UTC	234	OUT	Data Raw: 20 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:58 UTC	234	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-W56x0vlp9MIxap14_uJJtA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 30 May 2022 09:05:58 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5628 X-Daystart: 7558 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-05-30 09:05:58 UTC	235	IN	Data Raw: 33 36 63 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 32 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 35 35 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 36c<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5628" elapsed_seconds="7558"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-05-30 09:05:58 UTC	236	IN	Data Raw: 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70 70 20 Data Ascii: kkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><app
2022-05-30 09:05:58 UTC	236	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-30 09:05:58 UTC	236	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 30 May 2022 09:05:58 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-0fg2CsDMc97uA45u3HA07A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'nonce-0fg2CsDMc97uA45u3HA07A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]} Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-05-30 09:05:58 UTC	238	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-05-30 09:05:58 UTC	238	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	2
Start time:	11:05:51
Start date:	30/05/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://gfs214n125.userstorage.mega.co.nz
Imagebase:	0x7ff6a7220000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	3
Start time:	11:05:53
Start date:	30/05/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,14628987170268143729,8769245826119934323,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Imagebase:	0x7ff6a7220000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low