Create Interactive Tour

Windows Analysis Report
http://ctldl.windowsupdate.com

Overview

General Information

Sample URL:	http://ctldl.windowsupdate.com
Analysis ID:	1297454
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 812 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 5424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1868,i,5604346828580393826,14277228300877163243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 2492 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ctldl.windowsupdate.com MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB; 1P_JAR=2023-08-10-10

Source: classification engine

Classification label: clean0.win@33/155@50/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_812_1995048251

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1868,i,5604346828580393826,14277228300877163243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ctldl.windowsupdate.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1868,i,5604346828580393826,14277228300877163243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_812_1995048251	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\manifest.fingerprint	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ctldl.windowsupdate.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://tc39.es/ecma262/#sec-object.prototype.tostring	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-toobject	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-arrayspeciescreate	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-object.getownpropertydescriptor	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.includes	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-string.prototype.trim	0%	URL Reputation	safe
https://analytics.tiktok.com	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.filter	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-object.defineproperties	0%	URL Reputation	safe
https://www.clarity.ms	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-requireobjectcoercible	0%	URL Reputation	safe
https://axios-http.com	0%	URL Reputation	safe
https://d.impactradius-event.com	0%	URL Reputation	safe
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"	0%	URL Reputation	safe
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.findIndex	0%	URL Reputation	safe
https://pst-issuer.hcaptcha.com	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.map	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.indexof	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-tolength	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype-	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.foreach	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-string.prototype.trimstart	0%	URL Reputation	safe
https://js.foundation/	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-object.defineproperty	0%	URL Reputation	safe
https://polyset.xyz	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-array.prototype.push	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.23212.1/en-US/meCore.min.js	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-hasownproperty	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.23212.1/en-US/meBoot.min.js	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-tointegerorinfinity	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-object.values	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-parseint-string-radix	0%	Avira URL Cloud	safe
https://support.xbox.com	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-getmethod	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-lengthofarraylike	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-string.prototype.includes	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_pj-6v8iQhdg_XFsfh0-ZIw2.js	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec	0%	Avira URL Cloud	safe
https://tc39.es/ecma262/#sec-iscallable	0%	Avira URL Cloud	safe
https://bugzil.la/548397	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	unknown
accounts.google.com	172.217.168.77	true	false	high
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	unknown
part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
www.google.com	172.217.168.68	true	false	high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	unknown
d.impactradius-event.com	35.186.249.72	true	false	unknown
liveperson.map.fastly.net	151.101.1.192	true	false	unknown
clients.l.google.com	142.250.203.110	true	false	high
d1xbuscas8tetl.cloudfront.net	18.173.187.120	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
lpcdn.lpsnmedia.net	unknown	unknown	false	high
accdn.lpsnmedia.net	unknown	unknown	false	high
www.clarity.ms	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high
mem.gfx.ms	unknown	unknown	false	unknown
c.s-microsoft.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
publisher.liveperson.net	unknown	unknown	false	high
support.content.office.net	unknown	unknown	false	high
analytics.tiktok.com	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	high
cdnssl.clicktale.net	unknown	unknown	false	high
lptag.liveperson.net	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mem.gfx.ms/scripts/me/MeControl/10.23212.1/en-US/meCore.min.js	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/scripts/me/MeControl/10.23212.1/en-US/meBoot.min.js	false	Avira URL Cloud: safe	unknown
about:blank	false		low
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false	URL Reputation: safe	unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js	false		high
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_pj-6v8iQhdg_XFsfh0-ZIw2.js	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mozilla/rhino/issues/346	chromecache_398.1.dr	false		high
https://login.microsoftonline.com/uxlogout?appid	chromecache_397.1.dr	false		high
https://outlook.live.com/owa/	chromecache_385.1.dr, chromecache_411.1.dr	false		high
https://tc39.es/ecma262/#sec-object.prototype.tostring	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-toobject	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/?omkt=de-CH	chromecache_411.1.dr	false		high
https://tc39.es/ecma262/#sec-arrayspeciescreate	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-object.values	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/carhartl/jquery-cookie	chromecache_282.1.dr	false		high
https://tc39.es/ecma262/#sec-object.getownpropertydescriptor	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://github.com/zloirock/core-js	chromecache_398.1.dr	false		high
https://www.xbox.com/en-us/games/store/pc-game-pass/cfq7ttc0kgq8?icid=CNavAllPCGamePass	chromecache_385.1.dr	false		high
https://login.microsoftonline.com/savedusers?appid	chromecache_397.1.dr	false		high
https://cart.ppe.store-web.dynamics.com/cart/v1.0/cart/loadCart	chromecache_336.1.dr	false		high
https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.includes	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.push	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-string.prototype.trim	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://bugs.chromium.org/p/v8/issues/detail?id=12681	chromecache_398.1.dr	false		high
https://tc39.es/ecma262/#sec-hasownproperty	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://lptag.liveperson.net	chromecache_411.1.dr	false		high
https://github.com/tc39/proposal-array-filtering	chromecache_398.1.dr	false		high
https://aka.ms/3rdpartycookies	chromecache_322.1.dr	false		high
https://analytics.tiktok.com	chromecache_411.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.filter	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-object.defineproperties	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://www.clarity.ms	chromecache_411.1.dr	false	URL Reputation: safe	unknown
https://support.xbox.com/	chromecache_385.1.dr	false		high
https://tc39.es/ecma262/#sec-tointegerorinfinity	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js	chromecache_411.1.dr	false		high
https://tc39.es/ecma262/#sec-requireobjectcoercible	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://github.com/es-shims/es5-shim/issues/150	chromecache_398.1.dr	false		high
https://github.com/w3c/aria-practices/pull/1757	chromecache_398.1.dr	false		high
https://axios-http.com	chromecache_336.1.dr	false	URL Reputation: safe	unknown
http://schema.org/VideoObject	chromecache_385.1.dr	false		high
https://d.impactradius-event.com	chromecache_411.1.dr	false	URL Reputation: safe	unknown
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"	chromecache_411.1.dr	false	URL Reputation: safe	unknown
https://support.xbox.com	chromecache_385.1.dr	false	Avira URL Cloud: safe	low
https://cart.production.store-web.dynamics.com/cart/v1.0/cart/loadCart	chromecache_336.1.dr	false		high
https://keycode.info/table-of-all-keycodes	chromecache_398.1.dr	false		high
https://tc39.es/ecma262/#sec-getmethod	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/about/de-ch/	chromecache_411.1.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/	chromecache_385.1.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage	chromecache_385.1.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR	chromecache_385.1.dr	false		high
https://www.skype.com/en/	chromecache_385.1.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO	chromecache_385.1.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values	chromecache_398.1.dr	false		high
https://login.microsoftonline.com:443/uxlogout?appid=ee272b19-4411-433f-8f28-5c13cb6fd407	chromecache_385.1.dr	false		high
https://github.com/douglascrockford/JSON-js	chromecache_343.1.dr, chromecache_342.1.dr, chromecache_287.1.dr	false		high
https://login.microsoftonline.com:443/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407	chromecache_385.1.dr	false		high
https://schema.org	chromecache_411.1.dr	false		high
https://github.com/axios/axios/issues	chromecache_336.1.dr	false		high
https://tc39.es/ecma262/#sec-array.prototype.findIndex	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://elad.medium.com/css-position-sticky-how-it-really-works-54cd01dc2d46	chromecache_398.1.dr	false		high
https://mix.office.com/watch/	chromecache_385.1.dr	false		high
https://tc39.es/ecma262/#sec-parseint-string-radix	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-string.prototype.includes	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/	chromecache_385.1.dr	false		high
http://www.opensource.org/licenses/mit-license.php)	chromecache_343.1.dr, chromecache_342.1.dr, chromecache_287.1.dr	false		high
https://github.com/zloirock/core-js/issues/1130	chromecache_398.1.dr	false		high
https://jquery.com/	chromecache_418.1.dr	false		high
https://pst-issuer.hcaptcha.com	keys.json.0.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.map	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.indexof	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-tolength	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype-	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://accdn.lpsnmedia.net	chromecache_411.1.dr	false		high
https://www.linkedin.com/company/1035	chromecache_411.1.dr	false		high
https://mix.office.com/oembed/	chromecache_385.1.dr	false		high
https://s7d2.scene7.com/is/image/microsoftcorp/mwf-placeholder?wid	chromecache_336.1.dr	false		high
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.foreach	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-string.prototype.trimstart	chromecache_398.1.dr	false	URL Reputation: safe	unknown
http://schema.org/Organization	chromecache_385.1.dr, chromecache_411.1.dr	false		high
https://github.com/zloirock/core-js/issues/677	chromecache_398.1.dr	false		high
https://sizzlejs.com/	chromecache_418.1.dr	false		high
https://js.foundation/	chromecache_418.1.dr	false	URL Reputation: safe	unknown
https://github.com/zloirock/core-js/blob/v3.26.0/LICENSE	chromecache_398.1.dr	false		high
https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass	chromecache_385.1.dr	false		high
https://bugzil.la/548397	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://js.monitor.azure.com	chromecache_411.1.dr	false		high
https://tc39.es/ecma262/#sec-lengthofarraylike	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://tc39.es/ecma262/#sec-iscallable	chromecache_398.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/1128	chromecache_398.1.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload	chromecache_385.1.dr	false		high
https://www.skype.com/de/	chromecache_411.1.dr	false		high
https://cart.perf.store-web.dynamics.com/cart/v1.0/cart/loadCart	chromecache_336.1.dr	false		high
https://tc39.es/ecma262/#sec-object.defineproperty	chromecache_398.1.dr	false	URL Reputation: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js	chromecache_385.1.dr	false		high
https://login.windows-ppe.net	chromecache_283.1.dr	false		high
https://polyset.xyz	keys.json.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.60	part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.1.192	liveperson.map.fastly.net	United States	54113	FASTLYUS	false
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
18.173.187.120	d1xbuscas8tetl.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
35.186.249.72	d.impactradius-event.com	United States	15169	GOOGLEUS	false
172.217.168.77	accounts.google.com	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1297454
Start date and time:	2023-08-25 16:05:21 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ctldl.windowsupdate.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@33/155@50/12
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.microsoft.com/ Browse: https://support.microsoft.com/en-us

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 93.184.221.240, 20.109.209.108, 52.254.114.65, 13.91.16.64, 95.100.53.90, 23.36.224.107, 20.189.173.11, 23.35.237.160, 23.36.225.122, 20.190.181.3, 40.126.53.19, 20.190.181.4, 40.126.53.18, 20.190.181.5, 40.126.53.21, 20.190.181.1, 20.190.181.2, 40.126.53.16, 20.190.181.23, 20.190.181.0, 40.126.53.17, 20.190.181.6, 152.199.19.160, 80.67.82.235, 80.67.82.211, 104.103.78.211, 142.250.203.106, 216.58.215.234, 172.217.168.10, 172.217.168.74, 104.109.250.156, 104.109.250.149, 178.249.97.23, 178.249.97.98, 52.167.30.171, 178.249.97.99, 204.79.197.200, 13.107.21.200, 23.10.249.99, 23.10.249.81, 2.21.22.8, 23.10.249.112, 23.10.249.91, 2.20.213.152, 20.42.65.85, 20.190.177.85, 20.190.177.147, 20.190.177.82, 20.190.177.148, 20.190.177.20, 20.190.177.22, 20.190.177.19, 20.190.177.83
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://ctldl.windowsupdate.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=e5d2dcf1ffc84a8ab1b87cb3a3c46ba0&HASH=e5d2&LV=202308&V=4&LU=1691661666051; ak_bmsc=93BB26555ADCB6CE80D922C51C43C13C~000000000000000000000000000000~YAAQHPptaK+2EyiKAQAAp4MELRSvjaatTDRfL3fs3dEi5ELlZ3fhfUzfosSUfDW1eAOyOSPBKb7CMuHMzIk2XtQdwaArd7MHQjIOhomiwPkncVi+H0Fz0c8Fgj15W5F8WTnHauz5o1z+ERVNlekxwTMzZHd71qBGC2b/D5j3qNymzYZwb6duHFhNJZDTebEAyZfM9UX9BcNVdhouxxKT/1P7BJ5PiCvautzioVWV6Onxuqc5WipRIFx8Umkav4BSZjhzD1FbDXGwC/R1s9pg4kXRWixRXUPfmabqB5qyj2iRDpKmXdCxXj4cwI77JkOBV5q1ROLGWF/tn6sims27nAMLP64gJdH3hA3FQBKG8HTSo5RgYoVs3id13I1g0mY=
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23212.1/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_nun_Nob0yT2WjCUfgBCTog2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23212.1/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_MFlyI4bSaXT-d8J13gRcrQ2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_nun_Nob0yT2WjCUfgBCTog2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl__BG5I2QV9W9LPv5UB6EkrA2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=mshomepage&market=de-ch&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_pj-6v8iQhdg_XFsfh0-ZIw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_411.1.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/microsoftschweiz","https://twitter.com/microsoft_ch","https://www.linkedin.com/company/1035","https://www.youtube.com/user/MicrosoftCH","https://www.instagram.com/microsoftch/"] equals www.facebook.com (Facebook)
Source: chromecache_411.1.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/microsoftschweiz","https://twitter.com/microsoft_ch","https://www.linkedin.com/company/1035","https://www.youtube.com/user/MicrosoftCH","https://www.instagram.com/microsoftch/"] equals www.linkedin.com (Linkedin)
Source: chromecache_411.1.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/microsoftschweiz","https://twitter.com/microsoft_ch","https://www.linkedin.com/company/1035","https://www.youtube.com/user/MicrosoftCH","https://www.instagram.com/microsoftch/"] equals www.twitter.com (Twitter)
Source: chromecache_411.1.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/microsoftschweiz","https://twitter.com/microsoft_ch","https://www.linkedin.com/company/1035","https://www.youtube.com/user/MicrosoftCH","https://www.instagram.com/microsoftch/"] equals www.youtube.com (Youtube)
Source: chromecache_411.1.dr	String found in binary or memory: <a class="d-inline-block" href="https://www.facebook.com/microsoftschweiz" target="_blank" aria-label="Microsoft auf Facebook folgen ( equals www.facebook.com (Facebook)
Source: chromecache_411.1.dr	String found in binary or memory: <a class="d-inline-block" href="https://www.linkedin.com/company/1035" target="_blank" aria-label="Microsoft auf LinkedIn folgen ( equals www.linkedin.com (Linkedin)
Source: chromecache_411.1.dr	String found in binary or memory: <a class="d-inline-block" href="https://www.youtube.com/user/MicrosoftCH" target="_blank" aria-label="Microsoft auf YouTube folgen ( equals www.youtube.com (Youtube)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: chromecache_307.1.dr, chromecache_278.1.dr, chromecache_401.1.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_411.1.dr	String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWO4yJ?ver=2ab3"
Source: chromecache_411.1.dr	String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWOalS?ver=cc6e"
Source: chromecache_343.1.dr, chromecache_342.1.dr, chromecache_287.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_385.1.dr, chromecache_411.1.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_385.1.dr	String found in binary or memory: http://schema.org/VideoObject
Source: chromecache_343.1.dr, chromecache_342.1.dr, chromecache_287.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_411.1.dr	String found in binary or memory: https://accdn.lpsnmedia.net
Source: chromecache_385.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.1.min.js
Source: chromecache_322.1.dr	String found in binary or memory: https://aka.ms/3rdpartycookies
Source: chromecache_411.1.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_411.1.dr	String found in binary or memory: https://analytics.tiktok.com
Source: chromecache_336.1.dr	String found in binary or memory: https://axios-http.com
Source: chromecache_398.1.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=12681
Source: chromecache_398.1.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_398.1.dr	String found in binary or memory: https://bugzil.la/548397
Source: chromecache_398.1.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=277178
Source: chromecache_398.1.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=308064
Source: chromecache_336.1.dr	String found in binary or memory: https://cart.perf.store-web.dynamics.com/cart/v1.0/cart/loadCart
Source: chromecache_336.1.dr	String found in binary or memory: https://cart.ppe.store-web.dynamics.com/cart/v1.0/cart/loadCart
Source: chromecache_336.1.dr	String found in binary or memory: https://cart.production.store-web.dynamics.com/cart/v1.0/cart/loadCart
Source: chromecache_336.1.dr	String found in binary or memory: https://cart.staging.store-web.dynamics.com/cart/v1.0/cart/loadCart
Source: chromecache_411.1.dr	String found in binary or memory: https://cdnssl.clicktale.net
Source: chromecache_411.1.dr	String found in binary or memory: https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
Source: chromecache_411.1.dr	String found in binary or memory: https://d.impactradius-event.com
Source: chromecache_398.1.dr	String found in binary or memory: https://dev.azure.com/mscomdev/Moray/_workitems/edit/4494
Source: chromecache_398.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values
Source: chromecache_398.1.dr	String found in binary or memory: https://elad.medium.com/css-position-sticky-how-it-really-works-54cd01dc2d46
Source: chromecache_385.1.dr	String found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/51e203bd-a709-4164-8298-4679bd089499/7681
Source: chromecache_336.1.dr	String found in binary or memory: https://github.com/axios/axios.git
Source: chromecache_336.1.dr	String found in binary or memory: https://github.com/axios/axios/issues
Source: chromecache_282.1.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: chromecache_343.1.dr, chromecache_342.1.dr, chromecache_287.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/es-shims/es5-shim/issues/150
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/tc39/proposal-array-filtering
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/w3c/aria-practices/pull/1757
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.26.0/LICENSE
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.27.2/LICENSE
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1128
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1130
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/475
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/677
Source: chromecache_398.1.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: chromecache_411.1.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: chromecache_385.1.dr, chromecache_411.1.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_385.1.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sOli
Source: chromecache_398.1.dr	String found in binary or memory: https://javascript.info/size-and-scroll-window#width-height-of-the-document
Source: chromecache_418.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_418.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_418.1.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_411.1.dr	String found in binary or memory: https://js.monitor.azure.com
Source: chromecache_385.1.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.2.7.min.js
Source: chromecache_398.1.dr	String found in binary or memory: https://keycode.info/table-of-all-keycodes
Source: chromecache_385.1.dr	String found in binary or memory: https://login.live.com
Source: chromecache_397.1.dr	String found in binary or memory: https://login.live.com/Me.srf?wa
Source: chromecache_385.1.dr, chromecache_411.1.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: chromecache_385.1.dr, chromecache_283.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_397.1.dr	String found in binary or memory: https://login.microsoftonline.com/forgetuser
Source: chromecache_397.1.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?appid
Source: chromecache_397.1.dr	String found in binary or memory: https://login.microsoftonline.com/uxlogout?appid
Source: chromecache_385.1.dr	String found in binary or memory: https://login.microsoftonline.com:443/forgetuser
Source: chromecache_385.1.dr	String found in binary or memory: https://login.microsoftonline.com:443/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407
Source: chromecache_385.1.dr	String found in binary or memory: https://login.microsoftonline.com:443/uxlogout?appid=ee272b19-4411-433f-8f28-5c13cb6fd407
Source: chromecache_283.1.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_411.1.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net
Source: chromecache_411.1.dr	String found in binary or memory: https://lptag.liveperson.net
Source: chromecache_411.1.dr	String found in binary or memory: https://mem.gfx.ms
Source: chromecache_336.1.dr	String found in binary or memory: https://microsoftit.pkgs.visualstudio.com/OneITVSO/_packaging/CSM-SITES-AEMFoundations/npm/registry/
Source: chromecache_385.1.dr	String found in binary or memory: https://mix.office.com/oembed/
Source: chromecache_385.1.dr	String found in binary or memory: https://mix.office.com/watch/
Source: chromecache_385.1.dr	String found in binary or memory: https://office.com/start
Source: chromecache_411.1.dr	String found in binary or memory: https://onedrive.live.com/about/de-ch/
Source: chromecache_385.1.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_385.1.dr, chromecache_411.1.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: keys.json.0.dr	String found in binary or memory: https://polyset.xyz
Source: chromecache_385.1.dr	String found in binary or memory: https://portal.office.com/AdminPortal#/support
Source: keys.json.0.dr	String found in binary or memory: https://pst-issuer.hcaptcha.com
Source: chromecache_411.1.dr	String found in binary or memory: https://publisher.liveperson.net
Source: chromecache_336.1.dr	String found in binary or memory: https://s7d2.scene7.com/is/image/microsoftcorp/mwf-placeholder?wid
Source: chromecache_411.1.dr	String found in binary or memory: https://schema.org
Source: chromecache_385.1.dr	String found in binary or memory: https://schema.org/ItemList
Source: chromecache_418.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_411.1.dr	String found in binary or memory: https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
Source: chromecache_385.1.dr	String found in binary or memory: https://support.xbox.com
Source: chromecache_385.1.dr	String found in binary or memory: https://support.xbox.com/
Source: chromecache_385.1.dr	String found in binary or memory: https://support.xbox.com/help/games-apps/my-games-apps/all-about-pc-gaming
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype-
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.every
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.filter
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.find
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.findIndex
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.foreach
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.map
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.push
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.some
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.splice
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-arrayspeciescreate
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isarray
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isconstructor
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isregexp
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.create
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperties
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.entries
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.keys
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.tostring
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.values
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-parseint-string-radix
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.includes
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trim
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimend
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimstart
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_398.1.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: keys.json.0.dr	String found in binary or memory: https://trusttoken.dev
Source: chromecache_411.1.dr	String found in binary or memory: https://twitter.com/microsoft_ch
Source: chromecache_411.1.dr	String found in binary or memory: https://www.clarity.ms
Source: chromecache_411.1.dr	String found in binary or memory: https://www.instagram.com/microsoftch/
Source: chromecache_411.1.dr	String found in binary or memory: https://www.linkedin.com/company/1035
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
Source: chromecache_385.1.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
Source: chromecache_385.1.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_411.1.dr	String found in binary or memory: https://www.onenote.com/?omkt=de-CH
Source: chromecache_411.1.dr	String found in binary or memory: https://www.skype.com/de/
Source: chromecache_385.1.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_411.1.dr	String found in binary or memory: https://www.xbox.com/
Source: chromecache_385.1.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/pc-game-pass/cfq7ttc0kgq8?icid=CNavAllPCGamePass
Source: chromecache_385.1.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass
Source: chromecache_411.1.dr	String found in binary or memory: https://www.youtube.com/user/MicrosoftCH

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 25, 2023 16:06:18.003525019 CEST	59489	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:18.004060030 CEST	51739	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:18.004872084 CEST	63604	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:18.005635977 CEST	60000	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:18.025013924 CEST	53	63604	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:18.035836935 CEST	53	56452	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:18.038753986 CEST	53	60000	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:18.045619011 CEST	53	59489	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:18.046617985 CEST	53	51739	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:18.421611071 CEST	53	62054	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:21.490371943 CEST	61084	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:21.492172003 CEST	61769	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:21.506875038 CEST	53	61769	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:21.519938946 CEST	53	61084	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:25.444576025 CEST	60880	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.445245028 CEST	65220	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.446831942 CEST	57453	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.447318077 CEST	65154	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.509278059 CEST	61871	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.509846926 CEST	50546	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.713587999 CEST	64097	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:25.714075089 CEST	64730	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:26.592700005 CEST	50442	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:26.593199968 CEST	61166	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:38.843019009 CEST	58723	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:38.843586922 CEST	53073	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:38.883375883 CEST	53	59869	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:40.675888062 CEST	55573	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:40.676235914 CEST	54227	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:40.691036940 CEST	53	54227	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:40.710458994 CEST	53	55573	8.8.8.8	192.168.2.3
Aug 25, 2023 16:06:41.966418028 CEST	64859	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:41.966924906 CEST	55936	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:42.002418995 CEST	56103	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:42.002830029 CEST	56905	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:42.325056076 CEST	62143	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:06:42.325468063 CEST	51105	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.111886978 CEST	64143	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.112452030 CEST	57653	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.124572039 CEST	53	52172	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.133686066 CEST	53	51841	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.145502090 CEST	53	57653	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.160206079 CEST	53	50835	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.165585995 CEST	50362	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.166146040 CEST	56673	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.181279898 CEST	54607	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.182015896 CEST	62591	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.227188110 CEST	53	62591	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.247190952 CEST	51162	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.248197079 CEST	55011	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.362353086 CEST	60002	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.362802029 CEST	58559	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.390212059 CEST	49687	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.390605927 CEST	59850	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.402040005 CEST	65083	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.402472019 CEST	57173	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.410696030 CEST	53	59850	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.418729067 CEST	53	49687	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.422385931 CEST	53	57173	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.440627098 CEST	53	65083	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.448900938 CEST	61124	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.449785948 CEST	54607	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:05.478852987 CEST	53	62556	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.493227005 CEST	53	59180	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.504818916 CEST	53	59918	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.527515888 CEST	53	64808	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.536503077 CEST	53	65228	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:05.558255911 CEST	53	61705	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:17.129174948 CEST	53	49973	8.8.8.8	192.168.2.3
Aug 25, 2023 16:07:35.610553026 CEST	63186	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:35.611227989 CEST	63504	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:35.629328012 CEST	53443	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:35.629684925 CEST	54831	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:36.017293930 CEST	56649	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:36.017865896 CEST	50033	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:54.169747114 CEST	59436	53	192.168.2.3	8.8.8.8
Aug 25, 2023 16:07:54.169918060 CEST	63940	53	192.168.2.3	8.8.8.8

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 25, 2023 16:06:18.038927078 CEST	192.168.2.3	8.8.8.8	d028	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:06:20.130645037 CEST	192.168.2.3	8.8.8.8	d080	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:06:20.857331038 CEST	192.168.2.3	8.8.8.8	d069	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:06:36.988022089 CEST	192.168.2.3	8.8.8.8	d092	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:06:38.884567022 CEST	192.168.2.3	8.8.8.8	d0a6	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:07:05.133785009 CEST	192.168.2.3	8.8.8.8	d049	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:07:17.129251957 CEST	192.168.2.3	8.8.8.8	d031	(Port unreachable)	Destination Unreachable
Aug 25, 2023 16:07:54.468168974 CEST	192.168.2.3	8.8.8.8	d0c1	(Port unreachable)	Destination Unreachable

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:18 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB; 1P_JAR=2023-08-10-10
2023-08-25 14:06:18 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-08-25 14:06:18 UTC	3	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 25 Aug 2023 14:06:18 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-VNY5LZcDnt49yW3TaSIb-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-25 14:06:18 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-08-25 14:06:18 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:18 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-115.0.5790.171 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:18 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-crVcywdHiJBEN-1RIRq3MA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 25 Aug 2023 14:06:18 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6080 X-Daystart: 25578 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-25 14:06:18 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 38 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 35 35 37 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6080" elapsed_seconds="25578"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-08-25 14:06:18 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-08-25 14:06:18 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:40 UTC	863	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_nun_Nob0yT2WjCUfgBCTog2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:40 UTC	897	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 3571932 Cache-Control: public, max-age=31536000 Content-MD5: Mwomsrfm/E5wVC4ntDZsmw== Content-Type: application/x-javascript Date: Fri, 25 Aug 2023 14:06:40 GMT Etag: 0x8DB82C4B39B426F Last-Modified: Wed, 12 Jul 2023 10:42:34 GMT Server: ECAcc (muc/3316) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: afe1e070-a01e-001c-5ae0-b6ad2e000000 x-ms-version: 2009-09-19 Content-Length: 138726 Connection: close
2023-08-25 14:06:40 UTC	897	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2023-08-25 14:06:40 UTC	913	IN	Data Raw: 3d Data Ascii: =
2023-08-25 14:06:40 UTC	913	IN	Data Raw: 41 2e 70 61 72 73 65 28 65 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 73 2e 66 69 6e 64 4f 77 6e 50 72 6f 70 65 72 74 79 28 72 2e 71 75 65 72 79 7c 7c 7b 7d 2c 6e 2c 21 30 29 26 26 28 72 2e 71 75 65 72 79 3d 72 2e 71 75 65 72 79 7c 7c 7b 7d 2c 72 2e 71 75 65 72 79 5b 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 74 29 2c 41 2e 6a 6f 69 6e 28 72 29 7d 2c 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 74 3d 41 2e 70 61 72 73 65 28 65 29 3b 72 65 74 75 72 6e 20 65 26 26 6e 26 26 6e 2e 6c 65 6e 67 74 68 26 26 28 74 2e 71 75 65 72 79 3d 74 2e 71 75 65 72 79 7c 7c 7b 7d 2c 63 2e 66 6f 72 45 61 63 68 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 71 75 65 72 79 5b 65 5b 30 5d 5d 3d 65 5b 31 5d 7d 29 29 29 2c 41 2e 6a 6f 69 6e Data Ascii: A.parse(e);return null===s.findOwnProperty(r.query\|\|{},n,!0)&&(r.query=r.query\|\|{},r.query[n.toLowerCase()]=t),A.join(r)},add:function(e,n){var t=A.parse(e);return e&&n&&n.length&&(t.query=t.query\|\|{},c.forEach(n,(function(e){t.query[e[0]]=e[1]}))),A.join
2023-08-25 14:06:40 UTC	993	IN	Data Raw: 69 6d 65 50 61 73 73 63 6f 64 65 4d 65 73 73 61 67 65 44 65 6c 69 76 65 72 79 46 61 69 6c 65 64 3a 22 35 30 31 38 35 22 2c 49 6e 76 61 6c 69 64 50 61 73 73 77 6f 72 64 3a 22 35 30 31 39 33 22 2c 49 6e 76 61 6c 69 64 4f 6e 65 54 69 6d 65 50 61 73 73 63 6f 64 65 4f 54 50 4e 6f 74 47 69 76 65 6e 3a 22 35 30 31 38 31 31 22 2c 49 6e 76 61 6c 69 64 47 72 61 6e 74 44 65 76 69 63 65 4e 6f 74 46 6f 75 6e 64 3a 22 37 30 30 30 30 33 22 2c 53 73 6f 41 72 74 69 66 61 63 74 45 78 70 69 72 65 64 44 75 65 54 6f 43 6f 6e 64 69 74 69 6f 6e 61 6c 41 63 63 65 73 73 3a 22 37 30 30 34 34 22 2c 53 73 6f 41 72 74 69 66 61 63 74 45 78 70 69 72 65 64 44 75 65 54 6f 43 6f 6e 64 69 74 69 6f 6e 61 6c 41 63 63 65 73 73 52 65 41 75 74 68 3a 22 37 30 30 34 36 22 2c 49 6e 76 61 6c 69 64 Data Ascii: imePasscodeMessageDeliveryFailed:"50185",InvalidPassword:"50193",InvalidOneTimePasscodeOTPNotGiven:"501811",InvalidGrantDeviceNotFound:"700003",SsoArtifactExpiredDueToConditionalAccess:"70044",SsoArtifactExpiredDueToConditionalAccessReAuth:"70046",Invalid
2023-08-25 14:06:40 UTC	1009	IN	Data Raw: 28 74 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 61 74 74 61 63 68 45 76 65 6e 74 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 42 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 73 75 70 70 6f 72 74 20 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 20 6f 72 20 61 74 74 61 63 68 45 76 65 6e 74 22 29 3b 76 61 72 20 69 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 2e 63 61 6c 6c 28 65 2c 6e 29 7d 2c 6f 3d 22 6f 6e 22 2b 6e 3b 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 6f 2c 69 29 2c 53 2e 61 2e 4b 2e 7a 61 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 64 65 74 61 63 68 45 76 65 6e 74 28 6f 2c 69 29 7d 29 29 7d Data Ascii: (t\|\|"function"!=typeof e.addEventListener){if("undefined"==typeof e.attachEvent)throw Error("Browser doesn't support addEventListener or attachEvent");var i=function(n){r.call(e,n)},o="on"+n;e.attachEvent(o,i),S.a.K.za(e,(function(){e.detachEvent(o,i)}))}
2023-08-25 14:06:40 UTC	1025	IN	Data Raw: 74 65 22 29 2c 6f 3d 5b 5d 2e 63 6f 6e 63 61 74 28 65 2e 76 28 29 7c 7c 5b 5d 29 2c 75 3d 6e 75 6c 6c 2c 72 3d 65 2e 73 75 62 73 63 72 69 62 65 28 6e 29 29 7d 69 66 28 65 2e 4f 62 3d 7b 7d 2c 6e 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6e 26 26 53 2e 61 2e 65 78 74 65 6e 64 28 65 2e 4f 62 2c 6e 29 2c 65 2e 4f 62 2e 73 70 61 72 73 65 3d 21 30 2c 21 65 2e 7a 63 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 73 3d 21 31 2c 75 3d 6e 75 6c 6c 2c 63 3d 30 2c 6c 3d 65 2e 51 61 2c 64 3d 65 2e 68 62 3b 65 2e 51 61 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 26 26 6c 2e 63 61 6c 6c 28 65 2c 6e 29 2c 22 61 72 72 61 79 43 68 61 6e 67 65 22 3d 3d 3d 6e 26 26 74 28 29 7d 2c 65 2e 68 62 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 64 26 26 64 2e 63 61 6c 6c 28 65 2c 6e 29 Data Ascii: te"),o=[].concat(e.v()\|\|[]),u=null,r=e.subscribe(n))}if(e.Ob={},n&&"object"==typeof n&&S.a.extend(e.Ob,n),e.Ob.sparse=!0,!e.zc){var r,i,o,s=!1,u=null,c=0,l=e.Qa,d=e.hb;e.Qa=function(n){l&&l.call(e,n),"arrayChange"===n&&t()},e.hb=function(n){d&&d.call(e,n)
2023-08-25 14:06:40 UTC	1088	IN	Data Raw: 74 61 3d 69 29 2c 74 26 26 28 75 5b 74 5d 3d 69 29 2c 72 26 26 72 28 75 2c 6e 2c 69 29 2c 6e 26 26 6e 5b 67 5d 26 26 21 53 2e 53 2e 6f 28 29 2e 56 62 28 6e 5b 67 5d 29 26 26 6e 5b 67 5d 28 29 2c 66 26 26 28 75 5b 6d 5d 3d 66 29 2c 75 2e 24 64 61 74 61 7d 76 61 72 20 73 2c 75 3d 74 68 69 73 2c 63 3d 65 3d 3d 3d 79 2c 6c 3d 63 3f 61 3a 65 2c 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6c 26 26 21 53 2e 4f 28 6c 29 2c 66 3d 69 26 26 69 2e 64 61 74 61 44 65 70 65 6e 64 65 6e 63 79 3b 69 26 26 69 2e 65 78 70 6f 72 74 44 65 70 65 6e 64 65 6e 63 69 65 73 3f 6f 28 29 3a 28 28 73 3d 53 2e 78 62 28 6f 29 29 2e 76 28 29 2c 73 2e 6a 61 28 29 3f 73 2e 65 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 3d 6e 75 6c 6c 3a 75 5b 67 5d 3d 61 29 7d 2c 53 2e Data Ascii: ta=i),t&&(u[t]=i),r&&r(u,n,i),n&&n[g]&&!S.S.o().Vb(n[g])&&n[g](),f&&(u[m]=f),u.$data}var s,u=this,c=e===y,l=c?a:e,d="function"==typeof l&&!S.O(l),f=i&&i.dataDependency;i&&i.exportDependencies?o():((s=S.xb(o)).v(),s.ja()?s.equalityComparer=null:u[g]=a)},S.
2023-08-25 14:06:40 UTC	1104	IN	Data Raw: 28 22 70 72 6f 70 65 72 74 79 63 68 61 6e 67 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6d 7c 7c 22 76 61 6c 75 65 22 21 3d 3d 65 2e 70 72 6f 70 65 72 74 79 4e 61 6d 65 7c 7c 76 28 65 29 7d 29 29 2c 38 3d 3d 72 26 26 28 63 28 22 6b 65 79 75 70 22 2c 64 29 2c 63 28 22 6b 65 79 64 6f 77 6e 22 2c 64 29 29 2c 66 26 26 28 66 28 6f 2c 76 29 2c 63 28 22 64 72 61 67 65 6e 64 22 2c 6c 29 29 2c 28 21 72 7c 7c 39 3c 3d 72 29 26 26 63 28 22 69 6e 70 75 74 22 2c 76 29 2c 35 3e 6e 26 26 22 74 65 78 74 61 72 65 61 22 3d 3d 3d 53 2e 61 2e 52 28 6f 29 3f 28 63 28 22 6b 65 79 64 6f 77 6e 22 2c 6c 29 2c 63 28 22 70 61 73 74 65 22 2c 6c 29 2c 63 28 22 63 75 74 22 2c 6c 29 29 3a 31 31 3e 65 3f 63 28 22 6b 65 79 64 6f 77 6e 22 2c 6c 29 3a 34 3e 74 3f 28 63 28 22 44 4f 4d Data Ascii: ("propertychange",(function(e){m\|\|"value"!==e.propertyName\|\|v(e)})),8==r&&(c("keyup",d),c("keydown",d)),f&&(f(o,v),c("dragend",l)),(!r\|\|9<=r)&&c("input",v),5>n&&"textarea"===S.a.R(o)?(c("keydown",l),c("paste",l),c("cut",l)):11>e?c("keydown",l):4>t?(c("DOM
2023-08-25 14:06:40 UTC	1120	IN	Data Raw: 69 74 3a 66 75 6e Data Ascii: it:fun
2023-08-25 14:06:40 UTC	1120	IN	Data Raw: 63 74 69 6f 6e 28 65 29 7b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6d 65 74 68 6f 64 22 2c 22 50 4f 53 54 22 29 2c 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 68 69 64 64 65 6e 22 2c 22 74 72 75 65 22 29 2c 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 72 67 65 74 22 2c 22 5f 74 6f 70 22 29 7d 2c 75 70 64 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 76 61 72 20 72 3d 65 2e 75 6e 77 72 61 70 28 74 28 29 29 3b 72 26 26 72 2e 75 72 6c 26 26 28 6e 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 63 74 69 6f 6e 22 2c 72 2e 75 72 6c 29 2c 72 2e 74 61 72 67 65 74 26 26 6e 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 72 67 65 74 22 2c 72 2e 74 61 72 67 65 74 29 2c 72 2e 70 6f 73 74 50 61 72 61 6d 73 26 26 65 2e 75 Data Ascii: ction(e){e.setAttribute("method","POST"),e.setAttribute("aria-hidden","true"),e.setAttribute("target","_top")},update:function(n,t){var r=e.unwrap(t());r&&r.url&&(n.setAttribute("action",r.url),r.target&&n.setAttribute("target",r.target),r.postParams&&e.u
2023-08-25 14:06:40 UTC	1136	IN	Data Raw: 72 20 68 20 69 6e 20 73 29 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 68 29 26 26 28 66 2e 68 65 61 64 65 72 73 5b 68 5d 3d 73 5b 68 5d 29 3b 69 66 28 75 29 7b 76 61 72 20 67 3d 70 2e 61 64 64 28 63 2c 75 29 3b 66 2e 74 61 72 67 65 74 55 72 6c 3d 67 7d 7d 69 2e 48 61 6e 64 6c 65 72 2e 63 61 6c 6c 28 6e 2c 66 29 2c 6e 2e 73 65 6e 64 52 65 71 75 65 73 74 28 29 7d 2c 6e 2e 42 65 61 63 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 2c 69 2c 6f 29 7b 76 61 72 20 61 3d 5b 5d 2c 73 3d 62 28 21 30 29 3b 66 2e 66 6f 72 45 61 63 68 28 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 61 2e 70 75 73 68 28 5b 65 2c 6e 5d 29 7d 29 29 3b 76 61 72 20 75 3d 65 2e 75 72 6c 3b 69 66 28 75 3d 70 2e 61 64 64 28 75 2c 61 29 2c 65 2e 75 72 6c 3d 75 2c 6e 61 76 69 Data Ascii: r h in s)s.hasOwnProperty(h)&&(f.headers[h]=s[h]);if(u){var g=p.add(c,u);f.targetUrl=g}}i.Handler.call(n,f),n.sendRequest()},n.Beacon=function(e,t,r,i,o){var a=[],s=b(!0);f.forEach(s,(function(e,n){a.push([e,n])}));var u=e.url;if(u=p.add(u,a),e.url=u,navi

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:42 UTC	1144	OUT	GET /16.000/content/js/MeControl__BG5I2QV9W9LPv5UB6EkrA2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://login.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:42 UTC	1144	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5682156 Cache-Control: public, max-age=31536000 Content-MD5: uWhC4QH9JQC8csIB9DtqNw== Content-Type: application/x-javascript Date: Fri, 25 Aug 2023 14:06:42 GMT Etag: 0x8DB697267CD0EBF Last-Modified: Sat, 10 Jun 2023 05:20:29 GMT Server: ECAcc (muc/3366) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: f15c02c3-f01e-0035-3eaf-a30a5d000000 x-ms-version: 2009-09-19 Content-Length: 17287 Connection: close
2023-08-25 14:06:42 UTC	1145	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 68 78 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 74 72 75 65 3a 61 3d 3d 30 7c 7c 61 3d 3d 66 61 6c 73 65 7c 7c 61 3d 3d 22 22 7d 66 75 6e 63 74 69 6f 6e 20 5f 44 75 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 68 78 28 61 29 3f 61 3a 62 7d 66 75 6e 63 74 69 6f 6e 20 5f 4a 28 61 29 7b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 7d 66 75 6e 63 74 69 6f 6e 20 5f 42 44 28 61 29 7b 72 65 74 75 72 6e 20 22 66 75 6e 63 74 69 6f 6e 22 2e 5f 66 5a 28 74 79 70 65 6f 66 20 61 2c 74 72 75 65 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 46 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 3d 3d 22 73 74 72 69 6e 67 22 7d 66 75 6e 63 74 69 6f 6e 20 5f 42 45 28 61 29 7b 72 65 74 75 72 6e 20 5f 68 78 28 61 29 26 26 5f Data Ascii: function _hx(a){return a?true:a==0\|\|a==false\|\|a==""}function _Du(a,b){return _hx(a)?a:b}function _J(a){return a instanceof Array}function _BD(a){return "function"._fZ(typeof a,true)}function _F(a){return typeof a=="string"}function _BE(a){return _hx(a)&&_
2023-08-25 14:06:42 UTC	1161	IN	Data Raw: 64 69 72 65 63 74 55 72 69 56 61 6c 69 64 3d 53 65 72 76 65 72 44 61 74 61 2e 63 63 3b 69 66 28 64 29 62 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3d 64 7d 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 62 29 7d 2c 5f 64 76 3a 66 75 6e 63 74 69 6f 6e 28 64 2c 63 2c 61 29 7b 76 61 72 20 62 3d 7b 65 72 72 6f 72 3a 64 2c 75 73 65 72 4c 69 73 74 3a 5b 5d 2c 70 6f 73 74 4c 6f 67 6f 75 74 52 65 64 69 72 65 63 74 55 72 69 56 61 6c 69 64 3a 63 7d 3b 69 66 28 61 29 62 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3d 61 3b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 62 29 7d 2c 5f 66 32 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 4d 65 43 6f 6e 74 72 6f 6c 2e 5f 6a 71 28 61 2e 6f 72 69 67 69 6e 29 21 3d 3d 4d 65 43 6f 6e 74 72 6f 6c 2e Data Ascii: directUriValid=ServerData.cc;if(d)b.performance=d}return JSON.stringify(b)},_dv:function(d,c,a){var b={error:d,userList:[],postLogoutRedirectUriValid:c};if(a)b.performance=a;return JSON.stringify(b)},_f2:function(a){if(MeControl._jq(a.origin)!==MeControl.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42133)
Category:	downloaded
Size (bytes):	137850
Entropy (8bit):	5.224875603440054
Encrypted:	false
SSDEEP:	3072:1f4HuF7pxnISP0J9d1EwgXA7nKRZMK/7b/:1f4Hu1IgKcb/
MD5:	1A9B16E1A3CE074D6CAB7B6844D49FAD
SHA1:	98DB09786AB9B960EE250ADABB301383566F4C1C
SHA-256:	D794F9BD321156A2A2BB02102AD0BDC09BDC8DEDF71EC42683FA53C3725FDD72
SHA-512:	71A5CBB0B5C11EC80FE0D3AD751C3E7DD0B1FADF641F8C51A8C617048B6CCD80993018DCA2E4EAC28A2246725C326634EAB165D6F3E9EB531AEDC3F18FA8BA9A
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/5b-6eff60/b0-07f293/1e-9d9d16/52-f0367f/af-abd754/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	631
Entropy (8bit):	6.391875872958697
Encrypted:	false
SSDEEP:	12:6v/7s6UVprYe6IZeuLgou+/CAztgbbvCR00aJzS4VQIjXuYEMwoQIjXuHBOLPMdo:hX7rRkf+/rMcCJzAIjNEMwNIj8Efl9
MD5:	FB2ED9313C602F40B7A2762ACC15FF89
SHA1:	8A390D07A8401D40CBC1A16D873911FA4CB463F5
SHA-256:	B241D02FAB4B17291AF37993EB249F9303EB5897610ABAFAC4C9F6AA6A878369
SHA-512:	9CBCF5C7B8409494F6D543434ECAFF42DE8A2D0632A17931062D7D1CC130D43E61162EEDB0965B545E65E0687DED4D4B51E29631568AF34B157A7D02A3852508
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...{PLTE.P".J$x......P".P".J$x.........K..K..K..D.o..w..w..w.........................................................P"...................$tRNS.DD...CC..DEC..CEDDEC..CED...CC...DD.c,8....bKGD(........pHYs...........~.....tIME....."4...4...QIDAT8...G.. ...Q..s....?......s.f..a`.A... .bA!..,/dYQ.....a.((j^.m?4..Q.?.....2>.........%tEXtdate:create.2020-05-28T22:34:52+02:00.t.....%tEXtdate:modify.2020-05-28T22:34:52+02:00.)<'...WzTXtRaw profile type iptc..x.....qV((.O..I.R..#..c..#.K.... D.4.d.#.T ...........H.J.....t.B5.....IEND.B`.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 64x64, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.568481744010043
Encrypted:	false
SSDEEP:	12:wPsYEN3uPb9dUYa+zyAgD5GlSFmkud1ybKiB8kRYo9ZN5ejT8w:wfEN3uj9lmD5C7kgEbtzZN5ejQw
MD5:	81C3ECDA88BC13DC2C7014CB53A19F7E
SHA1:	B703D399C77DB39B8FB963F5699C2FE90CA8FC4F
SHA-256:	31964343541FF587CCC71F4F1747B2AAAA07941566961B0DFDFCC39AA708310F
SHA-512:	DCB52CA2B33BED8F7C691B82F9E1F3C4F35347A4B5B729AE86E98214637151E9E924D71DBDE5A523B96DA97B096C0A6E902D5AB3F0DDB944344F11EF988E8C95
Malicious:	false
Reputation:	low
Preview:	RIFF....WEBPVP8 .........@.@.>I..D".....d(.....kv..K...........e./.<`i..O.......#.....O.......I..[..Bo..1?5.!..;....g.X..YN.:.=.`.......w.#..)..]...&o....R;.B.39..G........Z.i.....~..2..,..>.s0...c..r...........Wo....?....5.r......sa.1[.;ff.f*.r....RC;{7..."..%.~?Y'l5..%...Bh#@...Z..I.y.7..&~.VzA........y?....9......."v/q`.z#..d.d.J .....U......q([.4...K.q..Y..Q...4..-...rK...........J+E..6..../b..v+.~.t..Hc......4.'..c.....M.....L[.`.j...k..J"..!...~...a...gy.....W....[.=....O...'..Z..9...F...X.....p....

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:42 UTC	1162	OUT	GET /me/mecache?partner=smcconvergence&wreply=https%3A%2F%2Fsupport.microsoft.com HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:42 UTC	1163	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 3392 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, no-transform, max-age=7200 Expires: Fri, 25 Aug 2023 14:55:16 GMT X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors https://support.microsoft.com; X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20230825T140642Z-0nsnfzqhad7k393qb9uhugzhxc00000002ug000000015ck7 X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:42 UTC	1163	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 62 6f 64 79 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0d Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width" /> </head><body> <div id="body" role="main">

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:07:15 UTC	1166	OUT	GET /meversion?partner=mshomepage&market=de-ch&uhf=1 HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:07:15 UTC	1167	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:07:15 GMT Content-Type: application/javascript Content-Length: 29747 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, no-transform, max-age=7200 Expires: Fri, 25 Aug 2023 16:07:15 GMT X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20230825T140715Z-gvh4egp9k52kdd667ytenycgp800000002ug00000000v5em X-Cache: TCP_MISS Accept-Ranges: bytes
2023-08-25 14:07:15 UTC	1168	IN	Data Raw: 77 69 6e 64 6f 77 2e 4d 53 41 3d 77 69 6e 64 6f 77 2e 4d 53 41 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 3d 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 2e 43 6f 6e 66 69 67 3d 7b 22 76 65 72 22 3a 22 31 30 2e 32 33 32 31 32 2e 31 22 2c 22 6d 6b 74 22 3a 22 64 65 2d 44 45 22 2c 22 70 74 6e 22 3a 22 6d 73 68 6f 6d 65 70 61 67 65 22 2c 22 67 66 78 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 22 2c 22 64 62 67 22 3a 66 61 6c 73 65 2c 22 61 61 64 22 3a 74 72 75 65 2c 22 69 6e 74 22 3a 66 61 6c 73 65 2c 22 70 78 79 22 3a 74 72 75 65 2c 22 6d 73 54 78 74 22 3a 66 61 6c 73 65 2c 22 72 77 64 22 3a 74 Data Ascii: window.MSA=window.MSA\|\|{};window.MSA.MeControl=window.MSA.MeControl\|\|{};window.MSA.MeControl.Config={"ver":"10.23212.1","mkt":"de-DE","ptn":"mshomepage","gfx":"https://amcdn.msftauth.net","dbg":false,"aad":true,"int":false,"pxy":true,"msTxt":false,"rwd":t
2023-08-25 14:07:15 UTC	1183	IN	Data Raw: 2d 69 6e 6c 69 6e 65 22 3a 22 6d 65 49 6e 6c 69 6e 65 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 62 6f 6f 74 22 3a 22 6d 65 42 6f 6f 74 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 63 6f 72 65 22 3a 22 6d 65 43 6f 72 65 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 58 65 28 65 29 7b 74 72 79 7b 65 20 69 6e 20 48 65 26 26 28 65 3d 48 65 5b 65 5d 29 2c 7a 65 28 29 3b 76 61 72 20 6e 3d 71 65 28 65 29 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 6e 2e 62 75 6e 64 6c 65 50 72 6f 6d 69 73 65 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 65 28 66 75 6e 63 74 69 6f 6e 28 69 2c 61 29 7b 76 61 72 20 65 3d 67 28 29 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 6d 2e 43 6f 6e 66 69 67 3b 72 65 74 75 Data Ascii: -inline":"meInline","@mecontrol/web-boot":"meBoot","@mecontrol/web-core":"meCore"};function Xe(e){try{e in He&&(e=He[e]),ze();var n=qe(e);if(n)return n.bundlePromise;var t=function(u){return new be(function(i,a){var e=g(),c=function(e){var n=m.Config;retu

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:07:35 UTC	1197	OUT	GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:07:35 UTC	1197	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:07:35 GMT Content-Type: application/javascript Content-Length: 29755 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, no-transform, max-age=7200 Expires: Fri, 25 Aug 2023 15:04:15 GMT X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20230825T140735Z-0nsnfzqhad7k393qb9uhugzhxc00000002v0000000012e93 X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:07:35 UTC	1198	IN	Data Raw: 77 69 6e 64 6f 77 2e 4d 53 41 3d 77 69 6e 64 6f 77 2e 4d 53 41 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 3d 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 2e 43 6f 6e 66 69 67 3d 7b 22 76 65 72 22 3a 22 31 30 2e 32 33 32 31 32 2e 31 22 2c 22 6d 6b 74 22 3a 22 65 6e 2d 55 53 22 2c 22 70 74 6e 22 3a 22 73 6d 63 63 6f 6e 76 65 72 67 65 6e 63 65 22 2c 22 67 66 78 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 22 2c 22 64 62 67 22 3a 66 61 6c 73 65 2c 22 61 61 64 22 3a 74 72 75 65 2c 22 69 6e 74 22 3a 66 61 6c 73 65 2c 22 70 78 79 22 3a 74 72 75 65 2c 22 6d 73 54 78 74 22 3a 66 61 6c 73 65 2c 22 72 77 Data Ascii: window.MSA=window.MSA\|\|{};window.MSA.MeControl=window.MSA.MeControl\|\|{};window.MSA.MeControl.Config={"ver":"10.23212.1","mkt":"en-US","ptn":"smcconvergence","gfx":"https://amcdn.msftauth.net","dbg":false,"aad":true,"int":false,"pxy":true,"msTxt":false,"rw
2023-08-25 14:07:35 UTC	1213	IN	Data Raw: 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 3a 22 6d 65 49 6e 6c 69 6e 65 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 62 6f 6f 74 22 3a 22 6d 65 42 6f 6f 74 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 63 6f 72 65 22 3a 22 6d 65 43 6f 72 65 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 58 65 28 65 29 7b 74 72 79 7b 65 20 69 6e 20 48 65 26 26 28 65 3d 48 65 5b 65 5d 29 2c 7a 65 28 29 3b 76 61 72 20 6e 3d 71 65 28 65 29 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 6e 2e 62 75 6e 64 6c 65 50 72 6f 6d 69 73 65 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 65 28 66 75 6e 63 74 69 6f 6e 28 69 2c 61 29 7b 76 61 72 20 65 3d 67 28 29 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 6d 2e 43 6f 6e 66 Data Ascii: rol/web-inline":"meInline","@mecontrol/web-boot":"meBoot","@mecontrol/web-core":"meCore"};function Xe(e){try{e in He&&(e=He[e]),ze();var n=qe(e);if(n)return n.bundlePromise;var t=function(u){return new be(function(i,a){var e=g(),c=function(e){var n=m.Conf

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:07:37 UTC	1227	OUT	GET /shared/1.0/content/js/FetchSessions_Core_pj-6v8iQhdg_XFsfh0-ZIw2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:07:37 UTC	1228	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 3394214 Cache-Control: public, max-age=31536000 Content-MD5: O7cGtKLycouTtriRmyinig== Content-Type: application/x-javascript Date: Fri, 25 Aug 2023 14:07:37 GMT Etag: 0x8DB82C4B9BB8048 Last-Modified: Wed, 12 Jul 2023 10:42:44 GMT Server: ECAcc (muc/333F) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 163c732e-a01e-001a-477e-b84bef000000 x-ms-version: 2009-09-19 Content-Length: 146233 Connection: close
2023-08-25 14:07:37 UTC	1228	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2023-08-25 14:07:37 UTC	1244	IN	Data Raw: 4f Data Ascii: O
2023-08-25 14:07:37 UTC	1244	IN	Data Raw: 43 45 53 53 5f 41 4c 54 45 4d 41 49 4c 53 41 4d 45 41 53 4d 41 49 4c 42 4f 58 3a 22 38 30 30 34 39 43 32 44 22 2c 50 50 5f 45 5f 45 4d 41 49 4c 5f 52 49 47 48 54 5f 54 4f 4f 5f 4c 4f 4e 47 3a 22 38 30 30 34 31 31 30 43 22 2c 50 50 5f 45 5f 4e 41 4d 45 5f 54 4f 4f 5f 4c 4f 4e 47 3a 22 38 30 30 34 31 31 30 32 22 2c 50 50 5f 45 5f 41 4c 49 41 53 5f 41 55 54 48 5f 4e 4f 54 50 45 52 4d 49 54 54 45 44 3a 22 38 30 30 34 37 38 38 42 22 2c 50 50 5f 45 5f 54 4f 54 50 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 39 43 33 34 22 2c 50 50 5f 45 5f 4f 4c 44 5f 53 4b 59 50 45 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 33 35 35 37 22 2c 50 50 5f 45 5f 4f 54 54 5f 44 41 54 41 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 33 34 38 46 22 2c 50 50 5f 45 5f 4f 54 54 5f 41 4c 52 45 Data Ascii: CESS_ALTEMAILSAMEASMAILBOX:"80049C2D",PP_E_EMAIL_RIGHT_TOO_LONG:"8004110C",PP_E_NAME_TOO_LONG:"80041102",PP_E_ALIAS_AUTH_NOTPERMITTED:"8004788B",PP_E_TOTP_INVALID:"80049C34",PP_E_OLD_SKYPE_PASSWORD:"80043557",PP_E_OTT_DATA_INVALID:"8004348F",PP_E_OTT_ALRE
2023-08-25 14:07:37 UTC	1260	IN	Data Raw: 28 Data Ascii: (
2023-08-25 14:07:37 UTC	1260	IN	Data Raw: 65 2e 73 75 62 73 74 72 69 6e 67 28 6f 2b 31 2c 69 29 2c 22 26 22 2c 22 3d 22 29 2c 72 3d 75 2e 64 6f 75 62 6c 65 53 70 6c 69 74 28 65 2e 73 75 62 73 74 72 69 6e 67 28 69 2b 31 29 2c 22 26 22 2c 22 3d 22 29 29 7d 72 65 74 75 72 6e 7b 6f 72 69 67 69 6e 41 6e 64 50 61 74 68 3a 6e 2c 71 75 65 72 79 3a 74 2c 66 72 61 67 6d 65 6e 74 3a 72 7d 7d 2c 6a 6f 69 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 6f 72 69 67 69 6e 41 6e 64 50 61 74 68 7c 7c 22 22 3b 72 65 74 75 72 6e 20 65 2e 71 75 65 72 79 26 26 28 6e 2b 3d 22 3f 22 2b 73 2e 6a 6f 69 6e 28 65 2e 71 75 65 72 79 2c 22 26 22 2c 22 3d 22 29 29 2c 65 2e 66 72 61 67 6d 65 6e 74 26 26 28 6e 2b 3d 22 23 22 2b 73 2e 6a 6f 69 6e 28 65 2e 66 72 61 67 6d 65 6e 74 2c 22 26 22 2c 22 3d 22 29 29 2c Data Ascii: e.substring(o+1,i),"&","="),r=u.doubleSplit(e.substring(i+1),"&","="))}return{originAndPath:n,query:t,fragment:r}},join:function(e){var n=e.originAndPath\|\|"";return e.query&&(n+="?"+s.join(e.query,"&","=")),e.fragment&&(n+="#"+s.join(e.fragment,"&","=")),
2023-08-25 14:07:37 UTC	1276	IN	Data Raw: 28 69 5b 65 5d 3d 7b 7d 29 2c 69 5b 65 5d 29 3a 61 3d 61 7c 7c 7b 7d 7d 3b 6e 2e 67 65 74 54 72 61 63 69 6e 67 43 6f 6e 74 65 78 74 4f 62 6a 65 63 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 5b 5d 3b 72 65 74 75 72 6e 20 72 2e 4f 62 6a 65 63 74 2e 66 6f 72 45 61 63 68 28 69 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 74 26 26 65 2e 70 75 73 68 28 7b 76 69 65 77 4d 6f 64 65 6c 3a 6e 2c 63 6f 6e 74 65 78 74 3a 74 7d 29 7d 29 29 2c 61 26 26 65 2e 70 75 73 68 28 61 29 2c 65 7d 2c 6e 2e 72 65 67 69 73 74 65 72 54 72 61 63 69 6e 67 4f 62 73 65 72 76 61 62 6c 65 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 72 3d 73 28 65 29 3b 72 2e 74 72 61 63 69 6e 67 4f 62 73 65 72 76 61 62 6c 65 73 3d 72 2e 74 72 61 63 69 6e 67 4f 62 Data Ascii: (i[e]={}),i[e]):a=a\|\|{}};n.getTracingContextObjects=function(){var e=[];return r.Object.forEach(i,(function(n,t){t&&e.push({viewModel:n,context:t})})),a&&e.push(a),e},n.registerTracingObservables=function(e,n,t){var r=s(e);r.tracingObservables=r.tracingOb
2023-08-25 14:07:37 UTC	1292	IN	Data Raw: 69 6e Data Ascii: in
2023-08-25 14:07:37 UTC	1292	IN	Data Raw: 65 64 3a 31 2c 62 6f 6f 6c 65 61 6e 3a 31 2c 6e 75 6d 62 65 72 3a 31 2c 73 74 72 69 6e 67 3a 31 7d 3b 53 2e 62 28 22 65 78 74 65 6e 64 65 72 73 22 2c 53 2e 54 61 29 2c 53 2e 69 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 74 68 69 73 2e 64 61 3d 65 2c 74 68 69 73 2e 6c 63 3d 6e 2c 74 68 69 73 2e 6d 63 3d 74 2c 74 68 69 73 2e 49 62 3d 21 31 2c 74 68 69 73 2e 66 62 3d 74 68 69 73 2e 4a 62 3d 6e 75 6c 6c 2c 53 2e 4c 28 74 68 69 73 2c 22 64 69 73 70 6f 73 65 22 2c 74 68 69 73 2e 73 29 2c 53 2e 4c 28 74 68 69 73 2c 22 64 69 73 70 6f 73 65 57 68 65 6e 4e 6f 64 65 49 73 52 65 6d 6f 76 65 64 22 2c 74 68 69 73 2e 6c 29 7d 2c 53 2e 69 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 49 62 7c 7c 28 74 68 69 73 2e 66 Data Ascii: ed:1,boolean:1,number:1,string:1};S.b("extenders",S.Ta),S.ic=function(e,n,t){this.da=e,this.lc=n,this.mc=t,this.Ib=!1,this.fb=this.Jb=null,S.L(this,"dispose",this.s),S.L(this,"disposeWhenNodeIsRemoved",this.l)},S.ic.prototype.s=function(){this.Ib\|\|(this.f
2023-08-25 14:07:37 UTC	1308	IN	Data Raw: 73 2a 6b 6f 28 3f 3a 5c 73 2b 28 5b 5c 73 5c 53 5d 2b 29 29 3f 5c 73 2a 24 2f 2c 61 3d 6f 3f 2f 5e 5c 78 33 63 21 2d 2d 5c 73 2a 5c 2f 6b 6f 5c 73 2a 2d 2d 5c 78 33 65 24 2f 3a 2f 5e 5c 73 2a 5c 2f 6b 6f 5c 73 2a 24 2f 2c 73 3d 7b 75 6c 3a 21 30 2c 6f 6c 3a 21 30 7d 2c 63 3d 22 5f 5f 6b 6f 5f 6d 61 74 63 68 65 64 45 6e 64 43 6f 6d 6d 65 6e 74 5f 5f 22 3b 53 2e 68 3d 7b 65 61 3a 7b 7d 2c 63 68 69 6c 64 4e 6f 64 65 73 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 28 6e 29 3f 74 28 6e 29 3a 6e 2e 63 68 69 6c 64 4e 6f 64 65 73 7d 2c 45 61 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 65 28 6e 29 29 66 6f 72 28 76 61 72 20 74 3d 30 2c 72 3d 28 6e 3d 53 2e 68 2e 63 68 69 6c 64 4e 6f 64 65 73 28 6e 29 29 2e 6c 65 6e 67 74 68 3b 74 3c 72 3b 74 Data Ascii: sko(?:\s+([\s\S]+))?\s$/,a=o?/^\x3c!--\s\/ko\s--\x3e$/:/^\s\/ko\s$/,s={ul:!0,ol:!0},c="__ko_matchedEndComment__";S.h={ea:{},childNodes:function(n){return e(n)?t(n):n.childNodes},Ea:function(n){if(e(n))for(var t=0,r=(n=S.h.childNodes(n)).length;t<r;t
2023-08-25 14:07:37 UTC	1324	IN	Data Raw: 61 66 74 65 72 41 64 64 2c 62 65 66 6f 72 65 52 65 6d 6f 76 65 3a 74 2e 62 65 66 6f 72 65 52 65 6d 6f 76 65 2c 61 66 74 65 72 52 65 6e 64 65 72 3a 74 2e 61 66 74 65 72 52 65 6e 64 65 72 2c 62 65 66 6f 72 65 4d 6f 76 65 3a 74 2e 62 65 66 6f 72 65 4d 6f 76 65 2c 61 66 74 65 72 4d 6f 76 65 3a 74 2e 61 66 74 65 72 4d 6f 76 65 2c 74 65 6d 70 6c 61 74 65 45 6e 67 69 6e 65 3a 53 2e 62 61 2e 4d 61 7d 29 3a 7b 66 6f 72 65 61 63 68 3a 6e 2c 74 65 6d 70 6c 61 74 65 45 6e 67 69 6e 65 3a 53 2e 62 61 2e 4d 61 7d 7d 7d 2c 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 53 2e 63 2e 74 65 6d 70 6c 61 74 65 2e 69 6e 69 74 28 65 2c 53 2e 63 2e 66 6f 72 65 61 63 68 2e 52 63 28 6e 29 29 7d 2c 75 70 64 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c Data Ascii: afterAdd,beforeRemove:t.beforeRemove,afterRender:t.afterRender,beforeMove:t.beforeMove,afterMove:t.afterMove,templateEngine:S.ba.Ma}):{foreach:n,templateEngine:S.ba.Ma}}},init:function(e,n){return S.c.template.init(e,S.c.foreach.Rc(n))},update:function(e,
2023-08-25 14:07:37 UTC	1340	IN	Data Raw: 6c 65 74 65 64 22 2c 72 29 3a 65 28 74 2c 6e 2c 22 64 65 6c 65 74 65 64 22 2c 22 61 64 64 65 64 22 2c 72 29 7d 7d 28 29 2c 53 2e 62 28 22 75 74 69 6c 73 2e 63 6f 6d 70 61 72 65 41 72 72 61 79 73 22 2c 53 2e 61 2e 50 62 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 6e 2c 74 2c 72 2c 6f 29 7b 76 61 72 20 69 3d 5b 5d 2c 73 3d 53 2e 24 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6e 28 74 2c 6f 2c 53 2e 61 2e 55 61 28 69 2c 65 29 29 7c 7c 5b 5d 3b 30 3c 69 2e 6c 65 6e 67 74 68 26 26 28 53 2e 61 2e 58 63 28 69 2c 61 29 2c 72 26 26 53 2e 75 2e 47 28 72 2c 6e 75 6c 6c 2c 5b 74 2c 61 2c 6f 5d 29 29 2c 69 2e 6c 65 6e 67 74 68 3d 30 2c 53 2e 61 2e 4e 62 28 69 2c 61 29 7d 29 2c 6e 75 6c 6c 2c 7b 6c 3a 65 2c 53 61 3a 66 75 Data Ascii: leted",r):e(t,n,"deleted","added",r)}}(),S.b("utils.compareArrays",S.a.Pb),function(){function e(e,n,t,r,o){var i=[],s=S.$((function(){var a=n(t,o,S.a.Ua(i,e))\|\|[];0<i.length&&(S.a.Xc(i,a),r&&S.u.G(r,null,[t,a,o])),i.length=0,S.a.Nb(i,a)}),null,{l:e,Sa:fu
2023-08-25 14:07:37 UTC	1356	IN	Data Raw: 22 6d 73 61 4d 65 43 61 63 68 65 64 22 3d 3d 3d 6f 2e 6d 65 73 73 61 67 65 54 79 70 65 26 26 28 21 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 65 3d 65 7c 7c 5b 5d 2c 6e 3d 6e 7c 7c 5b 5d 2c 54 3d 72 2e 75 74 69 6c 73 2e 61 72 72 61 79 46 69 6c 74 65 72 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 28 65 2e 69 73 53 69 67 6e 65 64 49 6e 7c 7c 65 2e 69 73 57 69 6e 64 6f 77 73 53 73 6f 29 26 26 21 65 2e 69 73 4d 65 43 6f 6e 74 72 6f 6c 53 65 73 73 69 6f 6e 26 26 65 2e 69 64 7d 29 29 2c 77 3d 54 2e 6c 65 6e 67 74 68 2c 41 3d 72 2e 75 74 69 6c 73 2e 61 72 72 61 79 46 69 6c 74 65 72 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 73 53 69 67 6e 65 64 49 6e 7c 7c 65 2e 69 73 57 69 6e 64 6f 77 73 53 73 6f Data Ascii: "msaMeCached"===o.messageType&&(!function(e,n){if(e=e\|\|[],n=n\|\|[],T=r.utils.arrayFilter(n,(function(e){return(e.isSignedIn\|\|e.isWindowsSso)&&!e.isMeControlSession&&e.id})),w=T.length,A=r.utils.arrayFilter(e,(function(e){return e.isSignedIn\|\|e.isWindowsSso

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:26 UTC	4	OUT	GET /scripts/c/ms.analytics-web-3.2.7.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:26 UTC	5	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 139129 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000, immutable, no-transform Last-Modified: Wed, 05 Oct 2022 16:53:02 GMT ETag: 0x8DAA6F2110CCD22 x-ms-request-id: d8cbe78c-901e-00b7-5483-d63fc1000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.7 Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20230825T140626Z-n5bqezvs8d32m5n8kszxtvystw00000002n000000000dy4f X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:26 UTC	6	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 20 53 44 4b 20 41 6e 61 6c 79 74 69 63 73 20 57 65 62 2c 20 33 2e 32 2e 37 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 75 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 73 3d 22 6f 62 6a 65 63 74 22 2c 6c 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 66 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 6c 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 67 3d 4f Data Ascii: /! 1DS JS SDK Analytics Web, 3.2.7 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */var e=this,t=function(n){"use strict";var u="function",s="object",le="undefined",f="prototype",l="hasOwnProperty",g=O
2023-08-25 14:06:26 UTC	21	IN	Data Raw: 7b 64 65 6c 65 74 65 20 65 5b 74 5d 7d 63 61 74 63 68 28 6e 29 7b 7d 7d 7d 3b 72 65 74 75 72 6e 20 61 7d 76 61 72 20 65 72 3d 22 74 6f 47 4d 54 53 74 72 69 6e 67 22 2c 74 72 3d 22 74 6f 55 54 43 53 74 72 69 6e 67 22 2c 6e 72 3d 22 63 6f 6f 6b 69 65 22 2c 69 72 3d 22 65 78 70 69 72 65 73 22 2c 72 72 3d 22 65 6e 61 62 6c 65 64 22 2c 61 72 3d 22 69 73 43 6f 6f 6b 69 65 55 73 65 44 69 73 61 62 6c 65 64 22 2c 6f 72 3d 22 64 69 73 61 62 6c 65 43 6f 6f 6b 69 65 73 55 73 61 67 65 22 2c 63 72 3d 22 5f 63 6b 4d 67 72 22 2c 75 72 3d 6e 75 6c 6c 2c 73 72 3d 6e 75 6c 6c 2c 6c 72 3d 6e 75 6c 6c 2c 66 72 3d 6f 65 28 29 2c 64 72 3d 7b 7d 2c 70 72 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 67 72 28 65 29 7b 72 65 74 75 72 6e 21 65 7c 7c 65 2e 69 73 45 6e 61 62 6c 65 64 28 29 Data Ascii: {delete e[t]}catch(n){}}};return a}var er="toGMTString",tr="toUTCString",nr="cookie",ir="expires",rr="enabled",ar="isCookieUseDisabled",or="disableCookiesUsage",cr="_ckMgr",ur=null,sr=null,lr=null,fr=oe(),dr={},pr={};function gr(e){return!e\|\|e.isEnabled()
2023-08-25 14:06:26 UTC	37	IN	Data Raw: 3d 6e 2c 6e 3d 5b 5d 2c 74 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 68 28 29 5b 6b 5d 28 65 29 7d 29 29 7d 2c 76 2e 70 6f 6c 6c 49 6e 74 65 72 6e 61 6c 4c 6f 67 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 3d 65 7c 7c 6e 75 6c 6c 3b 65 3d 24 74 28 79 2e 64 69 61 67 6e 6f 73 74 69 63 4c 6f 67 49 6e 74 65 72 76 61 6c 29 3b 72 65 74 75 72 6e 20 65 26 26 30 3c 65 7c 7c 28 65 3d 31 65 34 29 2c 5f 26 26 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 5f 29 2c 5f 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 28 29 7d 2c 65 29 7d 2c 76 5b 76 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 26 26 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 5f 29 2c 5f 3d 30 2c 74 28 29 29 7d 2c 6e 6e 28 76 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 Data Ascii: =n,n=[],te(e,function(e){h()[k](e)}))},v.pollInternalLogs=function(e){w=e\|\|null;e=$t(y.diagnosticLogInterval);return e&&0<e\|\|(e=1e4),_&&clearInterval(_),_=setInterval(function(){t()},e)},v[ve]=function(){_&&(clearInterval(_),_=0,t())},nn(v,function(){retu
2023-08-25 14:06:26 UTC	53	IN	Data Raw: 74 65 6d 70 74 22 2c 6c 63 3d 22 26 4e 6f 52 65 73 70 6f 6e 73 65 42 6f 64 79 3d 74 72 75 65 22 2c 66 63 3d 28 28 6f 3d 7b 7d 29 5b 31 5d 3d 74 2c 6f 5b 31 30 30 5d 3d 74 2c 6f 5b 32 30 30 5d 3d 22 73 65 6e 74 22 2c 6f 5b 38 30 30 34 5d 3d 5f 6f 2c 6f 5b 38 30 30 33 5d 3d 5f 6f 2c 6f 29 2c 64 63 3d 7b 7d 2c 70 63 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 67 63 28 65 2c 74 2c 6e 29 7b 64 63 5b 65 5d 3d 74 2c 21 31 21 3d 3d 6e 26 26 28 70 63 5b 74 5d 3d 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 63 28 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 65 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 7d 63 61 74 63 68 28 74 29 7b 7d 72 65 74 75 72 6e 22 22 7d 66 75 6e 63 74 69 6f 6e 20 68 63 28 65 2c 74 29 7b 76 61 72 20 6e 3d 21 31 3b 69 66 28 65 26 26 74 29 7b 76 61 72 20 69 3d Data Ascii: tempt",lc="&NoResponseBody=true",fc=((o={})[1]=t,o[100]=t,o[200]="sent",o[8004]=_o,o[8003]=_o,o),dc={},pc={};function gc(e,t,n){dc[e]=t,!1!==n&&(pc[t]=e)}function vc(e){try{return e.responseText}catch(t){}return""}function hc(e,t){var n=!1;if(e&&t){var i=
2023-08-25 14:06:26 UTC	69	IN	Data Raw: 61 28 6e 75 6c 6c 2c 78 29 2c 6e 3d 6a 72 28 4c 72 2c 78 29 2c 24 72 28 5b 78 72 5d 2c 6e 75 6c 6c 2c 6e 29 2c 24 72 28 5b 5f 72 5d 2c 6e 75 6c 6c 2c 6e 29 2c 69 28 29 7d 2c 6c 2e 73 65 74 45 76 65 6e 74 51 75 65 75 65 4c 69 6d 69 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 48 3d 30 3c 65 3f 65 3a 31 65 34 2c 44 3d 30 3c 74 3f 74 3a 30 2c 4e 28 29 3b 76 61 72 20 6e 3d 65 3c 46 3b 69 66 28 21 6e 26 26 30 3c 5f 29 66 6f 72 28 76 61 72 20 69 3d 31 3b 21 6e 26 26 69 3c 3d 33 3b 69 2b 2b 29 7b 76 61 72 20 72 3d 58 5b 69 5d 3b 72 26 26 72 2e 62 61 74 63 68 65 73 26 26 74 65 28 72 2e 62 61 74 63 68 65 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 65 2e 63 6f 75 6e 74 28 29 3e 3d 5f 26 26 28 6e 3d 21 30 29 7d 29 7d 76 28 21 30 2c 6e 29 7d 2c 6c 2e 70 Data Ascii: a(null,x),n=jr(Lr,x),$r([xr],null,n),$r([_r],null,n),i()},l.setEventQueueLimits=function(e,t){H=0<e?e:1e4,D=0<t?t:0,N();var n=e<F;if(!n&&0<_)for(var i=1;!n&&i<=3;i++){var r=X[i];r&&r.batches&&te(r.batches,function(e){e&&e.count()>=_&&(n=!0)})}v(!0,n)},l.p
2023-08-25 14:06:26 UTC	85	IN	Data Raw: 74 29 7b 69 5b 65 5d 7c 7c 28 69 5b 65 5d 3d 74 29 7d 29 2c 61 2e 70 72 6f 63 65 73 73 4e 65 78 74 28 65 2c 74 29 7d 2c 61 2e 67 65 74 50 72 6f 70 65 72 74 69 65 73 43 6f 6e 74 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 2c 61 2e 73 65 74 50 72 6f 70 65 72 74 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 63 5b 65 5d 3d 74 7d 2c 61 2e 5f 64 6f 54 65 61 72 64 6f 77 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 65 3d 28 65 7c 7c 7b 7d 29 2e 63 6f 72 65 28 29 3b 65 26 26 65 2e 67 65 74 54 72 61 63 65 43 74 78 26 26 6f 26 26 28 6e 3d 65 2e 67 65 74 54 72 61 63 65 43 74 78 28 21 31 29 29 26 26 6e 3d 3d 3d 6f 2e 67 65 74 54 72 61 63 65 43 74 78 28 29 26 26 65 2e 73 65 74 54 72 61 63 65 43 74 78 28 6e 75 6c 6c 29 Data Ascii: t){i[e]\|\|(i[e]=t)}),a.processNext(e,t)},a.getPropertiesContext=function(){return o},a.setProperty=function(e,t){c[e]=t},a._doTeardown=function(e,t){var n,e=(e\|\|{}).core();e&&e.getTraceCtx&&o&&(n=e.getTraceCtx(!1))&&n===o.getTraceCtx()&&e.setTraceCtx(null)
2023-08-25 14:06:26 UTC	101	IN	Data Raw: 6f 3d 30 3b 28 74 7c 7c 6e 29 26 26 28 74 3d 74 3f 28 69 3d 74 5b 6e 66 5d 2c 72 3d 30 3d 3d 3d 74 2e 73 74 61 72 74 54 69 6d 65 3f 74 5b 67 66 5d 3a 7a 73 28 74 2e 73 74 61 72 74 54 69 6d 65 2c 74 5b 67 66 5d 29 2c 61 3d 7a 73 28 74 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 74 5b 6c 66 5d 29 2c 6f 3d 7a 73 28 74 5b 6c 66 5d 2c 74 5b 70 66 5d 29 2c 7a 73 28 74 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 74 5b 64 66 5d 29 29 3a 28 69 3d 7a 73 28 6e 5b 63 66 5d 2c 6e 5b 64 66 5d 29 2c 72 3d 7a 73 28 6e 5b 63 66 5d 2c 6e 5b 67 66 5d 29 2c 61 3d 7a 73 28 6e 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 6e 5b 6c 66 5d 29 2c 6f 3d 7a 73 28 6e 5b 6c 66 5d 2c 6e 5b 70 66 5d 29 2c 7a 73 28 6e 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 6e 5b 64 66 5d 29 29 2c 30 3d 3d 3d 69 3f Data Ascii: o=0;(t\|\|n)&&(t=t?(i=t[nf],r=0===t.startTime?t[gf]:zs(t.startTime,t[gf]),a=zs(t.requestStart,t[lf]),o=zs(t[lf],t[pf]),zs(t.responseEnd,t[df])):(i=zs(n[cf],n[df]),r=zs(n[cf],n[gf]),a=zs(n.requestStart,n[lf]),o=zs(n[lf],n[pf]),zs(n.responseEnd,n[df])),0===i?
2023-08-25 14:06:26 UTC	117	IN	Data Raw: 69 2e 5f 63 6f 6e 66 69 67 2e 63 6f 72 65 44 61 74 61 2c 22 6d 61 72 6b 65 74 22 29 2c 69 2e 5f 62 65 68 61 76 69 6f 72 4d 65 74 61 54 61 67 3d 4a 66 28 69 2e 6d 65 74 61 54 61 67 73 2c 69 2e 5f 63 6f 6e 66 69 67 2e 63 6f 72 65 44 61 74 61 2c 22 62 65 68 61 76 69 6f 72 22 29 2c 75 65 28 6e 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 6e 2e 70 61 67 65 54 79 70 65 29 2c 75 65 28 69 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 26 26 21 75 65 28 65 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 69 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 2c 75 65 28 69 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 26 26 28 65 2e 6d 61 72 6b 65 74 3d 69 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 Data Ascii: i._config.coreData,"market"),i._behaviorMetaTag=Jf(i.metaTags,i._config.coreData,"behavior"),ue(n.pageType)&&(e.pageType=n.pageType),ue(i._pageTypeMetaTag)&&!ue(e.pageType)&&(e.pageType=i._pageTypeMetaTag),ue(i._marketMetaTag)&&(e.market=i._marketMetaTag)
2023-08-25 14:06:26 UTC	133	IN	Data Raw: 65 2e 5f 69 73 54 72 61 63 6b 65 64 57 69 74 68 44 61 74 61 42 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 62 64 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 22 64 61 74 61 2d 6d 22 3d 3d 3d 74 5b 6e 5d 2e 6e 61 6d 65 7c 7c 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 Data Ascii: e._isTrackedWithDataBi=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if(~t[n].name.indexOf("data-bi-"))return!0;return!1},bd.prototype._isTracked=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if("data-m"===t[n].name\|\|~t[n].name.indexOf("da

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:34 UTC	416	OUT	GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:34 UTC	416	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:34 GMT Content-Type: application/javascript Content-Length: 29755 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, no-transform, max-age=7200 Expires: Fri, 25 Aug 2023 15:04:15 GMT X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20230825T140634Z-6y76xdx52t5zff9dcafv559wkw000000029g00000002k7h9 X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:34 UTC	417	IN	Data Raw: 77 69 6e 64 6f 77 2e 4d 53 41 3d 77 69 6e 64 6f 77 2e 4d 53 41 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 3d 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 2e 43 6f 6e 66 69 67 3d 7b 22 76 65 72 22 3a 22 31 30 2e 32 33 32 31 32 2e 31 22 2c 22 6d 6b 74 22 3a 22 65 6e 2d 55 53 22 2c 22 70 74 6e 22 3a 22 73 6d 63 63 6f 6e 76 65 72 67 65 6e 63 65 22 2c 22 67 66 78 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 22 2c 22 64 62 67 22 3a 66 61 6c 73 65 2c 22 61 61 64 22 3a 74 72 75 65 2c 22 69 6e 74 22 3a 66 61 6c 73 65 2c 22 70 78 79 22 3a 74 72 75 65 2c 22 6d 73 54 78 74 22 3a 66 61 6c 73 65 2c 22 72 77 Data Ascii: window.MSA=window.MSA\|\|{};window.MSA.MeControl=window.MSA.MeControl\|\|{};window.MSA.MeControl.Config={"ver":"10.23212.1","mkt":"en-US","ptn":"smcconvergence","gfx":"https://amcdn.msftauth.net","dbg":false,"aad":true,"int":false,"pxy":true,"msTxt":false,"rw
2023-08-25 14:06:34 UTC	432	IN	Data Raw: 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 3a 22 6d 65 49 6e 6c 69 6e 65 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 62 6f 6f 74 22 3a 22 6d 65 42 6f 6f 74 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 63 6f 72 65 22 3a 22 6d 65 43 6f 72 65 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 58 65 28 65 29 7b 74 72 79 7b 65 20 69 6e 20 48 65 26 26 28 65 3d 48 65 5b 65 5d 29 2c 7a 65 28 29 3b 76 61 72 20 6e 3d 71 65 28 65 29 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 6e 2e 62 75 6e 64 6c 65 50 72 6f 6d 69 73 65 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 62 65 28 66 75 6e 63 74 69 6f 6e 28 69 2c 61 29 7b 76 61 72 20 65 3d 67 28 29 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 6d 2e 43 6f 6e 66 Data Ascii: rol/web-inline":"meInline","@mecontrol/web-boot":"meBoot","@mecontrol/web-core":"meCore"};function Xe(e){try{e in He&&(e=He[e]),ze();var n=qe(e);if(n)return n.bundlePromise;var t=function(u){return new be(function(i,a){var e=g(),c=function(e){var n=m.Conf

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:38 UTC	446	OUT	GET /scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://support.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:38 UTC	447	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:38 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 90648 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000, immutable, no-transform Last-Modified: Wed, 05 Oct 2022 16:53:03 GMT ETag: 0x8DAA6F2118B127C x-ms-request-id: d0e1b2ba-701e-002d-80c5-d6d6a3000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.7 Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20230825T140638Z-7xh77bskn570175r47tr3xekw800000000cg00000000u8mh X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:38 UTC	447	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 20 53 44 4b 20 53 68 61 72 65 64 20 41 6e 61 6c 79 74 69 63 73 2c 20 33 2e 32 2e 37 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 66 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 6d 3d 22 6f 62 6a 65 63 74 22 2c 63 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 61 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 43 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 49 3d 4f 62 6a 65 63 74 2c 53 3d 49 Data Ascii: /! 1DS JS SDK Shared Analytics, 3.2.7 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e){"use strict";var f="function",m="object",ce="undefined",a="prototype",C="hasOwnProperty",I=Object,S=I
2023-08-25 14:06:38 UTC	463	IN	Data Raw: 29 26 26 61 26 26 72 65 28 61 2e 62 6c 6f 63 6b 65 64 43 6f 6f 6b 69 65 73 29 26 26 2d 31 21 3d 3d 61 2e 62 6c 6f 63 6b 65 64 43 6f 6f 6b 69 65 73 5b 74 6e 5d 28 75 29 7c 7c 6f 69 28 61 2c 75 29 29 7c 7c 28 61 3d 7b 7d 2c 2d 31 21 3d 3d 28 6f 3d 28 75 3d 5a 28 6e 7c 7c 76 29 29 5b 74 6e 5d 28 22 3b 22 29 29 26 26 28 75 3d 5a 28 6e 5b 72 6e 5d 28 30 2c 6f 29 29 2c 61 3d 63 69 28 6e 5b 72 6e 5d 28 6f 2b 31 29 29 29 2c 53 74 28 61 2c 22 64 6f 6d 61 69 6e 22 2c 72 7c 7c 66 2c 77 74 2c 47 29 2c 4a 28 74 29 7c 7c 28 6f 3d 69 72 28 29 2c 47 28 61 5b 58 72 5d 29 26 26 30 3c 28 6e 3d 43 74 28 29 2b 31 65 33 2a 74 29 26 26 28 28 72 3d 6e 65 77 20 44 61 74 65 29 2e 73 65 74 54 69 6d 65 28 6e 29 2c 53 74 28 61 2c 58 72 2c 6c 69 28 72 2c 6f 3f 48 72 3a 57 72 29 7c 7c Data Ascii: )&&a&&re(a.blockedCookies)&&-1!==a.blockedCookies[tn](u)\|\|oi(a,u))\|\|(a={},-1!==(o=(u=Z(n\|\|v))[tn](";"))&&(u=Z(n[rn](0,o)),a=ci(n[rn](o+1))),St(a,"domain",r\|\|f,wt,G),J(t)\|\|(o=ir(),G(a[Xr])&&0<(n=Ct()+1e3*t)&&((r=new Date).setTime(n),St(a,Xr,li(r,o?Hr:Wr)\|\|
2023-08-25 14:06:38 UTC	479	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 45 65 5d 7d 2c 73 65 74 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 5b 45 65 5d 3d 65 7d 2c 67 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 53 6e 5d 7d 2c 73 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 58 69 28 65 29 26 26 28 6e 5b 53 6e 5d 3d 65 29 7d 2c 67 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 73 70 61 6e 49 64 7d 2c 73 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 51 69 28 65 29 26 26 28 6e 2e 73 70 61 6e 49 64 3d 65 29 7d 2c 67 65 74 54 72 61 63 65 46 6c 61 67 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 78 6e 5d 7d 2c 73 65 74 Data Ascii: :function(){return n[Ee]},setName:function(e){n[Ee]=e},getTraceId:function(){return n[Sn]},setTraceId:function(e){Xi(e)&&(n[Sn]=e)},getSpanId:function(){return n.spanId},setSpanId:function(e){Qi(e)&&(n.spanId=e)},getTraceFlags:function(){return n[xn]},set
2023-08-25 14:06:38 UTC	495	IN	Data Raw: 72 6d 29 29 7d 2c 71 61 3d 22 4d 69 63 72 6f 73 6f 66 74 41 70 70 6c 69 63 61 74 69 6f 6e 73 54 65 6c 65 6d 65 74 72 79 44 65 76 69 63 65 49 64 22 2c 56 61 3d 28 48 61 2e 5f 5f 69 65 44 79 6e 3d 31 2c 48 61 29 3b 66 75 6e 63 74 69 6f 6e 20 48 61 28 75 2c 73 29 7b 76 61 72 20 63 3d 30 3b 65 65 28 48 61 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 2c 72 2c 69 2c 6f 3d 75 2e 70 72 6f 70 65 72 74 79 53 74 6f 72 61 67 65 4f 76 65 72 72 69 64 65 2c 61 3d 28 65 2e 73 65 71 3d 63 2c 65 2e 65 70 6f 63 68 3d 4e 72 28 21 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 2c 61 69 28 73 2c 75 29 29 3b 61 2e 69 73 45 6e 61 62 6c 65 64 28 29 7c 7c 6f 3f 28 72 3d 61 2c 69 3d 71 61 2c 72 3d 28 6f 3f 6f 2e 67 65 74 50 72 6f 70 65 72 74 79 28 69 29 7c 7c Data Ascii: rm))},qa="MicrosoftApplicationsTelemetryDeviceId",Va=(Ha.__ieDyn=1,Ha);function Ha(u,s){var c=0;ee(Ha,this,function(e){var n,t,r,i,o=u.propertyStorageOverride,a=(e.seq=c,e.epoch=Nr(!1).toString(),ai(s,u));a.isEnabled()\|\|o?(r=a,i=qa,r=(o?o.getProperty(i)\|\|
2023-08-25 14:06:38 UTC	511	IN	Data Raw: 6f 62 28 66 29 3b 69 66 28 64 26 26 64 2e 6c 65 6e 67 74 68 3c 3d 73 29 7b 76 61 72 20 76 3d 64 2e 6c 65 6e 67 74 68 3b 69 66 28 75 3c 6e 2e 6c 65 6e 67 74 68 2b 76 29 7b 67 2e 6f 76 65 72 66 6c 6f 77 3d 70 2e 73 70 6c 69 74 28 63 29 3b 62 72 65 61 6b 7d 6e 26 26 28 6e 2b 3d 22 5c 6e 22 29 2c 6e 2b 3d 64 2c 32 30 3c 2b 2b 6c 26 26 28 6e 2e 73 75 62 73 74 72 28 30 2c 31 29 2c 6c 3d 30 29 2c 72 3d 21 30 2c 74 2b 2b 7d 65 6c 73 65 28 64 3f 69 3a 6f 29 2e 70 75 73 68 28 66 29 2c 65 2e 73 70 6c 69 63 65 28 63 2c 31 29 2c 63 2d 2d 7d 63 2b 2b 7d 69 26 26 30 3c 69 2e 6c 65 6e 67 74 68 26 26 67 2e 73 69 7a 65 45 78 63 65 65 64 2e 70 75 73 68 28 72 73 2e 63 72 65 61 74 65 28 70 2e 69 4b 65 79 28 29 2c 69 29 29 2c 6f 26 26 30 3c 6f 2e 6c 65 6e 67 74 68 26 26 67 2e Data Ascii: ob(f);if(d&&d.length<=s){var v=d.length;if(u<n.length+v){g.overflow=p.split(c);break}n&&(n+="\n"),n+=d,20<++l&&(n.substr(0,1),l=0),r=!0,t++}else(d?i:o).push(f),e.splice(c,1),c--}c++}i&&0<i.length&&g.sizeExceed.push(rs.create(p.iKey(),i)),o&&0<o.length&&g.
2023-08-25 14:06:38 UTC	527	IN	Data Raw: 67 5b 70 2e 69 64 65 6e 74 69 66 69 65 72 5d 7c 7c 7b 7d 2c 54 3d 72 2e 67 65 74 45 78 74 43 66 67 28 70 2e 69 64 65 6e 74 69 66 69 65 72 29 2c 41 3d 52 73 28 54 2e 73 65 74 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 2c 54 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 29 2c 4a 3d 21 54 2e 64 69 73 61 62 6c 65 4f 70 74 69 6d 69 7a 65 4f 62 6a 26 26 21 21 61 65 28 22 63 68 72 6f 6d 65 22 29 2c 6e 3d 65 2e 67 65 74 57 50 61 72 61 6d 2c 65 2e 67 65 74 57 50 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 30 3b 72 65 74 75 72 6e 20 54 2e 69 67 6e 6f 72 65 4d 63 31 4d 73 30 43 6f 6f 6b 69 65 50 72 6f 63 65 73 73 69 6e 67 26 26 28 65 7c 3d 32 29 2c 65 7c 6e 28 29 7d 2c 30 3c 54 2e 65 76 65 6e 74 73 4c 69 6d 69 74 49 6e 4d 65 Data Ascii: g[p.identifier]\|\|{},T=r.getExtCfg(p.identifier),A=Rs(T.setTimeoutOverride,T.clearTimeoutOverride),J=!T.disableOptimizeObj&&!!ae("chrome"),n=e.getWParam,e.getWParam=function(){var e=0;return T.ignoreMc1Ms0CookieProcessing&&(e\|=2),e\|n()},0<T.eventsLimitInMe

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:38 UTC	479	OUT	GET /scripts/me/MeControl/10.23212.1/en-US/meBoot.min.js HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://support.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:38 UTC	537	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:38 GMT Content-Type: application/javascript Content-Length: 181223 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Fri, 04 Aug 2023 17:23:30 GMT ETag: "1d9c7330f6b2ee7" X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * X-UA-Compatible: IE=edge Strict-Transport-Security: max-age=31536000; includeSubDomains x-azure-ref: 20230825T140638Z-f230v5eghp2v9f87ncwa344hxg00000002kg00000000hw8r X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:38 UTC	537	IN	Data Raw: 4d 65 43 6f 6e 74 72 6f 6c 44 65 66 69 6e 65 28 22 6d 65 42 6f 6f 74 22 2c 5b 22 65 78 70 6f 72 74 73 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 53 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 69 3d 7b 7d 2c 75 3d 5b 5d 2c 70 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 4f 28 74 2c 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 2c 69 2c 61 3d 70 3b 66 6f 72 28 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 32 3c 69 2d 2d 3b 29 75 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 5b 69 5d 29 3b 66 6f 72 28 65 26 26 6e 75 6c 6c 21 3d 65 2e 63 68 69 6c 64 72 65 6e 26 26 28 75 2e 6c 65 6e 67 74 68 7c 7c 75 2e 70 75 73 68 28 65 2e 63 68 69 6c 64 Data Ascii: MeControlDefine("meBoot",["exports","@mecontrol/web-inline"],function(t,S){"use strict";var c=function(){},i={},u=[],p=[];function O(t,e){var r,n,o,i,a=p;for(i=arguments.length;2<i--;)u.push(arguments[i]);for(e&&null!=e.children&&(u.length\|\|u.push(e.child
2023-08-25 14:06:38 UTC	553	IN	Data Raw: 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 7d 3a 31 3d 3d 3d 65 2e 6c 65 6e 67 74 68 3f 65 5b 30 5d 3a 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 65 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 61 72 67 75 6d 65 6e 74 73 29 29 7d 7d 29 7d 76 61 72 20 74 74 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 3b 66 75 6e 63 74 69 6f 6e 20 65 74 28 74 29 7b 76 61 72 20 65 2c 72 2c 6e 2c 6f 3d 22 22 2c 69 3d 74 79 70 65 6f 66 20 74 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 69 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 69 29 72 65 74 75 72 6e 20 74 7c 7c 22 22 3b 69 66 28 74 74 28 74 29 26 26 30 3c 74 2e 6c 65 6e 67 74 68 29 66 6f 72 28 65 3d 30 2c 72 3d Data Ascii: ?function(t){return t}:1===e.length?e[0]:e.reduce(function(t,e){return function(){return t(e.apply(void 0,arguments))}})}var tt=Array.isArray;function et(t){var e,r,n,o="",i=typeof t;if("string"==i\|\|"number"==i)return t\|\|"";if(tt(t)&&0<t.length)for(e=0,r=
2023-08-25 14:06:38 UTC	569	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 4f 65 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 31 3b 72 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 65 5b 72 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 72 5d 3b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 6f 3d 65 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 6f 5b 6e 5d 3b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 69 29 69 66 28 53 2e 68 61 73 4f 77 6e 28 69 2c 61 29 29 7b 76 61 72 20 73 3d 69 5b 61 5d 3b 6e 75 6c 6c 3d 3d 73 7c 7c 53 65 28 73 29 7c 7c 28 74 5b 61 5d 3d 73 29 7d 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 62 65 28 74 2c 65 2c 72 29 7b 76 61 72 20 6e 3d 53 2e 67 65 74 4f 70 74 69 6f 6e 73 28 29 3b 69 66 28 6e 29 7b 76 61 72 20 6f 3d 6e 65 77 20 53 2e 53 Data Ascii: unction Oe(t){for(var e=[],r=1;r<arguments.length;r++)e[r-1]=arguments[r];for(var n=0,o=e;n<o.length;n++){var i=o[n];for(var a in i)if(S.hasOwn(i,a)){var s=i[a];null==s\|\|Se(s)\|\|(t[a]=s)}}return t}function be(t,e,r){var n=S.getOptions();if(n){var o=new S.S
2023-08-25 14:06:38 UTC	585	IN	Data Raw: 61 74 65 64 3b 72 65 74 75 72 6e 20 4f 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 65 74 28 5b 72 2c 28 74 3d 7b 7d 2c 74 2e 6d 65 63 74 72 6c 5f 66 6f 63 75 73 5f 76 69 73 69 62 6c 65 3d 6f 2c 74 29 5d 29 7d 2c 6e 29 7d 2c 66 72 29 3b 66 75 6e 63 74 69 6f 6e 20 66 72 28 74 29 7b 76 61 72 20 65 3d 75 72 2e 63 61 6c 6c 28 74 68 69 73 2c 74 29 7c 7c 74 68 69 73 3b 72 65 74 75 72 6e 20 65 2e 73 74 61 74 65 3d 7b 61 63 74 69 76 61 74 65 64 3a 21 21 74 2e 76 69 73 69 62 6c 65 4f 6e 53 74 61 72 74 7d 2c 65 2e 68 61 73 52 65 63 65 6e 74 4b 65 79 62 6f 61 72 64 41 63 74 69 6f 6e 3d 21 31 2c 65 2e 6b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 3d 65 2e 6b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 2e 62 69 6e 64 28 65 29 2c 65 2e 63 6c 69 63 6b 48 61 6e 64 6c 65 72 3d 65 2e Data Ascii: ated;return O("div",{class:et([r,(t={},t.mectrl_focus_visible=o,t)])},n)},fr);function fr(t){var e=ur.call(this,t)\|\|this;return e.state={activated:!!t.visibleOnStart},e.hasRecentKeyboardAction=!1,e.keydownHandler=e.keydownHandler.bind(e),e.clickHandler=e.
2023-08-25 14:06:38 UTC	601	IN	Data Raw: 65 74 46 72 6f 6d 49 64 70 22 3a 72 65 74 75 72 6e 20 78 74 28 6e 75 6c 6c 3d 3d 3d 28 72 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 6d 73 61 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 73 69 67 6e 4f 75 74 41 6e 64 46 6f 72 67 65 74 55 72 6c 29 3b 63 61 73 65 22 73 77 69 74 63 68 22 3a 72 65 74 75 72 6e 20 78 74 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 53 77 69 74 63 68 55 72 6c 29 3b 63 61 73 65 22 73 77 69 74 63 68 54 6f 22 3a 72 65 74 75 72 6e 20 78 74 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 53 77 69 74 63 68 54 6f 55 72 6c 29 3b 63 61 73 65 22 67 65 74 52 65 6d 65 6d 62 65 72 65 64 41 63 63 6f 75 6e 74 73 22 3a 72 65 74 75 72 6e 20 53 2e 4d 45 2e 43 6f 6e 66 69 67 2e 72 65 6d 41 63 63 26 26 4b 72 28 74 68 69 73 2c Data Ascii: etFromIdp":return xt(null===(r=this.config.msa)\|\|void 0===r?void 0:r.signOutAndForgetUrl);case"switch":return xt(this.config.appSwitchUrl);case"switchTo":return xt(this.config.appSwitchToUrl);case"getRememberedAccounts":return S.ME.Config.remAcc&&Kr(this,
2023-08-25 14:06:38 UTC	617	IN	Data Raw: 69 6e 2e 6c 69 76 65 2e 63 6f 6d 22 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 79 6e 28 74 29 7d 76 61 72 20 79 6e 3d 28 76 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 73 75 70 70 6f 72 74 73 4d 73 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 6d 73 61 6c 4a 73 57 69 74 68 4d 73 61 22 3d 3d 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 79 70 65 7d 2c 76 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 69 73 4f 70 65 72 61 74 69 6f 6e 53 75 70 70 6f 72 74 65 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 73 69 67 6e 4f 75 74 46 72 6f 6d 49 64 70 22 3a 72 65 74 75 72 6e 20 78 74 28 6e 75 6c 6c 3d 3d 3d 28 72 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 61 Data Ascii: in.live.com")}function mn(t){return new yn(t)}var yn=(vn.prototype.supportsMsa=function(){return"msalJsWithMsa"===this.config.type},vn.prototype.isOperationSupported=function(t,e){var r,n,o;switch(t){case"signOutFromIdp":return xt(null===(r=this.config.aa
2023-08-25 14:06:38 UTC	633	IN	Data Raw: 64 5b 66 5d 2e 61 63 63 6f 75 6e 74 49 64 29 3f 6f 3a 64 5b 66 5d 2e 70 61 79 6c 6f 61 64 2e 6b 65 79 5d 29 7b 76 61 72 20 68 3d 64 5b 66 5d 2e 70 61 79 6c 6f 61 64 3b 79 2e 70 69 63 74 75 72 65 55 72 6c 3d 6e 75 6c 6c 21 3d 28 69 3d 79 2e 70 69 63 74 75 72 65 55 72 6c 29 3f 69 3a 68 2e 72 65 73 6f 75 72 63 65 2c 79 2e 63 61 63 68 65 4d 65 74 61 3f 79 2e 63 61 63 68 65 4d 65 74 61 2e 70 69 63 74 75 72 65 55 72 6c 3d 68 2e 72 65 73 6f 75 72 63 65 45 54 61 67 3a 79 2e 63 61 63 68 65 4d 65 74 61 3d 28 28 72 3d 7b 7d 29 2e 70 69 63 74 75 72 65 55 72 6c 3d 68 2e 72 65 73 6f 75 72 63 65 45 54 61 67 2c 72 29 7d 7d 72 65 74 75 72 6e 20 48 28 7b 7d 2c 6c 29 3b 63 61 73 65 22 47 45 54 5f 43 41 43 48 45 44 5f 53 48 4f 57 5f 41 55 54 48 5f 41 50 50 22 3a 76 61 72 20 Data Ascii: d[f].accountId)?o:d[f].payload.key]){var h=d[f].payload;y.pictureUrl=null!=(i=y.pictureUrl)?i:h.resource,y.cacheMeta?y.cacheMeta.pictureUrl=h.resourceETag:y.cacheMeta=((r={}).pictureUrl=h.resourceETag,r)}}return H({},l);case"GET_CACHED_SHOW_AUTH_APP":var
2023-08-25 14:06:38 UTC	649	IN	Data Raw: 73 65 74 5c 78 33 61 2d 32 70 78 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 67 6c 79 70 68 5c 78 37 62 6f 76 65 72 66 6c 6f 77 5c 78 33 61 68 69 64 64 65 6e 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 5c 78 33 61 63 6f 76 65 72 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 5c 78 33 61 63 65 6e 74 65 72 20 63 65 6e 74 65 72 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 5c 78 33 61 6e 6f 2d 72 65 70 65 61 74 5c 78 37 64 2e 67 6c 79 70 68 5f 6d 6f 72 65 5c 78 37 62 77 69 64 74 68 5c 78 33 61 32 34 70 78 5c 78 33 62 68 65 69 67 68 74 5c 78 33 61 32 34 70 78 5c 78 37 64 2e 67 6c 79 70 68 5f 74 65 78 74 5c 78 37 62 63 6c 69 70 5c 78 33 61 72 65 63 74 5c 78 32 38 31 70 78 2c 31 Data Ascii: set\x3a-2px\x21important\x7d.mectrl_glyph\x7boverflow\x3ahidden\x3bbackground-size\x3acover\x3bbackground-position\x3acenter center\x3bbackground-repeat\x3ano-repeat\x7d.glyph_more\x7bwidth\x3a24px\x3bheight\x3a24px\x7d.glyph_text\x7bclip\x3arect\x281px,1
2023-08-25 14:06:38 UTC	665	IN	Data Raw: 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 67 20 74 72 61 6e 73 66 6f 72 6d 5c 78 33 64 5c 78 32 37 6d 61 74 72 69 78 5c 78 32 38 2e 39 20 30 20 30 20 2e 39 20 31 30 2e 34 33 31 20 31 30 2e 34 33 31 5c 78 32 39 5c 78 32 37 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 5c 78 33 64 5c 78 32 37 32 5c 78 32 37 5c 78 32 35 33 45 5c 78 32 35 33 43 63 69 72 63 6c 65 20 63 78 5c 78 33 64 5c 78 32 37 32 34 2e 32 35 5c 78 32 37 20 63 79 5c 78 33 64 5c 78 32 37 31 38 5c 78 32 37 20 72 5c 78 33 64 5c 78 32 37 39 5c 78 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 70 61 74 68 20 64 5c 78 33 64 5c 78 32 37 4d 31 31 2e 32 20 34 30 61 31 20 31 20 30 20 31 31 32 36 2e 31 20 30 5c 78 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 5c 78 32 66 67 5c 78 32 Data Ascii: 27\x2f\x253E\x253Cg transform\x3d\x27matrix\x28.9 0 0 .9 10.431 10.431\x29\x27 stroke-width\x3d\x272\x27\x253E\x253Ccircle cx\x3d\x2724.25\x27 cy\x3d\x2718\x27 r\x3d\x279\x27\x2f\x253E\x253Cpath d\x3d\x27M11.2 40a1 1 0 1126.1 0\x27\x2f\x253E\x253C\x2fg\x2
2023-08-25 14:06:38 UTC	681	IN	Data Raw: 33 2e 38 38 37 20 35 2e 31 20 35 2e 31 20 30 20 30 31 33 2e 38 35 2d 31 2e 34 33 34 20 34 2e 37 34 31 20 34 2e 37 34 31 20 30 20 30 31 33 2e 36 32 33 20 31 2e 33 38 31 20 35 2e 32 30 38 20 35 2e 32 30 38 20 30 20 30 31 31 2e 33 20 33 2e 37 32 39 20 35 2e 32 35 39 20 35 2e 32 35 39 20 30 20 30 31 2d 31 2e 33 38 35 20 33 2e 38 33 20 35 2e 30 32 20 35 2e 30 32 20 30 20 30 31 2d 33 2e 37 37 33 20 31 2e 34 32 34 20 34 2e 39 33 31 20 34 2e 39 33 31 20 30 20 30 31 2d 33 2e 36 35 32 2d 31 2e 33 35 32 20 34 2e 39 38 34 20 34 2e 39 38 34 20 30 20 30 31 2d 31 2e 33 34 39 2d 33 2e 36 38 38 6d 32 2e 34 32 36 2d 2e 30 37 36 61 33 2e 35 33 20 33 2e 35 33 20 30 20 30 30 2e 37 20 32 2e 33 36 37 20 32 2e 35 20 32 2e 35 20 30 20 30 30 32 2e 30 31 31 2e 38 31 38 20 32 2e 33 Data Ascii: 3.887 5.1 5.1 0 013.85-1.434 4.741 4.741 0 013.623 1.381 5.208 5.208 0 011.3 3.729 5.259 5.259 0 01-1.385 3.83 5.02 5.02 0 01-3.773 1.424 4.931 4.931 0 01-3.652-1.352 4.984 4.984 0 01-1.349-3.688m2.426-.076a3.53 3.53 0 00.7 2.367 2.5 2.5 0 002.011.818 2.3
2023-08-25 14:06:38 UTC	697	IN	Data Raw: 2e 31 32 2e 31 36 37 2d 2e 32 31 2e 33 34 39 2d 2e 32 37 33 2e 35 34 37 41 32 2e 32 31 39 20 32 2e 32 31 39 20 30 20 30 30 34 20 31 31 2e 37 35 56 31 32 68 34 7a 4d 36 20 31 2e 35 63 2d 2e 33 34 34 20 30 2d 2e 36 36 37 2e 30 36 35 2d 2e 39 36 39 2e 31 39 35 2d 2e 33 30 32 2e 31 33 2d 2e 35 36 37 2e 33 30 38 2d 2e 37 39 37 2e 35 33 32 41 32 2e 34 37 37 20 32 2e 34 37 37 20 30 20 30 30 33 2e 35 20 34 4c 32 20 34 2e 32 35 56 34 61 33 2e 39 34 38 20 33 2e 39 34 38 20 30 20 30 31 31 2e 31 37 32 2d 32 2e 38 32 43 33 2e 35 33 37 2e 38 32 20 33 2e 39 36 2e 35 33 34 20 34 2e 34 34 35 2e 33 32 41 33 2e 38 31 20 33 2e 38 31 20 30 20 30 31 36 20 30 61 33 2e 39 34 38 20 33 2e 39 34 38 20 30 20 30 31 32 2e 38 32 20 31 2e 31 37 32 63 2e 33 36 2e 33 36 34 2e 36 34 36 2e Data Ascii: .12.167-.21.349-.273.547A2.219 2.219 0 004 11.75V12h4zM6 1.5c-.344 0-.667.065-.969.195-.302.13-.567.308-.797.532A2.477 2.477 0 003.5 4L2 4.25V4a3.948 3.948 0 011.172-2.82C3.537.82 3.96.534 4.445.32A3.81 3.81 0 016 0a3.948 3.948 0 012.82 1.172c.36.364.646.
2023-08-25 14:06:38 UTC	713	IN	Data Raw: 2e 63 2d 6d 65 20 2e 6d 65 63 74 72 6c 5f 61 75 74 68 41 70 70 5f 63 6c 6f 73 65 5c 78 33 61 61 63 74 69 76 65 2c 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 64 61 72 6b 20 2e 6d 65 63 74 72 6c 5f 61 75 74 68 41 70 70 5f 62 61 6e 6e 65 72 5c 78 33 61 61 63 74 69 76 65 2c 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 64 61 72 6b 20 2e 6d 65 63 74 72 6c 5f 61 75 74 68 41 70 70 5f 62 61 6e 6e 65 72 5f 70 61 72 65 6e 74 5c 78 33 61 61 63 74 69 76 65 2c 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 64 61 72 6b 20 2e 6d 65 63 74 72 6c 5f 61 75 74 68 41 70 70 5f 63 6c 6f 73 65 5c 78 33 61 61 63 74 69 76 65 5c 78 37 62 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 30 30 36 63 62 65 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 61 7a 75 72 Data Ascii: .c-me .mectrl_authApp_close\x3aactive,.mectrl_theme_dark .mectrl_authApp_banner\x3aactive,.mectrl_theme_dark .mectrl_authApp_banner_parent\x3aactive,.mectrl_theme_dark .mectrl_authApp_close\x3aactive\x7bbackground-color\x3a\x23006cbe\x7d.mectrl_theme_azur

Timestamp	kBytes transferred	Direction	Data
2023-08-25 14:06:39 UTC	714	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_nun_Nob0yT2WjCUfgBCTog2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-25 14:06:39 UTC	715	IN	HTTP/1.1 200 OK Date: Fri, 25 Aug 2023 14:06:39 GMT Content-Type: application/x-javascript Content-Length: 48719 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Jul 2023 10:42:33 GMT ETag: 0x8DB82C4B32A50A1 x-ms-request-id: e6985c1f-d01e-0052-57f4-d50244000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20230825T140639Z-een70huwm95fd4218txaekp7a000000002mg00000001emtr X-Cache: TCP_HIT Accept-Ranges: bytes
2023-08-25 14:06:39 UTC	715	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc bd 7b 5f e3 38 d2 30 fa ff f3 29 82 77 0f 63 4f 4c c8 05 68 70 70 e7 4d 03 dd cd 0c b7 21 61 7a 66 69 96 9f 93 08 70 77 62 67 6d 07 9a 09 79 3f fb a9 8b 64 cb 8e 43 f7 ec 73 7e 67 2e c1 96 4a b2 54 aa 2a 55 95 4a d2 e6 cf 6b ff 53 f9 b9 b2 f1 e3 ff 54 7a fd ee 65 bf 72 fe be d2 ff 78 7c 79 58 b9 80 b7 3f 2b 67 e7 fd e3 83 a3 1f af 07 3f 8a ff f7 1f fc b8 72 e7 8f 45 05 fe 0e bc 58 8c 2a 61 50 09 a3 8a 1f 0c c3 68 1a 46 5e 22 e2 ca 04 7e 23 df 1b 57 ee a2 70 52 49 1e 44 65 1a 85 5f c4 30 89 2b 63 3f 4e a0 d0 40 8c c3 a7 8a 09 d5 45 a3 ca 85 17 25 cf 95 e3 0b ab 06 f5 0b a8 cd bf f7 03 28 3d 0c a7 cf f0 fc 90 54 82 30 f1 87 a2 e2 05 23 aa 6d 0c 2f 41 2c 2a b3 60 24 a2 ca d3 83 3f 7c a8 9c fa c3 28 8c c3 bb a4 12 89 a1 f0 1f Data Ascii: {_80)wcOLhppM!azfipwbgmy?dCs~g.JTUJkSTzerx\|yX?+g?rEXaPhF^"~#WpRIDe_0+c?N@E%(=T0#m/A,*`$?\|(
2023-08-25 14:06:39 UTC	731	IN	Data Raw: 15 6d 4f c9 ed 14 16 cf cc 5b 4a a3 8b 78 4a d2 81 6a dd 79 28 c5 73 68 3f e6 4f 7b cf 4e b2 5e 2c f8 6e 17 3c 5c 0b af 0c e1 7a c8 19 f0 4d de ac 51 86 31 98 8a 43 50 51 40 28 e3 1f 3a 84 1c 1f 2c c7 73 3d 6c d2 a2 bd b2 ba d8 2d e8 1a c2 bd be 49 cf db ac c9 93 05 d5 cd 42 61 f1 82 28 ba 54 8d 0e 91 d5 26 a4 c0 1e f2 27 9c 64 41 57 45 79 29 94 47 f7 46 c1 d4 40 cb 0a 22 52 6c 3f 00 26 7c 44 05 6e 59 74 c9 bb 6e e8 3a 24 85 59 1d be 2c f1 e5 e5 fa c6 2e cb 90 6d 55 43 91 c8 a1 00 e5 19 5b c5 67 8e 7e 17 eb a2 83 d8 4d 6f 01 c2 17 87 a9 0f 2b f9 01 21 98 9f 23 b0 6b b5 c7 d7 e0 83 ef 9c 9c 4f 7c b0 c5 2a 75 63 8b 75 ea c6 ae d5 0e 59 54 a6 01 49 31 08 52 db af cd 12 7f 1c a7 43 40 84 fe 91 6c 0f 3c 18 18 44 83 37 32 6c 5d 05 5d 7d 8b e7 ab 77 27 5b da 85 Data Ascii: mO[JxJjy(sh?O{N^,n<\zMQ1CPQ@(:,s=l-IBa(T&'dAWEy)GF@"Rl?&\|DnYtn:$Y,.mUC[g~Mo+!#kO\|*ucuYTI1RC@l<D72l]]}w'[
2023-08-25 14:06:39 UTC	747	IN	Data Raw: a9 01 c2 91 37 a9 08 85 20 70 b8 05 ce c0 41 51 bb d9 d3 07 b7 7d c2 6b 4b 36 62 33 04 1e c8 dc 1a b9 1b c8 43 41 7b a9 40 64 37 04 27 32 2f 97 50 3f 2a b4 a0 5e 3c 18 d6 be 62 33 95 9e 3f bf 7f 7f ce 00 16 eb b0 0c e7 a1 89 f4 29 49 0e 42 18 b7 62 0a ba e1 2a b5 0f 88 8a 34 f1 2d e7 41 d6 38 e5 1d 4f 01 b4 39 56 66 50 00 1b 4e fa 8e fa 78 5a 84 71 a0 e8 d9 c2 8d c7 58 58 9e 31 9f c6 63 59 61 44 be da 41 54 af f3 7a 5d 0e f0 d6 c0 80 4b 28 b0 de 85 76 9f c9 00 b8 b3 0a d7 e1 68 94 4c d4 be 6a a2 8e f1 4e 5a d3 3e 5c f1 2f c0 61 0d 93 76 48 b3 1c 80 73 9b c3 2e 88 c3 a6 af 0d db fc 80 52 f3 66 46 4a dc ca 1d 2b 36 9d 95 b9 24 0a 18 d9 8b 8e f7 50 c9 50 3c da 70 22 67 27 ae 0d 87 d0 66 3a 59 40 fb cb 72 c8 68 9b a7 39 7d eb 88 b0 c2 60 a4 e3 64 cf 90 be 3d Data Ascii: 7 pAQ}kK6b3CA{@d7'2/P?^<b3?)IBb4-A8O9VfPNxZqXX1cYaDATz]K(vhLjNZ>\/avHs.RfFJ+6$PP<p"g'f:Y@rh9}`d=
2023-08-25 14:06:39 UTC	763	IN	Data Raw: bb 52 b8 37 da 07 3d 88 93 0e c5 a2 af d6 0e 70 23 38 c0 0d 78 56 02 7a 4f 7c 7c 25 75 2e 2d f1 47 df ef 7a 93 2d 1b f5 4b c3 e1 bc 7f 6a 16 ba 56 2d df d9 fb 46 d7 b1 d1 f0 52 3c c0 6b 98 9f 26 5d 98 cb 3a a2 55 a4 4c 77 5f 1b be 54 b3 29 9c 52 77 5e 07 ca 38 0c d0 e3 ff b1 08 3a ae 44 15 1c ac 39 36 00 af 3a 48 5a dd c5 46 a8 49 f4 83 c7 50 fd 0f 2c 8c aa 50 c2 4d 39 83 40 e8 2c f6 9c 01 80 d0 e7 5a a3 e3 e4 8b 85 a3 78 d8 50 2c 4f 03 b0 6f 3b 80 d4 08 9d 8f d9 80 fe 57 43 a7 07 03 2b 8e dc 57 4f ab aa 40 3a 02 41 06 0f 06 2a b0 79 b0 71 7e fa 98 49 91 8f 9f bf 9d 0f 77 76 06 e7 f9 40 e5 6f 96 62 12 25 3e d8 d9 a1 02 89 14 7d cc e0 db 92 df 48 23 6d db 2d d2 5f 93 8c 08 8c c1 34 b6 e2 cb 07 1b 7f 20 91 e4 cd 67 82 c0 3d 78 f8 53 b3 41 0f a9 45 fa eb 8f Data Ascii: R7=p#8xVzO\|\|%u.-Gz-KjV-FR<k&]:ULw_T)Rw^8:D96:HZFIP,PM9@,ZxP,Oo;WC+WO@:A*yq~Iwv@ob%>}H#m-_4 g=xSAE

Target ID:	0
Start time:	16:06:15
Start date:	25/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ctldl.windowsupdate.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\LICENSE

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\_metadata\verified_contents.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\keys.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\manifest.fingerprint

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping812_1485481924\manifest.json

Chrome Cache Entry: 276

Chrome Cache Entry: 277

Chrome Cache Entry: 278

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 281

Chrome Cache Entry: 282

Chrome Cache Entry: 283

Chrome Cache Entry: 284

Chrome Cache Entry: 285

Chrome Cache Entry: 286

Chrome Cache Entry: 287

Chrome Cache Entry: 288

Chrome Cache Entry: 289

Chrome Cache Entry: 290

Chrome Cache Entry: 291

Chrome Cache Entry: 292

Chrome Cache Entry: 293

Chrome Cache Entry: 294

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 297

Chrome Cache Entry: 298

Chrome Cache Entry: 299

Windows Analysis Report
http://ctldl.windowsupdate.com

Target ID:	1
Start time:	16:06:16
Start date:	25/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1868,i,5604346828580393826,14277228300877163243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	16:06:19
Start date:	25/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ctldl.windowsupdate.com
Imagebase:	0x7ff67bb30000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre