Windows Analysis Report
Re_ Lead Exposures in Children's Environmental Health Confirmation.eml

Overview

General Information

Sample name:	Re_ Lead Exposures in Children's Environmental Health Confirmation.eml
Analysis ID:	1531103
MD5:	fe87457a48d7d9914a04937cfad7ae8c
SHA1:	48f2054e1a639ddd0a2a2352ddaffdbdc05f37d1
SHA256:	ec2bde3a7531c3c447a1a652b9664c0fc65a2796491a7af5ca7c0f14f9ee3612
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Detected non-DNS traffic on DNS port

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file does not import any functions

PE file overlay found

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Signatures

Source: chromecache_275.12.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_1159b848-3

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:50761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.86.251.7:443 -> 192.168.2.18:60999 version: TLS 1.2

Source:

Binary string: d:\zoomcode\EP\Bin\Release\NewWebLauncher\NewZoomWebLauncher.pdb source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.18:60994 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:50759 -> 162.159.36.2:53

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=es+e4gZvdMyzZgo&MD=LzVKMRB4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_r8adLiTTSBy1TDpo1YLqFg HTTP/1.1Host: usepa.zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.537a440d01fe8a0940ee.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usepa.zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.537a440d01fe8a0940ee.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; cred=76CF6F7A9778E000BF47B737DF30432A; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg
Source: global traffic	HTTP traffic detected: GET /launch/download/5jMUk7NZBodEXLmXl-iASw5UAvo3O0RQUJgC1QCqV1CG4qVMFxsn2okT2H4IUaFhd-HevX-gR1Sy7yLXIf6pQ3O_wThxJBZtyBUJSpEjNww_jKAh0j-qppScYiA0qYLBFjCPJ0UE7jw0wRZfbZPNPzS9tKkjjsttwlpHXULDj_zvVSFI4Oi5zPe6tuFGgfQKcntYRcXe5zv20yzZh0rvFZMyxQd4MjbUmkJLdkTE0UXkHqm3qzFC3HXcwugsMhWAjuE_4s8qGOWPFCQ1vObdJJcU_kvr0o6NdQgJrxmDk3GMCB_lIPTe01goX9-gy2vri8LLFpcw3kBdAeFJEQym8IoyyzuAMfHKvLVwNruLkip6SjJROV-2_Y9VK1dllWwC746hLMKZszYDrkKBDE_L69Vi3ebZk0MoELJ2rFWOHAedfscYyQV-Fhotu4OJJ6-xWFLmbZCXH8JHWg74scsLWs8MCaAsZdC2X4KlNx-S0uqKLAZfejazsqNemVrzIl0aFAv9VEdDp8H5kwPNvpsDyMqGRc3kNZlrKqC_LJmsfzEChDgTWMRwTaua89e8to3ekZrTNGxcOApQIj6zqOah7nOn1ng4qiFoVdyfF1Xc-4CmPFO4aEbbw5qu34kny6PsB8CBrmhlub6ZNor2uFhvprZEwMP2ldPktOFbkJHR2AL2DEEoNzAKVo4F.UwFYA_7hTRi4Di9B/meeting/NzqhM5aPyaqI9wyxY322e1SVhKrVTd2WQWo.X03oBHw_z8hm50WC/Zoom_launcher.exe HTTP/1.1Host: usepa.zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://usepa.zoomgov.com/w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_r8adLiTTSBy1TDpo1YLqFgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; cred=76CF6F7A9778E000BF47B737DF30432A; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=43B51A132887AA2538EE840259B7D3AB
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=es+e4gZvdMyzZgo&MD=LzVKMRB4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=913CCCAADC64EE56C3D201EBEBF205FF
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=CBCA896026F1B859B8D166F6405E1746
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=120AE84864903E1D7B5A9F3109955A18
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQ6GhAkHuPtVTVeAt8GnNTXiw/C/ancNPYhIm/WzQoKYIcnODiygMSaKDpesx7WgNrvREVrDFcW7ECyynHXFO5t3xlEzqcG1ZxCgB69iRgPFlRupuWqnS7P7CjA%2B0ZRmhmVy1qNBOkkSURe2oNh3wvug/05fcrZf8Kuql9X69BDdP/BG0bZp9l%2BTUvkp8y/Ov90S5AzzdoWEpMEU0TzuVBagb0vpBXkoa3Vl/isHcHiP3Yx0pICzN3HIdGMgw2mE/G48LyHtBFLWmVBXfPx4C54rMvzTrhGbawbkOLpWnyzQgfjGsatPHamcJpguASSRk19dp3Jm8Xl3Nu%2B6HP83mYAQZgAAEAwlQQ0pNNVbshm8of9AWd2wAYSuubZNELFGiQtzO1bTDwF8SbESxf/K7jk/ITP4Ow20m72B9T7mtne6NmnJ/Lplc%2BiWpnSmrb3ew0uYnG6LeMaTPPd4bFmOubrEipWWzokrskE3o3Me9M1EOyymf2bXB/aImhORcnF43dR5RyYNJej7rZ1QnqbTOKnhpoQNMXuWNXXT2c7MmIxiz2NAYcfc/jz6JdxSmdaYmQj/DN%2B/0hmPFdKVmF2lW9p2QTc4p4NNc7Vp8sxQm/vFr4D%2BD//mHKn3wvBpIfulkKoe8yCWv7gmLz7lVtsXWbC62KVSmskBeX88RvfZ1o2x44JRIW75OAO4AQD812C7EpxfU9zxvr79LE%2BhvcVXNqCZiUlqKNYO87ySo/ND2VLH2X7W3oyep58cs8Tetxju82c4e3Q0GI7tJzzw768g1e1/gYbblowumda/OQdOGsEV43thJ6rV9ylcJ%2BMG6NxPyykfJQQjBs35PTI66b5WNrSb0dYJ5eIaUMOjR%2BURuy2Aw1B91vLQfkA6emlDS2fy9yOa60z1dniv9L1IUjMJOP%2BcKOttEINWU1YmxbsAOmEwCQVne8D0eNcB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1728588138User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: D69CCBF0318845E79099B48B905A4BEFX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
Source: global traffic	HTTP traffic detected: GET /wc/join/1616942169?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1Host: usepa.zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://usepa.zoomgov.com/w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_r8adLiTTSBy1TDpo1YLqFgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=56DE707854FA45A47E086D2B72418870
Source: global traffic	HTTP traffic detected: GET /wjmf HTTP/1.1Host: usepa.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; cred=3026AE58672596B8E1694302BF85619B; _zm_wc_user=1
Source: global traffic	HTTP traffic detected: GET /wc/join/1616942169?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1Host: zoomgov.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://usepa.zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/main-chunk-other.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/main.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.25870/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/externals.0.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/pwa-webim.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/vendors.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.25870/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/pwa-webim.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/main.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/externals.0.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/vendors.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US
Source: global traffic	HTTP traffic detected: GET /cdn-detect.png HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/main.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US
Source: global traffic	HTTP traffic detected: GET /wc/join/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&from=pwa HTTP/1.1Host: zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://zoomgov.com/wc/join/1616942169?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pwa_epk=ndh7EOmK9bswZgOfauzLKhHFvrfEpil2A_xjph_K3QmwtZD4gBw.fGCL_fEk464LrznZ; _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; cred=DEBD891478949503C547610AC12246C7; _zm_lang=en-US
Source: global traffic	HTTP traffic detected: GET /cdn-detect.png HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk
Source: global traffic	HTTP traffic detected: GET /wc/1616942169/join?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&from=pwa HTTP/1.1Host: zoomgov.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://zoomgov.com/wc/join/1616942169?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pwa_epk=ndh7EOmK9bswZgOfauzLKhHFvrfEpil2A_xjph_K3QmwtZD4gBw.fGCL_fEk464LrznZ; _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=8581D5FFE8B8798B1D1A64469DF02623
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/css/vendors.wc_meeting.min.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/fonts/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1Host: www.zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://zoomgov.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/image/loading.png HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/css/styles.wc_meeting.min.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/vendor/externals.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/vendors.webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/image/loading.png HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/common.webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/vendors.webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client/zmbvidn/js/common.webclient.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /wc/manifest.json HTTP/1.1Host: zoomgov.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://zoomgov.com/wc/1616942169/join?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pwa_epk=ndh7EOmK9bswZgOfauzLKhHFvrfEpil2A_xjph_K3QmwtZD4gBw.fGCL_fEk464LrznZ; wc_epk=xsOzQ2gI7OYHcPvE6FaP5AnvL3_vBWg7kxztkr6NEuwBD6Zw7jY.iDhgWYN9r4hI82gi; _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=7784946D0293E323C176B7A65C2E3A8C
Source: global traffic	HTTP traffic detected: GET /wc/service-worker.js HTTP/1.1Host: zoomgov.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://zoomgov.com/wc/1616942169/join?fromPWA=1&tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pwa_epk=ndh7EOmK9bswZgOfauzLKhHFvrfEpil2A_xjph_K3QmwtZD4gBw.fGCL_fEk464LrznZ; wc_epk=xsOzQ2gI7OYHcPvE6FaP5AnvL3_vBWg7kxztkr6NEuwBD6Zw7jY.iDhgWYN9r4hI82gi; _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=7784946D0293E323C176B7A65C2E3A8C
Source: global traffic	HTTP traffic detected: GET /zoom.ico HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/pwa-sw.js HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /zoom.ico HTTP/1.1Host: www.zoomgov.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=r_AFS5_FSEmDnXb_YLTj1g; _zm_mtk_guid=31669b180c004769929f0307daaa29ec; _zm_join_utid=UTID_daaba48027474bd0b86f6848b8d1785d; _zm_csp_script_nonce=xzJqhlsGS4qS0Zb7w9rWgg; _zm_currency=USD; _zm_visitor_guid=31669b180c004769929f0307daaa29ec; _zm_page_auth=HVbwwtNmR_2BAb2xV5vDPg; _zm_wc_user=1; _zm_lang=en-US; _zm_cdn_blocked=unlog_unblk; cred=381E194337428FFD956836BB33FF3CB7
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/main-chunk-other.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/main.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/offline.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/css/split-chunk-other.css HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/IconEyeShow.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/IconHeadphone.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/IconPause.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/IconPlay.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/IconRefresh.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/agave-theme.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/bloom-theme.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/cci_countdown_timer.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/cci_instagram.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/cci_logo_facebook.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/cci_teamchat.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/cci_whatsapp.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/classic-theme.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/docs-normal.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/docs-selected.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/group-avatar.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/rose-theme.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/setup.png HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-down-default.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-down-hover.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-down-pressed.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-up-default.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-up-hover.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/thumbs-up-pressed.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/tip.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/tooltip-arrow-down.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/unhold.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/upcoming-bg.png HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/upgrade.png HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-dark.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-light.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-logo-splash-dark.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-logo-splash-light.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-tesla.svg HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/721.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/web_client_pwa/1.8.0.2305/js/externals.0.min.js HTTP/1.1Host: www.zoomgov.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: https://zoomgov.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zoomgov.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: <https://www.zoomgov.com/static/6.3.25870/image/new/yahoo.png equals www.yahoo.com (Yahoo)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: >https://www.zoomgov.com/static/6.3.25870/image/new/twitter.png equals www.twitter.com (Twitter)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: ?https://www.zoomgov.com/static/6.3.25870/image/new/linkedin.png equals www.linkedin.com (Linkedin)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: HYPERLINK "https://www.linkedin.com/company/zoom-video-communications/" \t "_blank" equals www.linkedin.com (Linkedin)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: INCLUDEPICTURE \d "https://www.zoomgov.com/static/6.3.25870/image/new/linkedin.png" \* MERGEFORMATINET equals www.linkedin.com (Linkedin)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: INCLUDEPICTURE \d "https://www.zoomgov.com/static/6.3.25870/image/new/twitter.png" \* MERGEFORMATINET equals www.twitter.com (Twitter)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: INCLUDEPICTURE \d "https://www.zoomgov.com/static/6.3.25870/image/new/yahoo.png" \x \y \* MERGEFORMATINET equals www.yahoo.com (Yahoo)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: oo<https://www.zoomgov.com/static/6.3.25870/image/new/yahoo.png equals www.yahoo.com (Yahoo)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: oo>https://www.zoomgov.com/static/6.3.25870/image/new/twitter.png equals www.twitter.com (Twitter)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: oo?https://www.zoomgov.com/static/6.3.25870/image/new/linkedin.png equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: usepa.zoomgov.com
Source: global traffic	DNS traffic detected: DNS query: www.zoomgov.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zoomgov.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 19:22:37 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: nginxx-zm-zoneid: VASet-Cookie: _zm_mtk_guid=e8537fc374904a7b8d4f91568e803575; Domain=zoomgov.com; Path=/; Max-Age=63072000; SameSite=None; SecureSet-Cookie: _zm_csp_script_nonce=RfyjzkX8QXGaxiGRpBfgOg; Domain=zoomgov.com; Path=/; Secure; HttpOnlySet-Cookie: _zm_currency=USD; Max-Age=86400; Expires=Fri, 11 Oct 2024 19:22:37 GMT; Domain=zoomgov.com; Path=/; SecureSet-Cookie: _zm_visitor_guid=e8537fc374904a7b8d4f91568e803575; Domain=zoomgov.com; Path=/; Max-Age=31536000; SameSite=None; SecureContent-Language: en-USStrict-Transport-Security: max-age=31536000; includeSubDomains; preload

Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: chromecache_250.12.dr	String found in binary or memory: http://ogp.me/ns#
Source: chromecache_250.12.dr	String found in binary or memory: http://ogp.me/ns/fb#
Source: chromecache_250.12.dr	String found in binary or memory: http://ogp.me/ns/fb/zoomvideocall#
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: http://usepa.zoomgov.com/w_p/1616942169/e79e8877-9bf5-4644-a0fc-518770797b3e.jpg
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: chromecache_261.12.dr, chromecache_297.12.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: http://zoom.us
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.aadrm.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.cortana.ai
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.office.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.onedrive.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://api.scheduler.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://app.powerbi.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://augloop.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_250.12.dr	String found in binary or memory: https://blog.zoom.us
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://blog.zoom.us/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://canary.designerapp.
Source: chromecache_250.12.dr	String found in binary or memory: https://careers.zoom.us/home
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.entity.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_250.12.dr	String found in binary or memory: https://chrome.google.com/webstore/detail/kgjfgplpablkjnlkjmjdecgdpfankdle
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cortana.ai
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cortana.ai/api
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://cr.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://d.docs.live.net
Source: chromecache_239.12.dr, chromecache_270.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/common.webclient.min.js-0ca74ac447f8a111b0b7.map
Source: chromecache_272.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/main-chunk-other.css-08a8ee80c94ebeb8a469.map
Source: chromecache_246.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/main.css-08a8ee80c94ebeb8a469.map
Source: chromecache_260.12.dr, chromecache_288.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/main.js-08a8ee80c94ebeb8a469.map
Source: chromecache_299.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/offline.css-08a8ee80c94ebeb8a469.map
Source: chromecache_242.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/pwa-sw.js-95803f44e3a128db5b73.map
Source: chromecache_247.12.dr, chromecache_277.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/pwa-webim.js-08a8ee80c94ebeb8a469.map
Source: chromecache_237.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/split-chunk-other.css-08a8ee80c94ebeb8a469.map
Source: chromecache_236.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/styles.wc_meeting.min.css-0ca74ac447f8a111b0b7.map
Source: chromecache_293.12.dr, chromecache_241.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/vendors.js-08a8ee80c94ebeb8a469.map
Source: chromecache_243.12.dr, chromecache_252.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/vendors.webclient.min.js-0ca74ac447f8a111b0b7.map
Source: chromecache_267.12.dr, chromecache_262.12.dr	String found in binary or memory: https://d1cdksi819e9z7.cloudfront.net/sourcemap/webclient.min.js-0ca74ac447f8a111b0b7.map
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://directory.services.
Source: chromecache_250.12.dr	String found in binary or memory: https://ebc.zoom.us/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ecs.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_250.12.dr	String found in binary or memory: https://explore.zoom.us/en/acceptable-use-guidelines/
Source: chromecache_250.12.dr	String found in binary or memory: https://explore.zoom.us/en/zoom-ventures/
Source: chromecache_261.12.dr, chromecache_297.12.dr	String found in binary or memory: https://fingerprintjs.com)
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_272.12.dr, chromecache_236.12.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_261.12.dr, chromecache_297.12.dr	String found in binary or memory: https://github.com/karanlyons/murmurHash3.js)
Source: chromecache_272.12.dr, chromecache_236.12.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://graph.windows.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://graph.windows.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://invites.office.com/
Source: chromecache_250.12.dr	String found in binary or memory: https://learn-zoom.us/show-me
Source: chromecache_250.12.dr	String found in binary or memory: https://learning.zoom.us/learn
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241010T1521160143-4012.etl.0.dr	String found in binary or memory: https://login.windows.local_AlR
Source: OUTLOOK_16_0_16827_20130-20241010T1521160143-4012.etl.0.dr	String found in binary or memory: https://login.windows.localedER
Source: OUTLOOK_16_0_16827_20130-20241010T1521160143-4012.etl.0.dr	String found in binary or memory: https://login.windows.localnullBoo
Source: OUTLOOK_16_0_16827_20130-20241010T1521160143-4012.etl.0.dr	String found in binary or memory: https://login.windows.localnulltloD
Source: App1728588076303880100_63085297-DB82-4BFE-B078-2A80F56EAE57.log.0.dr	String found in binary or memory: https://login.windows.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://management.azure.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://management.azure.com/
Source: chromecache_250.12.dr	String found in binary or memory: https://marketplace.zoomgov.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://messaging.office.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://mss.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officeapps.live.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://onedrive.live.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office365.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: chromecache_256.12.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_256.12.dr	String found in binary or memory: https://redux.js.org/Errors?code=
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://service.powerapps.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://settings.outlook.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://substrate.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: chromecache_250.12.dr	String found in binary or memory: https://support.zoom.us/hc/articles/16542703332621
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/de/articles/201362023-System-Requirements
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
Source: chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
Source: chromecache_250.12.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/sections/4415044540045-Billing-and-Payments
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/es/articles/201362023-System-Requirements
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/fr/articles/201362023-System-Requirements
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
Source: chromecache_278.12.dr, chromecache_276.12.dr	String found in binary or memory: https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
Source: chromecache_250.12.dr	String found in binary or memory: https://support.zoomgov.com/hc
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://tasks.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://twitter.com/zoom
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/account
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/download
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/download#chrome_ext
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/download#client_4meeting
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/download#mobile_app
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/download#outlook_plugin
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/about/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/accessibility
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/accessibility/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/contact
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/contactsales/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/customer/all/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/livedemo/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/media-kit/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/privacy/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/team/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/terms/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/trust/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/trust/legal-compliance/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/en/virtual-backgrounds/
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/error/405
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/events
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/join
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/meeting/schedule
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/signin
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/start/videomeeting
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/start/webmeeting
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/test
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/u/abHlgh2QQq
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWR
Source: chromecache_250.12.dr	String found in binary or memory: https://usepa.zoomgov.com/wc
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/webinar/register/WN_r8adLiTTSBy1TDpo1YLqFg?tk=39jBSb0_1gqDvmIIwb0pLLOcys05
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/webinar/vJIsceCsrDosEyGDiBVwQ3NykOXGDHyyDn4/calendar/google/add?user_id=5j
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/webinar/vJIsceCsrDosEyGDiBVwQ3NykOXGDHyyDn4/ics?user_id=HC9sLW4vtf7wIlDPP-
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://usepa.zoomgov.com/webinar/vJIsceCsrDosEyGDiBVwQ3NykOXGDHyyDn4/ics?user_id=OHKfdQejb_QRDze92M
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.google.com/maps/place/55
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.linkedin.com/company/zoom-video-communications/
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: 9B176708-C1A1-420E-8FB6-17B771E9D493.0.dr	String found in binary or memory: https://www.yammer.com
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/cdn-detect.png
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/all.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/fonts/internacional.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/fonts/suisse.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/meetings/meeting_delete_dialog.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/vue/zoom-components.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/css/webAppsHeader.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/gov/zoomgov_logo.png
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/google.png
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/linkedin.png
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/outlook.png
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/topNav/webApps-sprites.svg
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/twitter.png
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/yahoo.png
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/image/new/zoomblog.png
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/all.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/app/jquery.validate.message.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/app/market_onetrust_cookie.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/app/webAppsHeader.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/advanced/notification/notification.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/advanced/notification/notification.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/advanced/popup-captcha/popup-captcha.min.css
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/advanced/popup-captcha/popup-captcha.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/vue.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/static/6.3.25870/js/lib/vue/zoom-components.min.js
Source: chromecache_250.12.dr	String found in binary or memory: https://www.zoomgov.com/zoom.ico
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://zoom.com.cn/
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://zoom.com/
Source: ~WRS{D7A08F23-8B8A-48EB-8084-D523F6D14B0C}.tmp.0.dr	String found in binary or memory: https://zoom.us
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://zoom.us/
Source: chromecache_276.12.dr	String found in binary or memory: https://zoom.us/phonesystem
Source: chromecache_275.12.dr, Unconfirmed 49520.crdownload.11.dr	String found in binary or memory: https://zoomgov.com/

Source: unknown	Network traffic detected: HTTP traffic on port 61029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61071
Source: unknown	Network traffic detected: HTTP traffic on port 61058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61074
Source: unknown	Network traffic detected: HTTP traffic on port 61064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61082
Source: unknown	Network traffic detected: HTTP traffic on port 61076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61076
Source: unknown	Network traffic detected: HTTP traffic on port 61052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 61035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 61023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 61017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 61057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50764
Source: unknown	Network traffic detected: HTTP traffic on port 61040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 61071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 61012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 61054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61030
Source: unknown	Network traffic detected: HTTP traffic on port 61002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61029
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61021
Source: unknown	Network traffic detected: HTTP traffic on port 61074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61027
Source: unknown	Network traffic detected: HTTP traffic on port 61007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61041
Source: unknown	Network traffic detected: HTTP traffic on port 61063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61037
Source: unknown	Network traffic detected: HTTP traffic on port 61031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61052
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61046
Source: unknown	Network traffic detected: HTTP traffic on port 61053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61048
Source: unknown	Network traffic detected: HTTP traffic on port 61013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61063
Source: unknown	Network traffic detected: HTTP traffic on port 61047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61054
Source: unknown	Network traffic detected: HTTP traffic on port 61075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61059
Source: unknown	Network traffic detected: HTTP traffic on port 50764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61006
Source: unknown	Network traffic detected: HTTP traffic on port 61020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61003
Source: unknown	Network traffic detected: HTTP traffic on port 60997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61005
Source: unknown	Network traffic detected: HTTP traffic on port 61032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61017
Source: unknown	Network traffic detected: HTTP traffic on port 61068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61018
Source: unknown	Network traffic detected: HTTP traffic on port 61043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61019
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61012
Source: unknown	Network traffic detected: HTTP traffic on port 61037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61016
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61033 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:50761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.86.251.7:443 -> 192.168.2.18:60999 version: TLS 1.2

PE file does not import any functions

Source: e378cb4d-e0f8-4b4c-8fae-ee834341c68b.tmp.11.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: e378cb4d-e0f8-4b4c-8fae-ee834341c68b.tmp.11.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean6.winEML@30/148@12/4

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Re_ Lead Exposures in Children's Environmental Health Confirmation.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0169A9C1-1996-4F1D-BC82-CED199C929EE" "AB3C2210-B59F-4F33-92FB-FC9F8993F598" "4012" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://usepa.zoomgov.com/w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_r8adLiTTSBy1TDpo1YLqFg
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1924,i,14254056739638033735,10720520181869793949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1924,i,14254056739638033735,10720520181869793949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0169A9C1-1996-4F1D-BC82-CED199C929EE" "AB3C2210-B59F-4F33-92FB-FC9F8993F598" "4012" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://usepa.zoomgov.com/w/1616942169?tk=39jBSb0_1gqDvmIIwb0pLLOcys05xp_NOV5RuztPMUs.DQcAAAAAYGCUWRZBZnVHNkM5VlRUdVRrMlVJY0dvLWNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&uuid=WN_r8adLiTTSBy1TDpo1YLqFg	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1924,i,14254056739638033735,10720520181869793949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1924,i,14254056739638033735,10720520181869793949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: Google Drive.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 275	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 49520.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\e378cb4d-e0f8-4b4c-8fae-ee834341c68b.tmp	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
160.1.56.156	www.zoomgov.com	United States	8987	AMAZONEXPANSIONGB	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
www.google.com	142.250.186.132	true
www.zoomgov.com	160.1.56.156	true
zoomgov.com	160.1.56.156	true
usepa.zoomgov.com	unknown	unknown

Name	Malicious	Reputation
https://www.zoomgov.com/fe-static/web_client/zmbvidn/js/vendors.webclient.min.js	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-logo-splash-light.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/thumbs-up-default.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/thumbs-up-pressed.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/docs-normal.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/cci_instagram.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/js/vendors.js	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/IconPause.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/js/pwa-webim.js	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/zoom-workplace-dark.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/tooltip-arrow-down.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/upcoming-bg.png	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/thumbs-down-default.svg	false	unknown
https://zoomgov.com/wc/service-worker.js	false	unknown
https://www.zoomgov.com/fe-static/web_client/zmbvidn/fonts/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/tip.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/IconRefresh.svg	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/css/split-chunk-other.css	false	unknown
https://www.zoomgov.com/fe-static/web_client_pwa/1.8.0.2305/images/cci_teamchat.svg	false	unknown

ID:	1531103
Product:	CloudBasic
Start time:	21:20:41
Start date:	10.10.2024
Sample:	Re_ Lead Exposures in Children's Environmental Health Confirmation.eml
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fe87457a48d7d9914a04937cfad7ae8c
SHA1:	48f2054e1a639ddd0a2a2352ddaffdbdc05f37d1
SHA256:	ec2bde3a7531c3c447a1a652b9664c0fc65a2796491a7af5ca7c0f14f9ee3612
Filetype:	E-Mail message (Var. 5) (54515/1) 100.00%

Windows Analysis Report Re_ Lead Exposures in Children's Environmental Health Confirmation.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Re_ Lead Exposures in Children's Environmental Health Confirmation.eml