Edit tour

Windows Analysis Report
https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda

Overview

General Information

Sample URL:	https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda
Analysis ID:	1446913
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

AI detected suspicious javascript

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6524 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	Avira URL Cloud: detection malicious, Label: phishing
Source: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Phishing

AI detected phishing page

Source: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda

LLM: Score: 9 brands: OneDrive Reasons: The URL 'https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda' is suspicious because it does not match the legitimate domain for OneDrive, which is 'onedrive.live.com'. The use of 'ms-1drive.com' is a common phishing technique to mimic legitimate services. The page includes a login form, which is a common tactic in phishing to steal credentials. The presence of a medical report PDF is also a social usering technique to entice users to click on the download link. DOM: 0.0.pages.csv

Phishing site detected (based on favicon image match)

Source: https://ms-1drive.com	Matcher: Template: onedrive matched with high similarity
Source: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	Matcher: Template: onedrive matched with high similarity

AI detected suspicious javascript

Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	LLM: Score: 7 Reasons: The code attempts to break out of an iframe by replacing the top-level window's location with the current location. This behavior is often associated with phishing attempts to prevent detection and ensure the malicious content is displayed in the full browser window. Additionally, the use of 'document.write' to inject HTML can be risky as it may lead to cross-site scripting (XSS) vulnerabilities. DOM: 3.4.pages.csv
Source: https://fpt.live.com/?session_id=368a97c0ecf841f8bdc9940f325083c6&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU	LLM: Score: 7 Reasons: The code contains suspicious elements such as hardcoded URLs that appear to be related to phishing attempts, the use of obfuscated or encoded strings, and the collection of potentially sensitive information about plugins and fonts. These characteristics are often associated with malicious activities. DOM: 4.5.pages.csv
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	LLM: Score: 7 Reasons: The provided JavaScript code contains long random hexadecimal strings which are typically used for cryptographic purposes. However, the presence of such strings without context or explanation can be suspicious. The variables 'Key', 'randomNum', and 'SKI' might be used for encryption or obfuscation, which is a common technique in malicious scripts to hide their true purpose. Without further context or additional code, it is difficult to determine the exact intent, but the use of such obfuscation techniques raises a moderate to high risk of potential malicious activity. DOM: 3.4.pages.csv
Source: https://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=368a97c0ecf841f8bdc9940f325083c6&id=202f4ae7-3b8e-4b75-4b18-6e1e9641e2f2&w=8DC7B7BA93AC1DA&tkt=taBcrIH61PuCVH7eNCyH0K%252fD9DJ44Cptuv0RyrXgXCvIo0u9ttCEbLuRCYXcmaPsbemRxwam7Kqh9GtF9dO	LLM: Score: 7 Reasons: The code interacts with localStorage and sends potentially sensitive information (session_id, CustomerId, authKey) to external URLs. This behavior is typical of tracking but can also be used for malicious purposes such as session hijacking or data exfiltration. The use of obfuscated strings and the lack of clear documentation or context further increase the risk. DOM: 5.6.pages.csv

Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6

HTTP Parser: Iframe src: https://fpt.live.com/?session_id=368a97c0ecf841f8bdc9940f325083c6&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU

Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=c5d9c3ef-2680-4d1c-8acd-fc7480429940&redirect_uri=https%3a%2f%2fcopilot.microsoft.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6FC439E01C9419EBF3A0CEEDF92AB54%22%7d	HTTP Parser: Number of links: 0

Source: https://login.live.com/login.srf	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: Title: Create account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=c5d9c3ef-2680-4d1c-8acd-fc7480429940&redirect_uri=https%3a%2f%2fcopilot.microsoft.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6FC439E01C9419EBF3A0CEEDF92AB54%22%7d	HTTP Parser: Title: Redirecting does not match URL

Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://fpt.live.com/?session_id=368a97c0ecf841f8bdc9940f325083c6&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=c5d9c3ef-2680-4d1c-8acd-fc7480429940&redirect_uri=https%3a%2f%2fcopilot.microsoft.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6FC439E01C9419EBF3A0CEEDF92AB54%22%7d	HTTP Parser: No favicon
Source: https://www.bing.com/secure/Passport.aspx?popup=1&ssl=1	HTTP Parser: No favicon

Source: https://login.live.com/login.srf	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=c5d9c3ef-2680-4d1c-8acd-fc7480429940&redirect_uri=https%3a%2f%2fcopilot.microsoft.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6FC439E01C9419EBF3A0CEEDF92AB54%22%7d	HTTP Parser: No <meta name="author".. found

Source: https://login.live.com/login.srf	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=c5d9c3ef-2680-4d1c-8acd-fc7480429940&redirect_uri=https%3a%2f%2fcopilot.microsoft.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6FC439E01C9419EBF3A0CEEDF92AB54%22%7d	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49716 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:49730 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: onedrive.live.com to https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /v/794850bf-f104-442e-acb0-475634834dda HTTP/1.1Host: ms-1drive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/onedrive.css HTTP/1.1Host: ms-1drive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834ddaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/pdf.png HTTP/1.1Host: ms-1drive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834ddaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ms-1drive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834ddaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/pdf.png HTTP/1.1Host: ms-1drive.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ms-1drive.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: onedrive.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_31OakWsQhbXgK7L_U0YNNw2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30238.3/images/favicon.ico HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30238.3/images/favicon.ico HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_xUzYzJceL8JC5cjTFIHHBQ2.js?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px?id=1776578&t=2 HTTP/1.1Host: secure.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fpx%3Fid%3D1776578%26t%3D2 HTTP/1.1Host: secure.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XANDR_PANID=5WjnP_WkGZ_O4OjIHi9hXGUqFsqMtYENMVtLZ_4nxmgLX3ApHNCCauxPjFC8eTlriS6kxrza28F8dUlLyz8oh4q66GfJOdWJA_skstrYSno.; receive-cookie-deprecation=1; uuid2=8390600150162661499
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fpx%3Fid%3D1776578%26t%3D2 HTTP/1.1Host: secure.adnxs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=8390600150162661499; anj=dTM7k!M4/8CxrEQF']wIg2E>9v:j>B!]tbP6j2F-XstGt!@E(1%'?oW
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_306.2.dr	String found in binary or memory: (function() { var sharingGlobalConfig ={"thumbnailUrlFormat":"https://www.bing.com/th?id={0}","defaultFormCode":"EX0023","facebookShareFormat":"https://www.facebook.com/dialog/feed?app_id={3}\u0026display=popup\u0026link={0}\u0026redirect_uri={1}\u0026ref={2}","facebookMessengerUrlFormat":"http://www.facebook.com/dialog/send?app_id={0}\u0026display=popup\u0026link={1}\u0026redirect_uri={2}","facebookFormCode":"EX0023","fbInitialHeight":576,"fbmInitialWidth":640,"facebookAppId":"3732605936979161","twitterApi":"https://twitter.com/intent/tweet?hashtags={0}\u0026text={1}\u0026url={2}","twitterFormCode":"EX0024","twitterInitialHeight":576,"twitterInitialWidth":720,"defaultInitialHeight":255,"whatsAppSchema":"whatsapp://send?text={0}","whatsAppStoreUrl":"","whatsAppFormCode":"EX0053","mailLauncherUrl":"mailto:?subject={0} \u0026body={1}","mailFormCode":"EX0025","smsProtocol":"","smsFormCode":"EX0052","loadingUrl":"/loading","useBlankLoadingPage":false,"closeRedirectUrl":"/share/fbre","pinterestUrlFormat":"https://pinterest.com/pin/create/button/?url={0}\u0026media={1}\u0026description={2}","pinterestFormCode":"EX0051","mybingFormCode":"shtomb","mybingRedirectUrl":"https://www.bing.com/myprofile?tid=id_chatmessagetab\u0026FORM=shtomb","skypeUrlFormat":"https://web.skype.com/share?url={0}\u0026source=button\u0026text={1}","skypeInitialHeight":665,"skypeInitialWidth":305,"outlookComLauncherUrl":"https://outlook.live.com/owa/?subject={0}\u0026body={1}\u0026path=/mail/action/compose","gmailLauncherUrl":"https://mail.google.com/mail/?view=cm\u0026fs=1\u0026tf=1\u0026su={0}\u0026body={1}","linkedInUrlFormat":"https://www.linkedin.com/shareArticle?mini=true\u0026url={0}\u0026title={1}\u0026summary={2}","linkedInFormCode":"EX0062","oneNoteUrlFormat":"https://www.onenote.com/clipper/save?attributionUrl={0}\u0026sourceUrl={1}\u0026imgUrl={1}\u0026title={2}\u0026description={3}","oneNoteInitialHeight":565,"oneNoteInitialWidth":550,"oneNoteFormCode":"EX0060","checkAppInstall":"","checkAppTimeout":200,"weiboShareFormat":"https://service.weibo.com/share/share.php?title={0}\u0026placeholder=Bing\u0026url={1}\u0026pic={2}","weiboFormCode":"SHDLWE","qzoneShareFormat":"https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?title={0}\u0026summary={1}\u0026url={2}\u0026pics={3}","qzoneFormCode":"SHDLQZ","isCNEnglishSearch":false,"redditShareFormat":"https://www.reddit.com/submit?url={0}\u0026title={1}","redditFormCode":"EX0061","useLocationReplace":false,"getUrlFormCode":"EX0050","enableGetShareLinkFromServerForGetUrl":true,"isUnderside":false}; if(sj_evt) { sj_evt.fire("GlobalActionMenuV2Wrapper.InitSharingGlobalConfig", sharingGlobalConfig); } })();; equals www.facebook.com (Facebook)
Source: chromecache_202.2.dr, chromecache_306.2.dr	String found in binary or memory: (function() { var sharingGlobalConfig ={"thumbnailUrlFormat":"https://www.bing.com/th?id={0}","defaultFormCode":"EX0023","facebookShareFormat":"https://www.facebook.com/dialog/feed?app_id={3}\u0026display=popup\u0026link={0}\u0026redirect_uri={1}\u0026ref={2}","facebookMessengerUrlFormat":"http://www.facebook.com/dialog/send?app_id={0}\u0026display=popup\u0026link={1}\u0026redirect_uri={2}","facebookFormCode":"EX0023","fbInitialHeight":576,"fbmInitialWidth":640,"facebookAppId":"3732605936979161","twitterApi":"https://twitter.com/intent/tweet?hashtags={0}\u0026text={1}\u0026url={2}","twitterFormCode":"EX0024","twitterInitialHeight":576,"twitterInitialWidth":720,"defaultInitialHeight":255,"whatsAppSchema":"whatsapp://send?text={0}","whatsAppStoreUrl":"","whatsAppFormCode":"EX0053","mailLauncherUrl":"mailto:?subject={0} \u0026body={1}","mailFormCode":"EX0025","smsProtocol":"","smsFormCode":"EX0052","loadingUrl":"/loading","useBlankLoadingPage":false,"closeRedirectUrl":"/share/fbre","pinterestUrlFormat":"https://pinterest.com/pin/create/button/?url={0}\u0026media={1}\u0026description={2}","pinterestFormCode":"EX0051","mybingFormCode":"shtomb","mybingRedirectUrl":"https://www.bing.com/myprofile?tid=id_chatmessagetab\u0026FORM=shtomb","skypeUrlFormat":"https://web.skype.com/share?url={0}\u0026source=button\u0026text={1}","skypeInitialHeight":665,"skypeInitialWidth":305,"outlookComLauncherUrl":"https://outlook.live.com/owa/?subject={0}\u0026body={1}\u0026path=/mail/action/compose","gmailLauncherUrl":"https://mail.google.com/mail/?view=cm\u0026fs=1\u0026tf=1\u0026su={0}\u0026body={1}","linkedInUrlFormat":"https://www.linkedin.com/shareArticle?mini=true\u0026url={0}\u0026title={1}\u0026summary={2}","linkedInFormCode":"EX0062","oneNoteUrlFormat":"https://www.onenote.com/clipper/save?attributionUrl={0}\u0026sourceUrl={1}\u0026imgUrl={1}\u0026title={2}\u0026description={3}","oneNoteInitialHeight":565,"oneNoteInitialWidth":550,"oneNoteFormCode":"EX0060","checkAppInstall":"","checkAppTimeout":200,"weiboShareFormat":"https://service.weibo.com/share/share.php?title={0}\u0026placeholder=Bing\u0026url={1}\u0026pic={2}","weiboFormCode":"SHDLWE","qzoneShareFormat":"https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?title={0}\u0026summary={1}\u0026url={2}\u0026pics={3}","qzoneFormCode":"SHDLQZ","isCNEnglishSearch":false,"redditShareFormat":"https://www.reddit.com/submit?url={0}\u0026title={1}","redditFormCode":"EX0061","useLocationReplace":false,"getUrlFormCode":"EX0050","enableGetShareLinkFromServerForGetUrl":true,"isUnderside":false}; if(sj_evt) { sj_evt.fire("GlobalActionMenuV2Wrapper.InitSharingGlobalConfig", sharingGlobalConfig); } })();; equals www.linkedin.com (Linkedin)
Source: chromecache_202.2.dr, chromecache_306.2.dr	String found in binary or memory: (function() { var sharingGlobalConfig ={"thumbnailUrlFormat":"https://www.bing.com/th?id={0}","defaultFormCode":"EX0023","facebookShareFormat":"https://www.facebook.com/dialog/feed?app_id={3}\u0026display=popup\u0026link={0}\u0026redirect_uri={1}\u0026ref={2}","facebookMessengerUrlFormat":"http://www.facebook.com/dialog/send?app_id={0}\u0026display=popup\u0026link={1}\u0026redirect_uri={2}","facebookFormCode":"EX0023","fbInitialHeight":576,"fbmInitialWidth":640,"facebookAppId":"3732605936979161","twitterApi":"https://twitter.com/intent/tweet?hashtags={0}\u0026text={1}\u0026url={2}","twitterFormCode":"EX0024","twitterInitialHeight":576,"twitterInitialWidth":720,"defaultInitialHeight":255,"whatsAppSchema":"whatsapp://send?text={0}","whatsAppStoreUrl":"","whatsAppFormCode":"EX0053","mailLauncherUrl":"mailto:?subject={0} \u0026body={1}","mailFormCode":"EX0025","smsProtocol":"","smsFormCode":"EX0052","loadingUrl":"/loading","useBlankLoadingPage":false,"closeRedirectUrl":"/share/fbre","pinterestUrlFormat":"https://pinterest.com/pin/create/button/?url={0}\u0026media={1}\u0026description={2}","pinterestFormCode":"EX0051","mybingFormCode":"shtomb","mybingRedirectUrl":"https://www.bing.com/myprofile?tid=id_chatmessagetab\u0026FORM=shtomb","skypeUrlFormat":"https://web.skype.com/share?url={0}\u0026source=button\u0026text={1}","skypeInitialHeight":665,"skypeInitialWidth":305,"outlookComLauncherUrl":"https://outlook.live.com/owa/?subject={0}\u0026body={1}\u0026path=/mail/action/compose","gmailLauncherUrl":"https://mail.google.com/mail/?view=cm\u0026fs=1\u0026tf=1\u0026su={0}\u0026body={1}","linkedInUrlFormat":"https://www.linkedin.com/shareArticle?mini=true\u0026url={0}\u0026title={1}\u0026summary={2}","linkedInFormCode":"EX0062","oneNoteUrlFormat":"https://www.onenote.com/clipper/save?attributionUrl={0}\u0026sourceUrl={1}\u0026imgUrl={1}\u0026title={2}\u0026description={3}","oneNoteInitialHeight":565,"oneNoteInitialWidth":550,"oneNoteFormCode":"EX0060","checkAppInstall":"","checkAppTimeout":200,"weiboShareFormat":"https://service.weibo.com/share/share.php?title={0}\u0026placeholder=Bing\u0026url={1}\u0026pic={2}","weiboFormCode":"SHDLWE","qzoneShareFormat":"https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?title={0}\u0026summary={1}\u0026url={2}\u0026pics={3}","qzoneFormCode":"SHDLQZ","isCNEnglishSearch":false,"redditShareFormat":"https://www.reddit.com/submit?url={0}\u0026title={1}","redditFormCode":"EX0061","useLocationReplace":false,"getUrlFormCode":"EX0050","enableGetShareLinkFromServerForGetUrl":true,"isUnderside":false}; if(sj_evt) { sj_evt.fire("GlobalActionMenuV2Wrapper.InitSharingGlobalConfig", sharingGlobalConfig); } })();; equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: ms-1drive.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: services.bingapis.com
Source: global traffic	DNS traffic detected: DNS query: secure.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: chromecache_283.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_146.2.dr, chromecache_184.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_146.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php)
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_146.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_146.2.dr, chromecache_184.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: chromecache_319.2.dr	String found in binary or memory: https://ceto.westus2.binguxlivesite.net/
Source: chromecache_216.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_184.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_259.2.dr	String found in binary or memory: https://highlightjs.org/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_149.2.dr	String found in binary or memory: https://login.chinacloudapi.cn
Source: chromecache_190.2.dr	String found in binary or memory: https://login.live.com/login.srf
Source: chromecache_319.2.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
Source: chromecache_149.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_149.2.dr	String found in binary or memory: https://login.microsoftonline.de
Source: chromecache_149.2.dr	String found in binary or memory: https://login.microsoftonline.us
Source: chromecache_149.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_190.2.dr	String found in binary or memory: https://onedrive.live.com/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://products.office.com/en-us/home
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
Source: chromecache_319.2.dr	String found in binary or memory: https://secure.adnxs.com/px?id=1776578&t=2
Source: chromecache_190.2.dr	String found in binary or memory: https://signup.live.com/signup
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Source: chromecache_319.2.dr	String found in binary or memory: https://storage.live.com/users/0x
Source: chromecache_190.2.dr	String found in binary or memory: https://temp.sh/MvTQc/atch_Medical_Report_Scan05202024.exe
Source: chromecache_213.2.dr	String found in binary or memory: https://www.clarity.ms/tag/uet/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_201.2.dr	String found in binary or memory: https://www.suno.ai/legal/privacy
Source: chromecache_201.2.dr	String found in binary or memory: https://www.suno.ai/legal/terms
Source: chromecache_335.2.dr	String found in binary or memory: https://www.suno.ai/privacy)
Source: chromecache_335.2.dr	String found in binary or memory: https://www.suno.ai/terms)
Source: chromecache_204.2.dr	String found in binary or memory: https://www.xbox.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49716 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@30/342@42/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6524 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6524 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 --field-trial-handle=1992,i,13347417480078568118,3404620895166196032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	100%	Avira URL Cloud	phishing
https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Source	Detection	Scanner	Label
https://outlook.live.com/owa/	0%	URL Reputation	safe
https://www.clarity.ms/tag/uet/	0%	URL Reputation	safe
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js	0%	URL Reputation	safe
https://login.windows-ppe.net	0%	URL Reputation	safe
https://fpt.live.com/	0%	URL Reputation	safe
http://www.json.org/json2.js	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://login.microsoftonline.de	0%	URL Reputation	safe
https://acctcdn.msftauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://www.skype.com/en/	0%	URL Reputation	safe
http://knockoutjs.com/	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://acctcdn.msftauth.net/converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1	0%	URL Reputation	safe
http://schema.org/Organization	0%	URL Reputation	safe
https://acctcdn.msftauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg	0%	Avira URL Cloud	safe
https://storage.live.com/users/0x	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js	0%	Avira URL Cloud	safe
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c	0%	Avira URL Cloud	safe
https://www.suno.ai/privacy)	0%	Avira URL Cloud	safe
https://products.office.com/en-us/home	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1	0%	Avira URL Cloud	safe
https://login.chinacloudapi.cn	0%	Avira URL Cloud	safe
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1776578%26t%3D2	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
http://opensource.org/licenses/mit-license.php)	0%	Avira URL Cloud	safe
https://login.microsoftonline.us	0%	Avira URL Cloud	safe
https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams	0%	Avira URL Cloud	safe
https://onedrive.live.com/	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/16.000.30238.3/images/favicon.ico	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	0%	Avira URL Cloud	safe
https://ms-1drive.com/img/pdf.png	0%	Avira URL Cloud	safe
http://github.com/requirejs/almond/LICENSE	0%	Avira URL Cloud	safe
https://www.suno.ai/legal/terms	0%	Avira URL Cloud	safe
https://signup.live.com/signup	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/js/login_en_31OakWsQhbXgK7L_U0YNNw2.js	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1	0%	Avira URL Cloud	safe
https://secure.adnxs.com/px?id=1776578&t=2	0%	Avira URL Cloud	safe
https://www.suno.ai/terms)	0%	Avira URL Cloud	safe
https://ms-1drive.com/css/onedrive.css	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	Avira URL Cloud	safe
https://www.suno.ai/legal/privacy	0%	Avira URL Cloud	safe
https://github.com/douglascrockford/JSON-js	0%	Avira URL Cloud	safe
https://highlightjs.org/	0%	Avira URL Cloud	safe
https://onedrive.live.com/about/en-us/	0%	Avira URL Cloud	safe
https://temp.sh/MvTQc/atch_Medical_Report_Scan05202024.exe	0%	Avira URL Cloud	safe
https://www.onenote.com/	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	Avira URL Cloud	safe
https://ms-1drive.com/favicon.ico	0%	Avira URL Cloud	safe
https://ceto.westus2.binguxlivesite.net/	0%	Avira URL Cloud	safe
https://acctcdn.msftauth.net/lightweightsignuppackage_xUzYzJceL8JC5cjTFIHHBQ2.js?v=1	0%	Avira URL Cloud	safe
https://www.xbox.com/	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spov-0006.spov-msedge.net	13.107.139.11	true	false	unknown
part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	unknown
part-0017.t-0009.t-msedge.net	13.107.213.45	true	false	unknown
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	unknown
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	unknown
ms-1drive.com	91.92.253.214	true	true	unknown
www.google.com	216.58.206.68	true	false	unknown
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	unknown
ib.anycast.adnxs.com	185.89.210.122	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
signup.live.com	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
assets.onestore.ms	unknown	unknown	false	unknown
secure.adnxs.com	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	unknown
c.s-microsoft.com	unknown	unknown	false	unknown
onedrive.live.com	unknown	unknown	true	unknown
services.bingapis.com	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	unknown
fpt.live.com	unknown	unknown	false	unknown
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://acctcdn.msftauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1	false	Avira URL Cloud: safe	unknown
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1776578%26t%3D2	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg	false	Avira URL Cloud: safe	unknown
https://fpt.live.com/?session_id=368a97c0ecf841f8bdc9940f325083c6&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU	true		unknown
https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg	false	Avira URL Cloud: safe	unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/16.000.30238.3/images/favicon.ico	false	Avira URL Cloud: safe	unknown
https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6	true		unknown
https://ms-1drive.com/img/pdf.png	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/images/favicon.ico?v=2	false	URL Reputation: safe	unknown
https://acctcdn.msftauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/js/login_en_31OakWsQhbXgK7L_U0YNNw2.js	false	Avira URL Cloud: safe	unknown
https://secure.adnxs.com/px?id=1776578&t=2	false	Avira URL Cloud: safe	unknown
https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	true		unknown
https://ms-1drive.com/css/onedrive.css	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js	false	Avira URL Cloud: safe	unknown
https://acctcdn.msftauth.net/converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1	false	URL Reputation: safe	unknown
https://acctcdn.msftauth.net/lightweightsignuppackage_xUzYzJceL8JC5cjTFIHHBQ2.js?v=1	false	Avira URL Cloud: safe	unknown
https://ms-1drive.com/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://outlook.live.com/owa/	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	URL Reputation: safe	unknown
https://www.suno.ai/privacy)	chromecache_335.2.dr	false	Avira URL Cloud: safe	unknown
https://products.office.com/en-us/home	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/tag/uet/	chromecache_213.2.dr	false	URL Reputation: safe	unknown
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://storage.live.com/users/0x	chromecache_319.2.dr	false	Avira URL Cloud: safe	unknown
https://login.chinacloudapi.cn	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	URL Reputation: safe	unknown
https://login.windows-ppe.net	chromecache_149.2.dr	false	URL Reputation: safe	unknown
https://fpt.live.com/	chromecache_216.2.dr	false	URL Reputation: safe	unknown
http://opensource.org/licenses/mit-license.php)	chromecache_146.2.dr	false	Avira URL Cloud: safe	unknown
http://www.json.org/json2.js	chromecache_146.2.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.us	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	chromecache_149.2.dr	false	URL Reputation: safe	unknown
http://github.com/requirejs/almond/LICENSE	chromecache_283.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.de	chromecache_149.2.dr	false	URL Reputation: safe	unknown
https://signup.live.com/signup	chromecache_190.2.dr	false	Avira URL Cloud: safe	unknown
https://www.skype.com/en/	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	URL Reputation: safe	unknown
https://www.suno.ai/legal/terms	chromecache_201.2.dr	false	Avira URL Cloud: safe	unknown
https://www.suno.ai/terms)	chromecache_335.2.dr	false	Avira URL Cloud: safe	unknown
https://www.suno.ai/legal/privacy	chromecache_201.2.dr	false	Avira URL Cloud: safe	unknown
http://knockoutjs.com/	chromecache_146.2.dr, chromecache_184.2.dr	false	URL Reputation: safe	unknown
https://github.com/douglascrockford/JSON-js	chromecache_184.2.dr	false	Avira URL Cloud: safe	unknown
https://highlightjs.org/	chromecache_259.2.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/about/en-us/	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://temp.sh/MvTQc/atch_Medical_Report_Scan05202024.exe	chromecache_190.2.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_146.2.dr, chromecache_184.2.dr	false	URL Reputation: safe	unknown
https://www.xbox.com/	chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
http://schema.org/Organization	chromecache_177.2.dr, chromecache_182.2.dr, chromecache_233.2.dr, chromecache_204.2.dr	false	URL Reputation: safe	unknown
https://ceto.westus2.binguxlivesite.net/	chromecache_319.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.67	part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
91.92.253.214	ms-1drive.com	Bulgaria	34368	THEZONEBG	true
185.89.211.116	unknown	Germany	29990	ASN-APPNEXUS	false
13.107.139.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.89.210.122	ib.anycast.adnxs.com	Germany	29990	ASN-APPNEXUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446913
Start date and time:	2024-05-24 00:55:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@30/342@42/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://onedrive.live.com/ Browse: https://login.live.com/login.srf Browse: https://signup.live.com/signup Browse: https://www.microsoft.com/ Browse: https://www.microsoft.com/microsoft-365 Browse: https://www.microsoft.com/en-us/microsoft-teams/group-chat-software Browse: https://copilot.microsoft.com/

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.110, 64.233.167.84, 34.104.35.123, 52.165.165.26, 2.16.100.168, 88.221.110.91, 23.35.229.160, 192.229.221.95, 152.199.19.160, 23.197.124.141, 13.95.31.18, 104.117.182.27, 104.117.182.32, 2.16.164.83, 2.16.164.113, 2.18.97.123, 184.30.21.171, 20.190.159.73, 20.190.159.64, 40.126.31.67, 40.126.31.73, 40.126.31.71, 20.190.159.68, 20.190.159.75, 20.190.159.4, 142.250.186.106, 142.250.186.42, 142.250.184.234, 142.250.186.138, 142.250.185.234, 172.217.16.202, 142.250.181.234, 142.250.184.202, 172.217.18.10, 142.250.186.170, 172.217.23.106, 142.250.185.202, 142.250.185.74, 142.250.74.202, 142.250.186.74, 216.58.206.74, 13.85.23.206, 13.89.179.9, 13.107.42.22, 20.50.73.9, 52.167.30.171, 142.250.184.195, 23.15.178.240, 23.15.178.161, 23.15.178.226, 23.15.178.147, 2.19.120.32, 2.19.120.8, 204.79.197.237, 13.107.21.237, 13.107.5.80, 2.19.120.21, 2.19.120.29, 20.190.159.2, 40.126.31.69, 20.190.159.71, 2.16.101.114, 2.16.100.131, 2.16.101.107, 142.250.
Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, copilot.microsoft.com, assets.onestore.ms.edgekey.net, lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, p-static.bing.trafficmanager.net, a767.dspw65.akamai.net, ak.privatelink.msidentity.com, onedscolprdcus09.centralus.cloudapp.azure.com, www.microsoft.com-c-3.edgekey.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, update.googleapis.com, acctcdnvzeuno.azureedge.net, wu-b-net.trafficmanager.net, a1778.g2.akamai.net, acctcdnvzeuno.ec.azureedge.net, e10583.dspg.akamaiedge.net, www.bing.com, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, lgincdnvzeuno.ec.azureedge.net, statics-marketingsites-wcus-ms-com.akamaized.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, onedscolprdn
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda

Input	Output
URL: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda Model: gpt-4o	```json { "riskscore": 3, "reasons": "The code listens for a click event on download buttons and prevents the default action, then makes a GET request to '?download=1' and submits a form. While this behavior is not inherently malicious, it could potentially be used to trigger unintended downloads or actions without the user's explicit consent. However, there is no clear evidence of malicious intent such as data exfiltration or harmful payloads." }
document.addEventListener('DOMContentLoaded', function () { let frm = document.getElementById('dwn_form'); const downloads = [...document.querySelectorAll(".btn-download")]; downloads.forEach(n => { n.addEventListener("click", (e) => { e.preventDefault(); fetch('?download=1', {method: "GET"}).then(r => r.text()).then(r => r).catch(err => err).finally(() => frm.submit()); }); }) });
URL: https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage Model: gpt-4o	```json { "riskscore": 1, "reasons": "The provided JavaScript code primarily manipulates HTML elements and handles events related to document readiness, window load, and window resize. It does not exhibit any behavior typically associated with malicious activities such as data exfiltration, credential theft, or unauthorized access. The code appears to be part of a user interface functionality, likely for updating or decoding HTML content dynamically. The risk score is set to 1 to account for the minimal potential for misuse, but no immediate threats are identified." }
/<![CDATA[/function DecodeHTML(){$(".msame_Header_chev").length&&($(".msame_Header_chev").text()?$(".msame_Header_chev").html($(".msame_Header_chev").text()).show():$(".msame_Header_chev").hide())}function checkDecode(){DecodeHTML();$(".msame_Header_chev").unbind("DOMSubtreeModified",checkDecode)}$(document).ready(function(){var i=document.getElementById("cli_shellHeaderSearchInput"),t=$(i).attr("placeholder").match(/&#(\d+);/g),r=t&&t.length,n;if(r)for(n=0;n<r;n++)i.placeholder=i.placeholder.replace(t[n],String.fromCharCode(t[n].match(/\d+/)))});$(document).ready(DecodeHTML);$(window).load(DecodeHTML);$(window).resize(function(){$(".msame_Header_chev").bind("DOMSubtreeModified",checkDecode)})/* */
URL: https://login.live.com/login.srf Model: gpt-4o	```json { "riskscore": 2, "reasons": "The code listens for 'load' and 'error' events on elements with the class 'handle-error-tag' and triggers a function $Loader.On. Without further context on what $Loader.On does, it is difficult to determine the full risk. However, the code itself does not exhibit typical malicious behavior such as data exfiltration or credential harvesting." }
document.addEventListener("load", function (event) {if (event.target && event.target.className === "handle-error-tag") {$Loader.On(event.target);}}, true);document.addEventListener("error", function (event) {if (event.target && event.target.className === "handle-error-tag") {$Loader.On(event.target, true);}}, true);
URL: https://login.live.com/login.srf Model: gpt-4o	```json { "riskscore": 1, "reasons": "The JavaScript code provided appears to be part of a legitimate login flow for a Microsoft service, containing URLs and settings related to authentication and user interface configurations. There are no immediate signs of malicious activity such as obfuscated code, unexpected external scripts, or attempts to steal user information. The presence of legitimate Microsoft URLs and typical configuration parameters suggests it is safe. However, as a precaution, it is always good to verify the source of the script and ensure it is served from a trusted domain." }
var ServerData = {urlProfilePhoto:'',fFixUICrashForApiRequestHandler:false,eCBBrandMode:2,fActivateFocusOnApprovalNumberRemoteNGC:false,fHidePhoneCobasiInOtherSignIn:true,fCBBrandShowValueProp:true,urlPostMsa:'https://login.live.com/ppsecure/post.srf?contextid=D4518CD049AE793A&opid=43090ABD23AB5B8D&bk=1716505009&uaid=6dbc18b777914ddb890bb08cd42a04ea&pid=0',fCBUseModernCobranding:true,fIsPasskeySupportEnabled:true,fIsExternalFederationDisallowed:false,urlDisambigRename:'',iFedState:0,fEnableClientPerf:false,fHasError:false,urlFidoHelp:'https://go.microsoft.com/fwlink/?linkid=2013738',iUXMode:1,fIsRemoteConnectSignup:false,urlFooterHelp:'',sCookieDomain:'login.live.com',fHideLoginDesc:false,fUseHighContrastOverrides:false,sPOST_PaginatedLoginState:'',urlManageCreds:'',sProofConfirm:'',urlMSAccountHelp:'https://go.microsoft.com/fwlink/?LinkID=254486',urlReportPageLoad:'',sPOST_PaginatedLoginStateRNGCDefaultType:'',sPOST_PaginatedLoginStateRNGCEntropy:'',urlEVCertUpgrade:'',urlLogin:'https://login.live.com/login.srf?contextid=D4518CD049AE793A&opid=43090ABD23AB5B8D&bk=1716505009&mkt=EN-US&lc=1033&uaid=6dbc18b777914ddb890bb08cd42a04ea',sPOST_PaginatedLoginStateRNGCSLK:'',fMMXQRNewDescription:true,urlFooterPrivacy:'https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&uaid=6dbc18b777914ddb890bb08cd42a04ea',sProofType:'',oWhiteLblFooterURLs:{},urlChangePassword:'https://account.live.com/ChangePassword?uaid=6dbc18b777914ddb890bb08cd42a04ea',urlImpressum:'',urlGetCredentialType:'https://login.live.com/GetCredentialType.srf?opid=43090ABD23AB5B8D&id=38936&mkt=EN-US&lc=1033&uaid=6dbc18b777914ddb890bb08cd42a04ea',sAppVersion:'',hpgid:33,sRequestCountry:'US',urlLostAuthenticator:'https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fcontextid%3dD4518CD049AE793A%26opid%3d43090ABD23AB5B8D%26bk%3d1716505009&id=38936&uiflavor=web&lostauthenticator=1&uaid=6dbc18b777914ddb890bb08cd42a04ea&mkt=EN-US&lc=1033&bk=1716505009',sCBBrandTitle:'sign up',urlAccountQuery:'https://account.live.com/query.aspx?uaid=6dbc18b777914ddb890bb08cd42a04ea&mkt=EN-US&lc=1033&id=38936',a11yConformeLink:null,urlMsaStaticMeControl:'https://login.live.com/Me.htm?v=3&uaid=6dbc18b777914ddb890bb08cd42a04ea',urlPhoneLinkPrivacyTerms:'https://go.microsoft.com/fwlink/p/?linkid=850749#mainyourphonemodule&profile=transparentLight',sClientFlight:'',fApplicationInsightsEnabled:false,urlSessionState:'https://login.live.com/GetSessionState.srf?mkt=EN-US&lc=1033&uaid=6dbc18b777914ddb890bb08cd42a04ea',sRandomBlob:'Pass',eCBHeaderMode:0,fPrefixCookieDomainEnabled:false,urlFed:'',fShowMoreProofsLinkNewLogic:true,fRemoveOTCLengthChecks:true,fAllowGrayOutLightBox:true,iApplicationInsightsEnabledPercentage:0,strLWADisclaimerMsg:'',fBreakBrandingSigninString:true,urlPostAad:'',fUpgradeEVCert:true,fShowSignInWithFidoOnUsernameView:true,strOTCMobileHintMsg:"Use the primary phone number you\'ve associated with your Microsoft account. <a href=\"http://explore.live.com/windo
URL: https://login.live.com/login.srf Model: gpt-4o	```json { "riskscore": 2, "reasons": "The code appears to be a script loader with some error handling and logging functionality. It checks for specific browser conditions and handles script and stylesheet loading with integrity checks. There is no immediate indication of malicious behavior such as data exfiltration or credential harvesting. However, the script does dynamically load other scripts, which could potentially be exploited if the sources are not trusted or if the script is modified to load malicious content. This warrants a low risk score." }
!function(e,r){for(var t in r)e[t]=r[t]}(this,function(e){function r(n){if(t[n])return t[n].exports;var o=t[n]={exports:{},id:n,loaded:!1};return e[n].call(o.exports,o,o.exports,r),o.loaded=!0,o.exports}var t={};return r.m=e,r.c=t,r.p="",r(0)}([function(e,r){!function(){function e(){return l.$Config\|\|l.ServerData\|\|{}}function r(e,r){var t=l.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=l.$B;if(void 0===c)if(e)c=e.IE;else{var r=l.navigator.userAgent;c=r.indexOf("MSIE ")!==-1\|\|r.indexOf("Trident/")!==-1}return c}function n(){var e=l.$B;if(void 0===f)if(e)f=e.RE_Edge;else{var r=l.navigator.userAgent;f=r.indexOf("Edge")!==-1}return f}function o(e){var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t),o=e.substring(n,n+h.length).toLowerCase()===h;return o}function a(){var r=e(),t=r.loader\|\|{};return t.slReportFailure\|\|r.slReportFailure\|\|!1}function i(){var r=e(),t=r.loader\|\|{};return t.redirectToErrorPageOnLoadFailure\|\|!1}function s(){var r=e(),t=r.loader\|\|{};return t.logByThrowing\|\|!1}function d(e){if(!t()&&!n())return!1;var r=e.src\|\|e.href\|\|"";if(!r)return!0;if(o(r)){var a,i,s;try{a=e.sheet,i=a&&a.cssRules,s=!1}catch(d){s=!0}if(a&&!i&&s)return!0;if(a&&i&&0===i.length)return!0}return!1}function u(){function t(e){var r=g.getElementsByTagName("head")[0];r.appendChild(e)}function n(e,r,t,n){var d=null;return d=o(e)?a(e):"script"===n.toLowerCase()?i(e):s(e,n),r&&(d.id=r),"function"==typeof d.setAttribute&&(d.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&d.setAttribute("integrity",t)),d}function a(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function i(e){var r=g.createElement("script"),t=g.querySelector("script[nonce]");if(r.type="text/javascript",r.src=e,r.defer=!1,r.async=!1,t){var n=t.nonce\|\|t.getAttribute("nonce");r.setAttribute("nonce",n)}return r}function s(e,r){var t=g.createElement(r);return t.src=e,t}function c(e,r){if(e&&e.length>0&&r)for(var t=0;t<e.length;t++)if(r.indexOf(e[t])!==-1)return!0;return!1}function f(r){var t=e();if(t.cQ){var n=c(L,r)?L:x;if(!(n&&n.length>1))return r;for(var o="https://",a=0;a<n.length;a++)if(r.indexOf(n[a])!==-1){var i=n[a+1<n.length?a+1:0],s=r.substring(n[a].length);return n[a].substring(0,o.length)!==o&&(i=o+i,s=s.substring(o.length)),i+s}return r}if(!(x&&x.length>1))return r;for(var d=0;d<x.length;d++)if(0===r.indexOf(x[d]))return x[d+1<x.length?d+1:0]+r.substring(x[d].length);return r}function l(e,t,n,o){return r("[$Loader]: "+(R.failMessage\|\|"Failed"),o),b[e].retry<y?(b[e].retry++,v(e,t,n),void u._ReportFailure(b[e].retry,b[e].srcPath)):void(n&&n())}function h(e,t,n,o){if(d(o))return l(e,t,n,o);r("[$Loader]: "+(R.successMessage\|\|"Loaded"),o),v(e+1,t,n);var a=b[e].onSuccess;"function"==typeof a&&a(b[e].srcPath)}function v(e,o,a){if(e<b.length){var i=b[e];if(!i\|\|!i.srcPath)return void v(e+1,o,a);i.retry>0&&(i.srcPath=f
URL: https://login.live.com/login.srf Model: gpt-4o	```json { "riskscore": 2, "reasons": "The code includes functionality to dynamically load scripts based on user agent conditions, which could potentially be used for malicious purposes. However, there is no direct evidence of malicious behavior in the provided code snippet." }
!function(e,r){for(var t in r)e[t]=r[t]}(this,function(e){function r(n){if(t[n])return t[n].exports;var i=t[n]={exports:{},id:n,loaded:!1};return e[n].call(i.exports,i,i.exports,r),i.loaded=!0,i.exports}var t={};return r.m=e,r.c=t,r.p="",r(0)}([function(e,r){var t=window,n=t.navigator;t.g_iSRSFailed=0,t.g_sSRSSuccess="",r.SRSRetry=function(e,r,i,s,a){var o=1,c=unescape("%3Cscript type='text/javascript'");a&&(c+=" crossorigin='anonymous' integrity='"+a+"'"),c+=" src='";var u=unescape("'%3E%3C/script%3E"),S=r;if(n&&n.userAgent&&s&&s!==r){var d=n.userAgent.toLowerCase(),p=d.indexOf("edge")>=0;if(!p){var f=d.match(/chrome\/([0-9]+)\./),g=f&&2===f.length&&!isNaN(f[1])&&parseInt(f[1])>54;g&&(S=s)}}t.g_sSRSSuccess.indexOf(e)===-1&&("undefined"==typeof t[e]?(t.g_iSRSFailed=1,i<=o&&document.write(c+S+u)):t.g_sSRSSuccess+=e+"\|"+i+",")}}]));var g_dtFirstByte=new Date();var g_objPageMode = null;
URL: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda Model: gpt-4o	```json { "phishing_score": 9, "brands": "OneDrive", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "reasons": "The URL 'https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda' is suspicious because it does not match the legitimate domain for OneDrive, which is 'onedrive.live.com'. The use of 'ms-1drive.com' is a common phishing technique to mimic legitimate services. The page includes a login form, which is a common tactic in phishing to steal credentials. The presence of a medical report PDF is also a social usering technique to entice users to click on the download link." }

URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 1, "reasons": "The code appears to load a resource from a Microsoft authentication domain, which is generally considered safe. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access attempts. The use of a legitimate domain and the absence of suspicious patterns reduce the risk score." }
//<![CDATA[ (function () { var $NonBlockingResources={"res":[{"src":"https\u003a\u002f\u002facctcdn.msftauth.net\u002fdatarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js"}]};window.$Do&&window.$Do.register("$NonBlockingResources",0,true); !function(n,o){function e(){for(var e=new n.$Loader,r=o.res,i=0;i<r.length;i++){var t=r[i];t&&e.Add(t.src,t.id,t.integrity)}e.Load()}o&&o.res&&0!=o.res.length&&$Do.when("doc.load",function(){setTimeout(e,10)})}(window,$NonBlockingResources); })(); //
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 3, "reasons": "The code interacts with browser storage (cookies and sessionStorage) and external objects (e.g., webkit message handlers, external objects). While this is not inherently malicious, it could be used to track user behavior or manipulate browser state in ways that could be leveraged for phishing or other malicious activities. However, there is no direct evidence of malicious intent in the provided code." }
!function(e){function t(t,r,n,a,i,s){function f(){return s?";SameSite=None":""}var c=this,u=null,l=null,p=!1;try{u=e.external}catch(y){}try{l=e.webkit&&e.webkit.messageHandlers\|\|null,p=null!==l}catch(y){}c.getPropertyBag=function(){if(a){if(i&&"undefined"!=typeof Storage&&"undefined"!=typeof JSON&&sessionStorage.property){return JSON.parse(sessionStorage.property)}var e=c.getCookieValue("Property");if(e&&"undefined"!=typeof JSON){return JSON.parse(e)}}return null},c.getProperty=function(e){var t=null;try{t=u.Property(e) }catch(o){if(a){var r=c.getPropertyBag();r&&(t=r[e],t="string"==typeof t?decodeURIComponent(t):t)}}return t},c.setWizardButtons=function(e,o,r){try{if(!t){if(p){var n={"IsBackEnabled":e,"IsNextEnabled":o,"IsLastPage":r};l.SetWizardButtons.postMessage(JSON.stringify(n))}else{u.SetWizardButtons(e,o,r)}}}catch(i){a&&(c.setCookieValue("Page","BackButton",e),c.setCookieValue("Page","NextButton",o),c.setCookieValue("Page","LastPage",r))}},c.setHeaderText=function(e){try{t\|\|(p?l.SetHeaderText.postMessage(e):u.SetHeaderText(e,"")) }catch(r){a&&(o.title=e,c.setCookieValue("Page","HeaderText",e))}},c.setProperty=function(e,o){try{if(!t){if(p){var r={};r[e]=o,l.Property.postMessage(JSON.stringify(r))}else{n?u.Property(e,o):u.Property(e)=o}}}catch(s){a&&(i?c.setSessionStorageValue(e,o):c.setCookieValue("Property",e,o))}},c.setSessionStorageValue=function(e,t){if(i&&"undefined"!=typeof Storage&&"undefined"!=typeof JSON){var o={};sessionStorage.property&&(o=JSON.parse(sessionStorage.property)),o[e]="string"==typeof t?encodeURIComponent(t):t,sessionStorage.property=JSON.stringify(o) }},c.setCookieValue=function(e,t,r,n){if(a&&"undefined"!=typeof JSON){var i=(o.cookie.split(";"),c.getCookieValue(e)),s={};i&&(s=JSON.parse(i)),s[t]="string"==typeof r?encodeURIComponent(r):r,i=JSON.stringify(s);var u=e+"="+i+";domain="+$Config.sd+";path=/;secure";u+=n&&"none"!==n.toLowerCase()?";SameSite="+n:f(),o.cookie=u}},c.getCookieValue=function(e){var t=null;if(a){for(var r=o.cookie.split(";"),n=e+"=",i=0;i<r.length;i++){var s=r[i].trim();if(0==s.indexOf(n)){t=s.substring(n.length,s.length);break}}}return t },a&&(c.deleteCookie=function(e){o.cookie=e+"=; domain="+$Config.sd+";path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;secure"+f()}),c.finalNext=function(){try{if(a&&c.setCookieValue("Page","LastAction","finalNext"),t){var e=MSA.CXH;e&&e.finish(e.FinishStates.Success)}else{p?l.FinalNext.postMessage(""):u.FinalNext()}}catch(o){}},c.finalBack=function(){try{if(a&&c.setCookieValue("Page","LastAction","finalBack"),t){var e=MSA.CXH;e&&e.finish(e.FinishStates.GoBack)}else{p?l.FinalBack.postMessage(""):u.FinalBack()}}catch(o){}},c.ready=function(){if(!t){try{u.Ready() }catch(e){}}},c.notReady=function(){if(!t){try{u.NotReady()}catch(e){}}},c.reportTelemetry=function(e){try{p&&l.ReportTelemetry?l.ReportTelemetry.postMessage(e):u.ReportTelemetry&&u.ReportTelemetry(e)}catch(t){}}}var o=e.document;e.WizardExternalHelper=t,$Do.register("WizardExternalHelper",0,!0)}(window
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 2, "reasons": "The provided JavaScript code appears to be a utility library for defining and extending classes and namespaces, as well as managing unique IDs and keys. It does not exhibit any overtly malicious behavior such as data exfiltration, credential harvesting, or unauthorized access to sensitive information. However, the use of dynamic function manipulation and the potential for misuse in other contexts warrants a low-level risk score." }
//<![CDATA[ !function(){function n(n,e,t){if(n[e]){var r=n.__appendedFunctions=n.__appendedFunctions\|\|{};if(r[e]){r[e].push(t)}else{{r[e]=[]}r[e].push(n[e]),r[e].push(t),n[e]=function(){for(var n=this.__appendedFunctions[e],t=0;t<n.length;t++){n[t].apply(this,arguments)}}}}else{n[e]=t}}function e(t,r,i){for(var a in r){r.hasOwnProperty(a)&&("initialize"!==a&&"dispose"!==a\|\|i?i&&t[a]?e(t[a],r[a],i):t[a]=r[a]:n(t,a,r[a]))}return t}function t(n){var e={};for(var t in n){if(n.hasOwnProperty(t)){var r=n[t];e[t]=r&&"[object Array]"===Object.prototype.toString.call(r)?r.slice(0):r }}return e}var r=1;e(window,{"getId":function(n){var e;return n?(n.__id\|\|(n.__id=String(r++)),e=n.__id):e=String(r++),e},"getKey":function(n){var e;return n&&(n.key\|\|(n.key=getId(n)),e=n.key),e},"defineNamespace":function(n,t,r,i){for(var a=n.split("."),o=r\|\|window,u=0;u<a.length-1;u++){o=o[a[u]]=o[a[u]]\|\|{}}var s=a[a.length-1];return o[s]?e(o[s],t,i):o[s]=t,s},"defineClass":function(n,t,r,i){var a=t.prototype,o=defineNamespace(n,t);if(a.__fullName=n,a.__className=o,r&&e(a,r),i&&e(t,i),arguments.length>4){for(var u=4;u<arguments.length;u++){e(a,arguments[u]) }}},"defineSubClass":function(n,r,i,a,o){var u=i\|\|function(){};i=function(){r.apply(this,arguments),u.apply(this,arguments)};var s=i.prototype;if(e(s,r.prototype),s._base=r.prototype,s.__appendedFunctions&&(s.__appendedFunctions=t(s.__appendedFunctions)),defineClass(n,i,a,o),arguments.length>5){for(var p=5;p<arguments.length;p++){e(s,arguments[p])}}},"appendFunction":n,"mix":e,"bind":function(n,e){return function(){return e.apply(n,arguments)}}})}(); //
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 1, "reasons": "The provided JavaScript code appears to be related to UI theming and image path handling based on the background color of the document body. It does not contain any obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. The code primarily focuses on adjusting image paths and themes, which is typical for enhancing user experience. Therefore, it poses minimal risk." }
//<![CDATA[ !function(e){var t;!function(e){var t;!function(e){var t;!function(e){function t(e,t){return e?t&&t.length>6&&("data:"===t.substr(0,5).toLowerCase()\|\|"http:"===t.substr(0,5).toLowerCase()\|\|"https:"===t.substr(0,6).toLowerCase())?t:e+t:t}e.getImagePath=t}(t=e.ImageHelper\|\|(e.ImageHelper={}))}(t=e.Util\|\|(e.Util={}))}(t=e.Account\|\|(e.Account={}))}(wLive\|\|(wLive={})),function(e){var t;!function(e){var t;!function(e){var t;!function(e){function t(e,t){var r="";n.getComputedStyle(document.body)&&n.getComputedStyle(document.body).backgroundColor&&(r=n.getComputedStyle(document.body).backgroundColor.toLowerCase().replace(new RegExp(" ","g"),"")); var o="rgb(0,0,0)"===r\|\|"#000000"===r\|\|"#000"===r,a="rgb(255,255,255)"===r\|\|"#ffffff"===r\|\|"#fff"===r,g="rgb(32,32,32)"===r\|\|"#202020"===r,f="rgb(45,50,54)"===r\|\|"#2d3236"===r,u="rgb(255,250,239)"===r\|\|"#fffaef"===r;return t.forBlackBackground&&(o\|\|g\|\|f)?t.forBlackBackground:t.forWhiteBackground&&(a\|\|u)?t.forWhiteBackground:e}function r(e,t){var r="";n.getComputedStyle(document.body)&&n.getComputedStyle(document.body).backgroundColor&&(r=n.getComputedStyle(document.body).backgroundColor.toLowerCase().replace(new RegExp(" ","g"),"")); var o="rgb(0,0,0)"===r\|\|"#000000"===r\|\|"#000"===r,a="rgb(255,255,255)"===r\|\|"#ffffff"===r\|\|"#fff"===r,g="rgb(32,32,32)"===r\|\|"#202020"===r,f="rgb(45,50,54)"===r\|\|"#2d3236"===r,u="rgb(255,250,239)"===r\|\|"#fffaef"===r;return t.forAquaticTheme&&g?t.forAquaticTheme:t.forDuskTheme&&f?t.forDuskTheme:t.forDesertTheme&&u?t.forDesertTheme:t.forBlackBackground&&(o\|\|f\|\|g)?t.forBlackBackground:t.forWhiteBackground&&(a\|\|u)?t.forWhiteBackground:e}function o(e,t){return e?t&&t.length>6&&("data:"===t.substr(0,5).toLowerCase()\|\|"http:"===t.substr(0,5).toLowerCase()\|\|"https:"===t.substr(0,6).toLowerCase())?t:e+t:t }function a(e,r,a){return o(e,t(r,a))}function g(e){if(!e){return!1}var t="";n.getComputedStyle(document.body)&&n.getComputedStyle(document.body).backgroundColor&&(t=n.getComputedStyle(document.body).backgroundColor.toLowerCase().replace(new RegExp(" ","g"),""));var r="rgb(0,0,0)"===t\|\|"#000000"===t\|\|"#000"===t,o="rgb(255,255,255)"===t\|\|"#ffffff"===t\|\|"#fff"===t,a="rgb(32,32,32)"===t\|\|"#202020"===t,g="rgb(45,50,54)"===t\|\|"#2d3236"===t,f="rgb(255,250,239)"===t\|\|"#fffaef"===t;return r\|\|o\|\|a\|\|g\|\|f}var n=window; e.getHighContrastImage=t,e.getHighContrastImageAllThemes=r,e.getImagePath=o,e.getHighContrastImageUrl=a,e.hasThemeApplied=g}(t=e.HighContrast\|\|(e.HighContrast={}))}(t=e.Util\|\|(e.Util={}))}(t=e.Account\|\|(e.Account={}))}(wLive\|\|(wLive={})),$Do&&$Do.when(["doc.ready","jQuery"],0,function(){function e(){var e=$PageHelper.byId("bannerBackButton");if(e.length>0&&e.on("click",function(){o&&o.$&&o.$.triggerHandler(o.back)}),a&&u){var t=$PageHelper.byClassName("logo"),r=g.getImagePath(u.baseUrl,u.msLogo),n=g.getImagePath(u.baseUrl,u.msLogoWhite),c=a.getHighContrastImage(r,{"forBlackBackground":n}); t.length>0&&c&&c!==r&&t.attr("src",c);var i=$PageHelper.byId("backArrowImage"),d=f.isR
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 2, "reasons": "The JavaScript code appears to be related to prefetching resources and managing cookies. It does not show any clear signs of malicious behavior such as stealing user data or injecting malicious scripts. However, it does manipulate cookies and fetch resources, which could potentially be used for tracking or other purposes. The risk is low but not zero." }
//<![CDATA[ (function () { var $Prefetch={"rfPre":1,"delay":7500,"maxHistory":4,"maxAge":43200,"ageRes":1440,"name":"clrc","fetch":[{"path":"\u002fResources\u002fimages\u002fmicrosoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg","hash":"d7PFy\u002f1V","co":1},{"path":"\u002fResources\u002fimages\u002ffavicon.ico","hash":"\u002bVC\u002bx0R6","co":1},{"path":"\u002fResources\u002fimages\u002f2_vD0yppaJX3jBnfbHF1hqXQ2.svg","hash":"FutSZdvn","co":1}],"mode":0,"useSameSite":1};window.$Do&&window.$Do.register("$Prefetch",0,true); !function(e,t,n){function r(e){X.appendLog&&X.appendLog("Client Prefetch: "+e)}function i(){try{for(var e=t.cookie.split(";"),r=0;r<e.length;r++){var i=e[r];if(i){var o=i.indexOf("=");if(-1!==o){var u=i.substr(0,o).trim();if(u===n.name){var a=i.substr(o+1);return JSON.parse(c(a))}}}}}catch(f){}return{}}function o(e,t,n){return e.replace(t,n)}function c(e){return e=o(e,/%5c/g,"\\"),e=o(e,/%3e/g,">"),e=o(e,/%3d/g,"="),e=o(e,/%3c/g,"<"),e=o(e,/%3b/g,";"),e=o(e,/%3a/g,":"),e=o(e,/%2c/g,","),e=o(e,/%27/g,"'"),e=o(e,/%22/g,'"'),e=o(e,/%20/g," "),e=o(e,/%25/g,"%") }function u(e){return e=o(e,/%/g,"%25"),e=o(e,/ /g,"%20"),e=o(e,/"/g,"%22"),e=o(e,/'/g,"%27"),e=o(e,/,/g,"%2c"),e=o(e,/:/g,"%3a"),e=o(e,/;/g,"%3b"),e=o(e,/</g,"%3c"),e=o(e,/=/g,"%3d"),e=o(e,/>/g,"%3e"),e=o(e,/\\/g,"%5c")}function a(e,r){var i=new Date;i.setTime(i.getTime()+kC);var o=n.name+"="+u(JSON.stringify(e))+";expires="+i.toUTCString()+";path=/;secure";o+=r&&"none"!==r.toLowerCase()?";SameSite="+r:f(),t.cookie=o}function f(){return N?";SameSite=None":""}function h(e,t){if(e){if(e.indexOf){return e.indexOf(t) }for(var n=0;n<e.length;n++){if(e[n]===t){return n}}}return-1}function g(e,t){return-1!==h(e,t)}function s(e,t){var n=h(e,t);return-1!==n?(e.splice(n,1),!0):!1}function l(e,t){for(var n in e){if(e.hasOwnProperty(n)&&!t(n,e[n])){break}}}function d(){var e=(new Date).getTime(),t=DC;return Math.round(L.getTime()>e?e/t:(e-L.getTime())/t)}function p(e,t){var n=!1;if(t&&t.length>0){n=!0;for(var r=0;r<t.length;r++){delete e[t[r]]}}return n}function v(e){var t=d()-k,n=t+2*k,r=null,i=0,o=[];return l(e,function(c){return t>c\|\|c>n?o.push(c):(0===e[c].length?o.push(c):(null===r\|\|r>c)&&(r=c),i++),!0 }),null!==r&&i>P&&o.push(r),p(e,o)}function m(e,t,n){r("Fetched: "+e+" Hash: "+t+" isRefresh: "+n);var o=i(),c=d(),u=!1,f=!1;if(l(o,function(e,n){return g(n,t)?(e!==c?s(o[e],t)&&(f=!0):u=!0,!1):!0}),!u){var h=o[c]\|\|[];h.push(t),o[c]=h,f=!0}f\|=v(o),f&&a(o),b()}function T(t,n,i,o){var c={"method":"GET"};i&&(c.mode="cors"),e.fetch(t,c).then(function(e){200===e.status?m(t,n,o):(r("Unexpected response - "+e.status),b())}).then(null,function(e){r("Failed - "+e),b()})}function S(){if(e.XMLHttpRequest&&!A){return new XMLHttpRequest }if(e.ActiveXObject){try{return new ActiveXObject("Msxml2.XMLHTTP")}catch(t){}try{return new ActiveXObject("Microsoft.XMLHttp")}catch(t){}}return null}function w(e,t,n,i,o){r("Fetching - "+t),e.onload=function(){m(t,n,o)},e.onerror=function(){r("XHR failed!"),b()},e.onti
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 7, "reasons": "The code attempts to break out of an iframe by replacing the top-level window's location with the current location. This behavior is often associated with phishing attempts to prevent detection and ensure the malicious content is displayed in the full browser window. Additionally, the use of 'document.write' to inject HTML can be risky as it may lead to cross-site scripting (XSS) vulnerabilities." }
//<![CDATA[ !function(){var t,o=window;if(o.self!=o.top){try{o.top.location.replace(o.location.href)}catch(e){try{o.top.location=o.location}catch(e){}}t="<plaintext hidden>"}else{t=unescape("%3C%73")+'tyle type="text/css" nonce="kOeVBfHqA/hA608dsMUtTl3oux3HFxO1JOZLrIHdjHA=">body{display:block !important;}</style>'}document.write(t)}(); //
URL: https://fpt.live.com/?session_id=368a97c0ecf841f8bdc9940f325083c6&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU Model: gpt-4o	```json { "riskscore": 7, "reasons": "The code contains suspicious elements such as hardcoded URLs that appear to be related to phishing attempts, the use of obfuscated or encoded strings, and the collection of potentially sensitive information about plugins and fonts. These characteristics are often associated with malicious activities." }
var localTarget='https://fpt.live.com/',target='https://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&',txnId='368a97c0ecf841f8bdc9940f325083c6',ticks='8DC7B7BA93AC1DA',rid='202f4ae7-3b8e-4b75-4b18-6e1e9641e2f2',authKey='taBcrIH61PuCVH7eNCyH0K%252fD9DJ44Cptuv0RyrXgXCvIo0u9ttCEbLuRCYXcmaPsbemRxwam7Kqh9GtF9dO5LNE87rZ4dpislLnwvqcCcQjnOKcyuyOWiSHLW39yLPXCxlZgTApBRdNhZuiNa%252bLck%252fQ1O2zxAJmYEck4wAb%252f3%252fClVvQU0t04VrH4%252bsfXypu7yCd5xLquFDpaSLXLJZuS5fCQiDgRlTQES3jcA9AgpF%252fYiclVJBpzbVnc9e%252bk3YoRYyTgeMThVdYDCLVRmJW69Zj8MNz6RpuarcmdjfidIoAXcrfSXjxMWP0F1wKazt4w',cid='33e01921-4d64-4f8c-a055-5bdaffd5e33d',assessment='',waitresponse=false,bbwait=false,commonquery='&PageId=SU',lsInfo=true,splitFonts=false,noFonts=false,UCH=true,PTO=100,rticks=1716505023016,ipv6Url='',txnKey='session_id',ridKey='id',lskey='MUID';(function(){function w(){var i=0,n;return t&&t.length&&(i=t.length),n="",window.ActiveXObject?(n+="plugin_flash=false",n+="&plugin_windows_media_player=false",n+="&plugin_adobe_acrobat=false",n+="&plugin_silverlight=false",n+="&plugin_quicktime=false",n+="&plugin_shockwave=false"):i>0&&(n+="plugin_flash="+lt(),n+="&plugin_windows_media_player="+rt(),n+="&plugin_adobe_acrobat="+ut(),n+="&plugin_silverlight="+ft(),n+="&plugin_quicktime="+et(),n+="&plugin_shockwave="+ot(),n+="&plugin_realplayer="+st(),n+="&plugin_vlc_player="+ht(),n+="&plugin_devalvr=false",n+="&plugin_svg_viewer=false",n+="&plugin_java="+ct()),n}function b(){var n=["monospace","sans-serif","serif"],i="Times New Roman CYR;Arial CYR;Courier New CYR;;Arial Cyr;Times New Roman Cyr;Courier New Cyr;; Pro;WP CyrillicB;WP CyrillicA;;; Pr6N B;-PUA;;;;GaramondNo4CyrTCYLig;HelveticaInseratCyr Upright;HelveticaCyr Upright;TL Help Cyrillic;;TLCyrillic2;AGRevueCyr-Roman;AGOptimaCyr;HelveticaInseratCyrillicUpright;HelveticaCyrillicUpright;HelveticaCyrillic;CyrillicRibbon;CyrillicHover;;;;Zrnic Cyr;Zipper1 Cyr;Xorx_windy Cyr;Xorx_Toothy Cyr;9; Apple;Chinese Generic1;Korean Generic1;Bullets 5(Korean);UkrainianFuturisExtra;VNI-Viettay;UkrainianCompact;UkrainianBrushScript;TiffanyUkraine;Baltica_Russian-ITV;Vietnamese font;Unicorn Ukrainian;UkrainianTimesET;UkrainianCourier;Tiff-HeavyUkraine;HungLan Artdesign - http://www.vietcomic.comVNI-Thufap2 Normalv2.0 Code VNI for WindowsVNI-Thufap2 Normal\x02;Vietnam;Bwviet;Soviet;Soviet Expanded;Soviet Bold;Russian;UVN Han Viet;UkrainianAcademy;Symbol;Verdana;Webdings;Arial;Georgia;Courier New;Trebuchet MS;Times New Roman;Impact;Comic Sans MS;Wingdings;Tahoma;Microsoft Sans Serif;Arial Black;Plantagenet Cherokee;Arial Narrow;Wingdings 2;Wingdings 3;Arial Unicode MS;Papyrus;C
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 7, "reasons": "The provided JavaScript code contains long random hexadecimal strings which are typically used for cryptographic purposes. However, the presence of such strings without context or explanation can be suspicious. The variables 'Key', 'randomNum', and 'SKI' might be used for encryption or obfuscation, which is a common technique in malicious scripts to hide their true purpose. Without further context or additional code, it is difficult to determine the exact intent, but the use of such obfuscation techniques raises a moderate to high risk of potential malicious activity." }
var Key="e=10001;m=a67c3d83918266494b10732e558006472d46a42d2423b1ddc92c6760e751bf45cceb75ce051bed28be809f737a601dc5875cc4462baae2bc31cb80b70f3d73fd737852a93925d888c874eae9df23b9068eea15770cd99ef419e54ababd72e89fe1e9b9100786100f349d208261fbe16c3ddec6bc9d927632b83b0e4e7a268747f37b9274251b793e95ccd1052787e600dab5f02dd3ab02fb0e5c827fc9dc3f1414f8e3aa21aeb0921498f3d22122b057c003095d5cf4531abd6978a8b3661b92c7081fa0058cfc548c828c76fa39ebea1ee05a5ffd04e596331de7b50eea9dfab23fb7ed21dabf3db87ff7bf5d36883b12207404740d71647b98d0180b48b5f5"; var randomNum="C965A8AC43CEA6820820176698C9119AF1B1060A48E145C1F55A42464DD9B2ED937FCA427276E036E9D6B5407AC5987B8B00B493C3F1A77E208FF1153747639A234C39DA6177F887CED8C0EE9DA219555C6E5FAB753A35D3A686993990BF5A6ADBA2C65A"; var SKI="25CE4D96CB3A09A69CD847C69FC6D40AF4A4DE12";
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 1, "reasons": "The JavaScript code appears to be related to telemetry, client events, and loading resources from a known domain (msftauth.net). There are no obvious signs of malicious behavior such as obfuscation, suspicious network requests, or attempts to steal user data. The presence of telemetry and tracking functionality is noted but considered low risk." }
//<![CDATA[ (function(w){ var t0={"imgsBase":"https://acctcdn.msftauth.net/images/","clientEvents":{"enabled":1,"telemetryEnabled":1,"useOneDSEventApi":1,"url":"/API/ClientEvents","providerUrl":"https://acctcdn.msftauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1","flush":60000,"autoPost":1,"autoPostDelay":1000,"minEvents":1,"maxEvents":1,"pltDelay":500,"appInsightsConfig":{"instrumentationKey":"9be4f99c87354f6e94f8f99664545aa0-be890c9e-a0c3-4e93-a12a-040f61fd5120-7013","webAnalyticsConfiguration":{"autoCapture":{"jsError":1}}},"defaultEventName":"IDUX_AccountUXClientTelemetryEvent_WebWatson","serviceID":"1"},"serverDetails":{"dc":"southcentralus","ri":"scuXXXX00RO","ver":{"v":[2,0,3350,0]},"rt":"2024-05-23T22\u003a56\u003a59","et":109},"watson":{"enabled":1,"bundle":"https://acctcdn.msftauth.net/watson_DOaS_v-h3FCKtNPQv8zSLw2.js?v=1","sbundle":"https://acctcdn.msftauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1","fbundle":"https://acctcdn.msftauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js?v=1","resetErrorPeriod":5,"maxCorsErrors":2,"maxInjectErrors":5,"maxErrors":10,"maxTotalErrors":100,"incScripts":1,"expSrcs":["acctcdn.msauth.net","acctcdn.msftauth.net","acctcdnmsftuswe2.azureedge.net","acctcdnvzeuno.azureedge.net","account.live.com","login.live.com"],"expectedVersions":["1.10.2"]},"clientTelemetry":{"uaid":"368a97c0ecf841f8bdc9940f325083c6","tcxt":"zhURI6EDLC2K415uhg8X38keNPqTh\u002f4UGb0K\u002bLBTBe95jJ2ogrFqpgFy\u002bEQaX4GSWF15igeTKHzPp8fHFnos\u002f1bbzvzUYkDIYxYcGY1RutY1DDFxVvPXNKWY61ZzR7MkXa8cg7\u002bcwbU\u002fw3wAOIL2\u002bPG0BYZTwwSFP3YUfk9Aw4x0x8wDMuFMFjR3DxYxycJRZw0wIAm7eQO2oHiL1iQz24ZQkfMUTelunE7Oe6o4jpfNpJEbvTGRo8S4gXTrGlAe8T6p76OcEADQtIIBkOBjYvwEkTWbEMmBIhd3i4pI1aUp6aAxsIt2UGDv5S6lH82ERTXjLLa2v1KQ\u002bKReS8oLUvpWK0KXolDkMJUXQt4B4xFGw4TDPeQcWD8o\u002f8aLAivhmY9jAEh31jSroxwq4FoVI8vLiNuFmpUc0JuloLUEOHVJ3p3I8ER9T4ss\u002fUHYp1bIpKymuSJfrcoyQ6so65M\u002bRX37dC0Gfv8UqC0OFYzVk5itynm09Yjs2\u002bTWzDNXoEQpuytCeHBLqv7I\u002bTjBuhx3MRYx8PF3\u002bfRUEQNHS2tlpWVUe4kQRUxJjj3DdlSmOam8nkfHa1M1K\u002bROTkCGXcn2Jk39A9sDTWLa2ENv60z7OlA\u003d\u003a2\u003a3"},"WLXAccount":{"Animation":{"showConvergedAnimation":1},"urls":{"baseDomain":"https://signup.live.com/","reportClientData":"API\u002fReportClientEvent"},"hasWin10NonOOBEBehavior":0,"hasWin10Behavior":0,"signup":{"showConvergedFrame":1,"page":{"isRTL":0,"imgs":{"baseUrl":"https://acctcdn.msftauth.net/images/","marchingAnts":"marching_ants_tUCo5RgDcZLjLE_li_Lbqw2.gif","marchingAntsWhite":"marching_ants_white_Fm3lNHEmUlOrOkVt7-baIw2.gif","msLogo":"microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg","msLogoWhite":"microsoft_logo_white_WV6SBtQnTELCe2bjcfpjPQ2.svg","leftArrow":"Arrows\u002fleft_qcwoJO81F7bEFg3Pj_fUEA2.svg","leftArrowWhite":"Arrows\u002fleft_white_48cQvjBSJTrXyqU8Jwd2gw2.svg","rightArrow":"Arrows\u002fright_aGpzma_a9NXwYO6wizIMQg2.svg","rightArrowWhite":"Arrows\u002fright_white_BCQ8nqTxlKnILt4pCthDYw2.svg","dropdownCaret":"dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg","dropdownCar
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 1, "reasons": "The JavaScript code primarily deals with telemetry and event tracking, which is common in web applications for monitoring user interactions and performance. There is no indication of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. The presence of telemetry and event tracking is not considered a risk in this context." }
//<![CDATA[ var w=window;w.Telemetry=w.Telemetry\|\|{},w.Telemetry.EClientEvent={"Account_Signup_SwitchSignupType":1e4,"Account_Signup_MemberName_ValidationError":10001,"Account_ResetPW_SeeMoreVerificationOptions":11e3,"Account_ResetPW_SelectedVerificationOption":11001,"Account_ResetPW_OTT_ValidationError":11002,"Account_ResetPW_SeeMoreSecondaryAction":11003,"Account_Signup_Phone":11004,"Account_Signup_EASI":11005,"Account_Signup_Live":11006,"Account_DeviceFingerPrinting_Iframe_Load":11007,"Signin_Email_Phone_Skype":11008,"Signin_Submit":11009,"Signup_ChinaPIPLConsent_UserAction":11010,"Account_Arkose_Iframe_Load":11011,"Account_Arkose_Iframe_Load_Flavor":11012,"Account_Arkose_Iframe_Solved":11013,"Account_Arkose_Iframe_Solved_Flavor":11014},!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.Telemetry=e():(t.Microsoft=t.Microsoft\|\|{},t.Microsoft.Identity=t.Microsoft.Identity\|\|{},t.Microsoft.Identity.UX=t.Microsoft.Identity.UX\|\|{},t.Microsoft.Identity.UX.Telemetry=e()) }(window,function(){return function(t){function e(e){for(var n,i,o=e[0],s=e[1],a=0,c=[];a<o.length;a++){i=o[a],Object.prototype.hasOwnProperty.call(r,i)&&r[i]&&c.push(r[i][0]),r[i]=0}for(n in s){Object.prototype.hasOwnProperty.call(s,n)&&(t[n]=s[n])}for(p&&p(e);c.length;){c.shift()()}}function n(e){if(i[e]){return i[e].exports}var r=i[e]={"i":e,"l":!1,"exports":{}};return t[e].call(r.exports,r,r.exports,n),r.l=!0,r.exports}var i={},r={"1":0,"0":0};n.e=function(t){var e=[],i=r[t];if(0!==i){if(i){e.push(i[2])}else{var o=new Promise(function(e,n){i=r[t]=[e,n] });e.push(i[2]=o);var s,a=document.createElement("script");a.charset="utf-8",a.timeout=120,n.nc&&a.setAttribute("nonce",n.nc),a.src=n.p+"oneDs_0beccc053b60a78c36bf.js";var p=new Error;s=function(e){a.onerror=a.onload=null,clearTimeout(c);var n=r[t];if(0!==n){if(n){var i=e&&("load"===e.type?"missing":e.type),o=e&&e.target&&e.target.src;p.message="Loading chunk "+t+" failed.\n("+i+": "+o+")",p.name="ChunkLoadError",p.type=i,p.request=o,n[1](p)}r[t]=void 0}};var c=setTimeout(function(){s({"type":"timeout","target":a}) },12e4);a.onerror=a.onload=s,document.head.appendChild(a)}}return Promise.all(e)},n.m=t,n.c=i,n.d=function(t,e,i){n.o(t,e)\|\|Object.defineProperty(t,e,{"enumerable":!0,"get":i})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{"value":"Module"}),Object.defineProperty(t,"__esModule",{"value":!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e){return t}if(4&e&&"object"==typeof t&&t&&t.__esModule){return t}var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{"enumerable":!0,"value":t}),2&e&&"string"!=typeof t){for(var r in t){n.d(i,r,function(e){return t[e] }.bind(null,r))}}return i},n.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.has
URL: https://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=368a97c0ecf841f8bdc9940f325083c6&id=202f4ae7-3b8e-4b75-4b18-6e1e9641e2f2&w=8DC7B7BA93AC1DA&tkt=taBcrIH61PuCVH7eNCyH0K%252fD9DJ44Cptuv0RyrXgXCvIo0u9ttCEbLuRCYXcmaPsbemRxwam7Kqh9GtF9dO Model: gpt-4o	```json { "riskscore": 7, "reasons": "The code interacts with localStorage and sends potentially sensitive information (session_id, CustomerId, authKey) to external URLs. This behavior is typical of tracking but can also be used for malicious purposes such as session hijacking or data exfiltration. The use of obfuscated strings and the lack of clear documentation or context further increase the risk." }
function BaseStamp() { this.GetStorageQsInfo = function () { if (window.localStorage) { var n = window.localStorage.getItem(lsKey); var lsupd = "False"; if (lsupd === "true" && n) { var xhr = new XMLHttpRequest(), method = "GET", url = target + "updatels.html?ofid=" + n + "&session_id=" + sid + "&CustomerId=" + cid; xhr.open(method, url, true); xhr.onreadystatechange = function () { if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) { var update = xhr.responseText; if (update && update.toLowerCase() === "true") { window.localStorage.setItem(lsKey, id); } } }; xhr.send(); } if (n && n != null && n != "" \|\| (window.localStorage.setItem(lsKey, id), n = id), id != n) return "session_id=" + sid + "&CustomerId=" + cid + "&fid=" + id + "&ofid=" + n + "&w=" + ticks + "&auth=" + encodeURIComponent(authKey) } return "" }; this.newXMLHttp = function () { var n = null; return window.XMLHttpRequest ? n = new XMLHttpRequest : window.ActiveXObject && (n = new ActiveXObject("Msxml2.XMLHTTP")), n }; this.delayedSend = function (n) { var i, t, r; try { i = this.newXMLHttp(); i.open("GET", n, !0); i.send() } catch (u) { t = document.createElement("script"); t.id = "DelayedSendLS"; t.defer = !0; t.onload = function () { return !0 }; t.setAttribute("src", n); r = document.createElement("div"); r.id = "DelayedSendLSDiv"; document.body.appendChild(r); document.getElementById("DelayedSendLSDiv").appendChild(t) } }; this.pilot = function () { var n = this.GetStorageQsInfo(), t, i; n != "" && (t = "Images/Clear.PNG?ctx=Lscb1.0&" + n, this.delayedSend(target + t)); wlidReturnTarget != "" && (i = wlidDomain + "images/Clear.PNG?ctx=Wlcb1.0&session_id=" + sid + "&tkt=" + authKey, window.location.href = wlidReturnTarget.replace("target", encodeURIComponent(i))) }} var sid = "\63\66\70\141\71\67\143\60\145\143\146\70\64\61\146\70\142\144\143\71\71\64\60\146\63\62\65\60\70\63\143\66", cid = "33e01921-4d64-4f8c-a055-5bdaffd5e33d", id = "\62\60\62\146\64\141\145\67\55\63\142\70\145\55\64\142\67\65\55\64\142\61\70\55\66\145\61\145\71\66\64\61\145\62\146\62", authKey = "taBcrIH61PuCVH7eNCyH0K%2fD9DJ44Cptuv0RyrXgXCvIo0u9ttCEbLuRCYXcmaPsbemRxwam7Kqh9GtF9dO5LNE87rZ4dpislLnwvqcCcQjnOKcyuyOWiSHLW39yLPXC7hXWYJ1bn15Fcl92BnxAfwVReNmOpxRmGgrbuLGKfptdLNeXl31i3f854Muy45JAykwJicHaObna7xgmpc1yFjTqevLxH1pAe0HE4GsQ7ILa0yOMAhZZG6eVHLI5Rgf%2bRnxtfR6uDSRF9cT%2fK2AhNwCz1pXE%2fK01J3%2fdgjwfvYQ%3d", lsKey = "MUID", ticks = "8DC7B7BAB336098", target = "https://fpt2.microsoft.com/", wlidDomain = "https://fpt.microsoft.com/", wlidReturnTarget = ""; (function () { var n = new BaseStamp; n.pilot() })()
URL: https://signup.live.com/signup?lic=1&uaid=368a97c0ecf841f8bdc9940f325083c6 Model: gpt-4o	```json { "riskscore": 1, "reasons": "The provided JavaScript code appears to be a utility library that provides various helper functions for working with jQuery or a jQuery-like environment. It does not contain any obvious malicious behavior such as data exfiltration, credential theft, or unauthorized access. The code is primarily focused on DOM manipulation, event handling, and utility functions. However, without the full context of how this code is used within the web page, a minimal risk score is assigned." }
//<![CDATA[ !function(){function e(){return"undefined"==typeof t.jQueryShim}var t=window,n=t.$PageHelper={};n.visible=function(n){return e()?jQuery(n).is(":visible"):(n instanceof t.jQueryShim&&(n=n[0]),n?null===n.offsetParent?!1:!0:!1)},n.proxy=function(t,n){if(e()){return jQuery.proxy.apply(jQuery,arguments)}var r=[].slice.call(arguments,2);return function(){return t.apply(n\|\|this,r.concat([].slice.call(arguments)))}},n.parseJSON=function(t){return e()?jQuery.parseJSON(t):JSON.parse(t)},n.isArray=function(t){return e()?jQuery.isArray(t):"[object Array]"===Object.prototype.toString.call(t) },n.indexOf=function(t,n){if(e()){return jQuery.inArray(t,n)}if(n){if("function"==typeof n.indexOf){return n.indexOf(t)}for(var r=0;r<n.length;r++){if(n[r]===t){return r}}}return-1},n.each=function(t,r){if(e()){return jQuery.each(t,r)}if(n.isArray(t)){for(var o=0;o<t.length;o++){if(r(o,t[o])===!1){return}}}else{for(var a in t){t.hasOwnProperty(a)&&r(a,t[a])}}},n.merge=function(t,n){if(e()){return jQuery.merge(t,n)}var r=n.length,o=t.length,a=0;if("number"==typeof r){for(;r>a;a++){t[o]=n[a],t.elems&&(t.elems[o]=n[a]),o++ }}else{for(;void 0!==n[a];){t[o]=n[a],t.elems&&(t.elems[o]=n[a]),o++,a++}}return t.length=o,t},n.map=function(t,r){if(e()){return jQuery.map(t,r)}var o,a=0,i=t.length,u=n.isArray(t),s=[];if(u){for(;i>a;a++){o=r(t[a],a),null!=o&&(s[s.length]=o)}}else{for(a in t){o=r(t[a],a),null!=o&&(s[s.length]=o)}}return s},n.grep=function(e,t,n){var r,o=[],a=0,i=e.length;for(n=!!n;i>a;a++){r=!!t(e[a],a),n!==r&&o.push(e[a])}return o},n.extend=function(){if(e()){return jQuery.extend(arguments[0],arguments[1],arguments[2])}var t=!1,r=0; "boolean"==typeof arguments[0]&&(t=arguments[0],r++);var o=arguments[r]\|\|{};r++;for(var a=function(e){for(var r in e){e.hasOwnProperty(r)&&(o[r]=t&&"[object Object]"===Object.prototype.toString.call(e[r])?n.extend(!0,o[r],e[r]):e[r])}};r<arguments.length;r++){a(arguments[r])}return o},n.makeArray=function(t){if(e()){return jQuery.makeArray(t)}for(var n=[],r=0;r<t.length;r++){n=t[r]}return n},n.trim=function(t){return e()?jQuery.trim(t):"function"==typeof String.prototype.trim?t.trim():t.replace(/^\s+\|\s+$/g,"") },n.hasFocus=function(n){if(e()){var r;return r=n instanceof t.jQuery?n:jQuery(n),r.is(":focus")}return document.hasFocus()&&n===document.activeElement},n.onLoad=function(t){e()?jQuery(t):"complete"===document.readyState\|\|"loading"!==document.readyState&&!document.documentElement.doScroll?setTimeout(function(){t()},0):document.addEventListener&&!document.documentElement.doScroll?document.addEventListener("DOMContentLoaded",t):document.attachEvent("onreadystatechange",function(){"complete"===document.readyState&&(document.detachEvent("onreadystatechange",arguments.callee),t()) })},n.deferred=function(){if(e()){return jQuery.Deferred()}var t,n,r="pending";Promise.prototype.always=Promise.prototype["finally"];var o=new Promise(function(e,r){t=e,n=r});return{"promise":function(){return o},"state":function(){return r},"resolve"

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 00:56:25.686496973 CEST	53	62435	1.1.1.1	192.168.2.6
May 24, 2024 00:56:25.838578939 CEST	53	61876	1.1.1.1	192.168.2.6
May 24, 2024 00:56:27.125422001 CEST	53	54816	1.1.1.1	192.168.2.6
May 24, 2024 00:56:28.090504885 CEST	62195	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:28.090702057 CEST	50503	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:28.142904997 CEST	53	62195	1.1.1.1	192.168.2.6
May 24, 2024 00:56:28.152314901 CEST	53	50503	1.1.1.1	192.168.2.6
May 24, 2024 00:56:30.416377068 CEST	63432	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:30.416919947 CEST	57445	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:30.427063942 CEST	53	63432	1.1.1.1	192.168.2.6
May 24, 2024 00:56:30.427074909 CEST	53	57445	1.1.1.1	192.168.2.6
May 24, 2024 00:56:30.990039110 CEST	52444	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:30.990528107 CEST	63796	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:31.023062944 CEST	53	52444	1.1.1.1	192.168.2.6
May 24, 2024 00:56:31.047257900 CEST	53	63796	1.1.1.1	192.168.2.6
May 24, 2024 00:56:40.556216955 CEST	59355	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:40.556375980 CEST	60871	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:43.839210033 CEST	50098	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:43.839370012 CEST	57209	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:43.841213942 CEST	57414	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:43.841213942 CEST	52505	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:43.861730099 CEST	53	55228	1.1.1.1	192.168.2.6
May 24, 2024 00:56:44.119419098 CEST	53	55850	1.1.1.1	192.168.2.6
May 24, 2024 00:56:45.603492022 CEST	65206	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:45.603595972 CEST	49587	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:49.689536095 CEST	50177	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:49.689536095 CEST	54641	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:49.696893930 CEST	58298	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:49.696893930 CEST	57292	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:49.731960058 CEST	53	50177	1.1.1.1	192.168.2.6
May 24, 2024 00:56:49.731971979 CEST	53	54641	1.1.1.1	192.168.2.6
May 24, 2024 00:56:53.703313112 CEST	53	56765	1.1.1.1	192.168.2.6
May 24, 2024 00:56:54.386253119 CEST	62130	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:54.386620045 CEST	58733	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:54.393552065 CEST	53	62130	1.1.1.1	192.168.2.6
May 24, 2024 00:56:54.401005030 CEST	53	58733	1.1.1.1	192.168.2.6
May 24, 2024 00:56:57.642342091 CEST	55567	53	192.168.2.6	1.1.1.1
May 24, 2024 00:56:57.642517090 CEST	52138	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:01.955948114 CEST	49753	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:01.956244946 CEST	61213	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:02.310271025 CEST	53252	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:02.310761929 CEST	61841	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:02.990636110 CEST	55615	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:02.991750002 CEST	61858	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:03.070853949 CEST	53	52258	1.1.1.1	192.168.2.6
May 24, 2024 00:57:06.223079920 CEST	64187	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:06.223562002 CEST	50928	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:25.587153912 CEST	53	62120	1.1.1.1	192.168.2.6
May 24, 2024 00:57:25.670001984 CEST	53	50219	1.1.1.1	192.168.2.6
May 24, 2024 00:57:37.863221884 CEST	56498	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:37.863341093 CEST	50870	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:37.951596975 CEST	53	50870	1.1.1.1	192.168.2.6
May 24, 2024 00:57:39.571350098 CEST	57892	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:39.571548939 CEST	50658	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:39.580662012 CEST	53	50658	1.1.1.1	192.168.2.6
May 24, 2024 00:57:43.394220114 CEST	61942	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:43.394335985 CEST	49785	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:43.405764103 CEST	53	49785	1.1.1.1	192.168.2.6
May 24, 2024 00:57:44.223639965 CEST	56452	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:44.223942995 CEST	58287	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:45.466615915 CEST	64687	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:45.466902971 CEST	60091	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:45.489172935 CEST	53	60091	1.1.1.1	192.168.2.6
May 24, 2024 00:57:45.489186049 CEST	53	64687	1.1.1.1	192.168.2.6
May 24, 2024 00:57:45.501368046 CEST	51220	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:45.501411915 CEST	63206	53	192.168.2.6	1.1.1.1
May 24, 2024 00:57:45.516719103 CEST	53	63206	1.1.1.1	192.168.2.6
May 24, 2024 00:57:55.487368107 CEST	53	56989	1.1.1.1	192.168.2.6

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 24, 2024 00:56:31.047349930 CEST	192.168.2.6	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable
May 24, 2024 00:56:40.670083046 CEST	192.168.2.6	1.1.1.1	c2c7	(Port unreachable)	Destination Unreachable
May 24, 2024 00:56:43.875307083 CEST	192.168.2.6	1.1.1.1	c2a3	(Port unreachable)	Destination Unreachable
May 24, 2024 00:56:45.627966881 CEST	192.168.2.6	1.1.1.1	c298	(Port unreachable)	Destination Unreachable
May 24, 2024 00:56:48.526150942 CEST	192.168.2.6	1.1.1.1	c2b6	(Port unreachable)	Destination Unreachable
May 24, 2024 00:56:49.732357979 CEST	192.168.2.6	1.1.1.1	c2d2	(Port unreachable)	Destination Unreachable
May 24, 2024 00:57:02.008079052 CEST	192.168.2.6	1.1.1.1	c2a3	(Port unreachable)	Destination Unreachable
May 24, 2024 00:57:03.070914984 CEST	192.168.2.6	1.1.1.1	c28f	(Port unreachable)	Destination Unreachable
May 24, 2024 00:57:06.282504082 CEST	192.168.2.6	1.1.1.1	c2a3	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:28 UTC	694	OUT	GET /v/794850bf-f104-442e-acb0-475634834dda HTTP/1.1 Host: ms-1drive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:29 UTC	165	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-05-23 22:56:29 UTC	3192	IN	Data Raw: 63 36 63 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6e 65 44 72 69 76 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 6f 6e 65 64 72 69 76 65 2e 63 73 73 22 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f Data Ascii: c6c<html lang="en" dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" class="responsive"><head> <title>OneDrive</title> <link media="all" rel="stylesheet" href="/css/onedrive.css"/> <link rel="icon" type="image/x-icon" href="/

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:29 UTC	579	OUT	GET /css/onedrive.css HTTP/1.1 Host: ms-1drive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:30 UTC	237	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:30 GMT Content-Type: text/css Content-Length: 145344 Last-Modified: Tue, 07 Nov 2023 14:09:32 GMT Connection: close ETag: "654a451c-237c0" Accept-Ranges: bytes
2024-05-23 22:56:30 UTC	16147	IN	Data Raw: 62 6f 64 79 2c 0d 0a 69 6e 70 75 74 2c 0d 0a 74 65 78 74 61 72 65 61 2c 0d 0a 62 75 74 74 6f 6e 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 53 65 67 6f 65 20 55 49 27 2c 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 7d 0d 0a 0d 0a 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 53 68 61 64 65 33 30 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 53 68 61 64 65 33 30 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 34 35 37 38 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d Data Ascii: body,input,textarea,button { font-family:'Segoe UI',Tahoma,Arial,sans-serif;}html body .ms-bgColor-communicationShade30,html body .ms-bgColor-communicationShade30--hover:hover { background-color:#004578}html body .ms-bgColor-
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 68 61 72 65 64 47 72 61 79 33 30 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 61 37 35 37 34 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 73 68 61 72 65 64 47 72 61 79 32 30 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 73 68 61 72 65 64 47 72 61 79 32 30 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 36 39 37 39 37 65 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 73 68 61 72 65 64 47 72 61 79 31 30 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 73 68 61 72 65 64 Data Ascii: haredGray30--hover:hover { border-color:#7a7574}html body .ms-borderColor-sharedGray20,html body .ms-borderColor-sharedGray20--hover:hover { border-color:#69797e}html body .ms-borderColor-sharedGray10,html body .ms-borderColor-shared
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 72 2d 79 65 6c 6c 6f 77 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 79 65 6c 6c 6f 77 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 62 39 30 30 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 79 65 6c 6c 6f 77 4c 69 67 68 74 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 79 65 6c 6c 6f 77 4c 69 67 68 74 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 31 30 30 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 43 6f 6c 6f 72 2d 6f 72 61 6e 67 65 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 62 67 Data Ascii: r-yellow,html body .ms-bgColor-yellow--hover:hover { background-color:#ffb900}html body .ms-bgColor-yellowLight,html body .ms-bgColor-yellowLight--hover:hover { background-color:#fff100}html body .ms-bgColor-orange,html body .ms-bg
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 62 6f 64 79 20 2e 6d 73 2d 66 6f 6e 74 43 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 4c 69 67 68 74 65 72 41 6c 74 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 46 41 46 41 46 41 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 66 6f 6e 74 43 6f 6c 6f 72 2d 77 68 69 74 65 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 66 6f 6e 74 43 6f 6c 6f 72 2d 77 68 69 74 65 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 0d 0a 7d 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 66 6f 6e 74 43 6f 6c 6f 72 2d 79 65 6c 6c 6f 77 2c 0d 0a 68 74 6d 6c 20 62 6f 64 79 20 2e 6d 73 2d 66 6f 6e 74 43 6f 6c 6f 72 2d 79 65 6c 6c 6f 77 2d 2d 68 6f 76 65 72 3a 68 6f 76 65 72 20 7b 0d 0a Data Ascii: body .ms-fontColor-neutralLighterAlt--hover:hover { color:#FAFAFA}html body .ms-fontColor-white,html body .ms-fontColor-white--hover:hover { color:#FFFFFF}html body .ms-fontColor-yellow,html body .ms-fontColor-yellow--hover:hover {
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 6c 61 62 65 6c 2c 0d 0a 2e 69 73 46 6c 75 65 6e 74 56 4e 65 78 74 20 2e 6f 64 2d 42 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 20 2e 6f 64 2d 42 75 74 74 6f 6e 2d 6c 61 62 65 6c 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 42 44 42 44 42 44 0d 0a 7d 0d 0a 2e 69 73 2d 64 69 73 61 62 6c 65 64 2e 6f 64 2d 42 75 74 74 6f 6e 3a 66 6f 63 75 73 2c 0d 0a 2e 69 73 2d 64 69 73 61 62 6c 65 64 2e 6f 64 2d 42 75 74 74 6f 6e 3a 68 6f 76 65 72 2c 0d 0a 2e 6f 64 2d 42 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 3a 66 6f 63 75 73 2c 0d 0a 2e 6f 64 2d 42 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 0d 0a 7d 0d 0a 2e 6f 64 2d 42 75 74 74 6f 6e 2e 6f 64 2d 42 75 74 74 6f 6e 2d 2d 70 72 69 6d 61 72 79 20 7b 0d 0a Data Ascii: label,.isFluentVNext .od-Button:disabled .od-Button-label { color:#BDBDBD}.is-disabled.od-Button:focus,.is-disabled.od-Button:hover,.od-Button:disabled:focus,.od-Button:disabled:hover { outline:0}.od-Button.od-Button--primary {
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 20 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 31 36 31 36 31 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 36 70 78 20 31 32 70 78 20 37 70 78 3b 0d 0a 20 20 20 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 0d 0a 7d 0d 0a 2e 6f 64 2d 54 65 78 74 46 69 65 6c 64 2e 6f 64 2d 54 65 78 74 46 69 65 6c 64 2d 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2e 69 73 2d 64 69 73 61 62 6c 65 64 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 39 45 39 45 39 45 0d 0a 7d 0d 0a 2e 6f 64 2d 54 65 78 74 46 69 65 6c 64 2e 6f 64 2d 54 65 78 74 46 69 65 6c 64 2d 2d 75 6e 64 65 72 6c 69 6e 65 64 Data Ascii: position:absolute; font-weight:300; font-size:14px; color:#616161; padding:6px 12px 7px; pointer-events:none}.od-TextField.od-TextField--placeholder.is-disabled { color:#9E9E9E}.od-TextField.od-TextField--underlined
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 68 6f 72 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 64 61 73 68 65 64 20 62 6c 61 63 6b 3b 20 7d 0d 0a 0d 0a 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 6e 63 68 6f 72 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 6e 63 68 6f 72 41 63 74 69 76 65 20 7b 0d 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 7d 0d 0a 0d 0a 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 6e 63 68 6f 72 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 6e 63 68 6f 72 41 63 74 69 76 65 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 64 61 73 68 65 64 20 62 6c 61 63 6b 3b 20 7d 0d 0a 0d 0a 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 6e 63 68 6f 72 2e 6f 62 66 2d 4f 76 65 72 61 6c 6c 41 Data Ascii: hor:focus { outline: 2px dashed black; }.obf-OverallAnchor.obf-OverallAnchorActive { outline: 2px solid transparent; }.obf-OverallAnchor.obf-OverallAnchorActive:hover { outline: 2px dashed black; }.obf-OverallAnchor.obf-OverallA
2024-05-23 22:56:30 UTC	16384	IN	Data Raw: 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 7d 0d 0a 0d 0a 2e 6f 62 66 2d 46 6f 6e 74 53 75 62 74 69 74 6c 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 77 66 5f 53 65 67 6f 65 55 49 52 65 67 75 6c 61 72 27 2c 20 27 77 66 5f 53 65 67 6f 65 55 49 27 2c 20 27 53 65 67 6f 65 20 55 49 20 52 65 67 75 6c 61 72 27 2c 20 27 53 65 67 6f 65 20 55 49 27 2c 20 27 53 65 67 6f 65 27 2c 20 27 53 65 67 6f 65 20 57 50 27 2c 20 27 54 61 68 6f 6d 61 27 2c 20 27 56 65 72 64 61 6e 61 27 2c 20 27 41 72 69 61 6c 27 2c 20 27 73 61 6e 73 2d 73 65 72 69 66 27 3b 20 7d 0d 0a 0d 0a 2e 6f 62 66 2d Data Ascii: { display: block; }.obf-FontSubtitle { font-size: 18px; line-height: 24px; font-family: 'wf_SegoeUIRegular', 'wf_SegoeUI', 'Segoe UI Regular', 'Segoe UI', 'Segoe', 'Segoe WP', 'Tahoma', 'Verdana', 'Arial', 'sans-serif'; }.obf-
2024-05-23 22:56:30 UTC	14509	IN	Data Raw: 70 2d 63 6f 6d 6d 61 6e 64 42 61 72 20 2e 6d 73 2d 43 6f 6d 6d 61 6e 64 42 61 72 20 2e 6d 73 2d 42 75 74 74 6f 6e 2d 2d 63 6f 6d 6d 61 6e 64 42 61 72 2e 69 73 2d 64 69 73 61 62 6c 65 64 20 69 5b 64 61 74 61 2d 69 63 6f 6e 2d 6e 61 6d 65 3d 4e 65 78 74 5d 2c 0d 0a 2e 4f 6e 65 55 70 2d 2d 68 61 73 43 6f 6d 6d 61 6e 64 42 61 72 2e 4f 6e 65 55 70 2d 2d 6e 65 77 44 65 73 69 67 6e 65 64 43 6f 6d 6d 61 6e 64 42 61 72 20 2e 4f 6e 65 55 70 2d 63 6f 6d 6d 61 6e 64 42 61 72 20 2e 6d 73 2d 43 6f 6d 6d 61 6e 64 42 61 72 20 2e 6d 73 2d 42 75 74 74 6f 6e 2d 2d 63 6f 6d 6d 61 6e 64 42 61 72 2e 69 73 2d 64 69 73 61 62 6c 65 64 20 69 5b 64 61 74 61 2d 69 63 6f 6e 2d 6e 61 6d 65 3d 50 72 65 76 69 6f 75 73 5d 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 37 38 44 34 3b Data Ascii: p-commandBar .ms-CommandBar .ms-Button--commandBar.is-disabled i[data-icon-name=Next],.OneUp--hasCommandBar.OneUp--newDesignedCommandBar .OneUp-commandBar .ms-CommandBar .ms-Button--commandBar.is-disabled i[data-icon-name=Previous] { color:#0078D4;

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:30 UTC	620	OUT	GET /img/pdf.png HTTP/1.1 Host: ms-1drive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:30 UTC	234	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:30 GMT Content-Type: image/png Content-Length: 1071 Last-Modified: Fri, 22 Sep 2023 08:45:04 GMT Connection: close ETag: "650d5410-42f" Accept-Ranges: bytes
2024-05-23 22:56:30 UTC	1071	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 03 c4 49 44 41 54 78 01 ed dd 4d 48 14 61 1c c7 f1 df cc aa 1b 6e b2 15 15 e4 a1 35 88 8a 84 8a ea 5c 5e 82 5e 08 8a 28 b0 4c ad 43 87 a2 a0 83 74 e8 90 1d ba 15 05 bd 10 11 a5 6d b4 74 e8 05 a2 d7 53 d0 b5 22 cc 88 82 48 3b f4 4e 8a e2 e2 db ee d3 3c 92 a6 a2 9b cd 33 b3 ff 59 e6 f7 01 99 9d cb e2 3e df 7d d8 87 79 74 16 20 22 22 22 0a 23 0b 1e d8 5b bb 6b 6b 46 59 eb 9d 67 2b 45 d0 59 78 d6 df 9f b9 9d 4a a5 7e 22 00 22 30 b4 b7 ae 66 57 06 d6 66 e7 85 15 a3 30 24 22 76 64 f5 d2 ca ca 17 ad ad ad 69 08 Data Ascii: PNGIHDR``w8pHYssRGBgAMAaIDATxMHan5\^^(LCtmtS"H;N<3Y>}yt """#[kkFYg+EYxJ~""0fWf0$"vdi

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:31 UTC	620	OUT	GET /favicon.ico HTTP/1.1 Host: ms-1drive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:31 UTC	238	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:31 GMT Content-Type: image/x-icon Content-Length: 7886 Last-Modified: Fri, 22 Sep 2023 12:51:00 GMT Connection: close ETag: "650d8db4-1ece" Accept-Ranges: bytes
2024-05-23 22:56:31 UTC	7886	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:31 UTC	348	OUT	GET /img/pdf.png HTTP/1.1 Host: ms-1drive.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:32 UTC	234	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:31 GMT Content-Type: image/png Content-Length: 1071 Last-Modified: Fri, 22 Sep 2023 08:45:04 GMT Connection: close ETag: "650d5410-42f" Accept-Ranges: bytes
2024-05-23 22:56:32 UTC	1071	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 03 c4 49 44 41 54 78 01 ed dd 4d 48 14 61 1c c7 f1 df cc aa 1b 6e b2 15 15 e4 a1 35 88 8a 84 8a ea 5c 5e 82 5e 08 8a 28 b0 4c ad 43 87 a2 a0 83 74 e8 90 1d ba 15 05 bd 10 11 a5 6d b4 74 e8 05 a2 d7 53 d0 b5 22 cc 88 82 48 3b f4 4e 8a e2 e2 db ee d3 3c 92 a6 a2 9b cd 33 b3 ff 59 e6 f7 01 99 9d cb e2 3e df 7d d8 87 79 74 16 20 22 22 22 0a 23 0b 1e d8 5b bb 6b 6b 46 59 eb 9d 67 2b 45 d0 59 78 d6 df 9f b9 9d 4a a5 7e 22 00 22 30 b4 b7 ae 66 57 06 d6 66 e7 85 15 a3 30 24 22 76 64 f5 d2 ca ca 17 ad ad ad 69 08 Data Ascii: PNGIHDR``w8pHYssRGBgAMAaIDATxMHan5\^^(LCtmtS"H;N<3Y>}yt """#[kkFYg+EYxJ~""0fWf0$"vdi

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:56:32 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=29243 Date: Thu, 23 May 2024 22:56:32 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:32 UTC	348	OUT	GET /favicon.ico HTTP/1.1 Host: ms-1drive.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:33 UTC	238	IN	HTTP/1.1 200 OK Server: nginx/1.25.5 Date: Thu, 23 May 2024 22:56:32 GMT Content-Type: image/x-icon Content-Length: 7886 Last-Modified: Fri, 22 Sep 2023 12:51:00 GMT Connection: close ETag: "650d8db4-1ece" Accept-Ranges: bytes
2024-05-23 22:56:33 UTC	7886	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:56:33 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=29195 Date: Thu, 23 May 2024 22:56:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-23 22:56:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:41 UTC	640	OUT	GET / HTTP/1.1 Host: onedrive.live.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:41 UTC	2152	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 186 Content-Type: text/html; charset=utf-8 Location: https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" X-NetworkStatistics: 0,525568,0,0,4771,0,33576,4 X-SharePointHealthScore: 3 Content-Security-Policy: frame-ancestors 'self' sentry.contentvalidation.com sentry.ppe.contentvalidation.com sentry.int.contentvalidation.com X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: 899d2ba1-705b-5000-a854-963d008160a6 request-id: 899d2ba1-705b-5000-a854-963d008160a6 MS-CV: oSudiVtwAFCoVJY9AIFgpg.0 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-BN3&frontEnd=AFD&RemoteIP=8.46.123.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com .office365.com goals.cloud.microsoft .powerapps.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 9 SPIisLatency: 2 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.24908 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F8AB40080EDF4677B289D886ED4A4794 Ref B: BN3EDGE0319 Ref C: 2024-05-23T22:56:41Z Date: Thu, 23 May 2024 22:56:40 GMT Connection: close
2024-05-23 22:56:41 UTC	186	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2d 33 36 35 2f 6f 6e 65 64 72 69 76 65 2f 6f 6e 6c 69 6e 65 2d 63 6c 6f 75 64 2d 73 74 6f 72 61 67 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage">here</a>.</h2></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:50 UTC	595	OUT	GET /shared/5/js/login_en_31OakWsQhbXgK7L_U0YNNw2.js HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:50 UTC	750	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 1249693 Cache-Control: public, max-age=31536000 Content-MD5: QGHiMRXKWQkhnOxsU+GrrA== Content-Type: application/x-javascript Date: Thu, 23 May 2024 22:56:50 GMT Etag: 0x8DC6FAFDE0A4AD6 Last-Modified: Wed, 08 May 2024 22:40:31 GMT Server: ECAcc (lhd/35B9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: d3e230de-201e-00b5-0b06-a2ab68000000 x-ms-version: 2009-09-19 Content-Length: 909748 Connection: close
2024-05-23 22:56:50 UTC	16383	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6c 6f 67 69 6e 5f 65 6e 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 2c 6e 2c 72 2c 6f 2c 69 3d 7b 39 37 32 30 36 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 39 33 38 34 29 2c 6f 3d 7b 63 68 69 6c 64 43 6f 6e 74 65 78 74 54 79 70 65 73 3a 21 30 2c 63 6f 6e 74 65 78 74 54 79 70 65 3a 21 30 2c 63 6f 6e 74 65 78 74 54 79 70 65 73 3a 21 30 2c 64 65 66 61 75 6c 74 50 72 6f 70 73 3a 21 30 2c 64 69 73 70 6c 61 79 4e 61 6d 65 3a 21 30 2c 67 65 74 44 65 66 61 75 6c 74 50 72 6f 70 73 3a 21 30 2c 67 65 74 44 65 72 Data Ascii: /! For license information please see login_en.js.LICENSE.txt /!function(){var e,t,n,r,o,i={97206:function(e,t,n){"use strict";var r=n(9384),o={childContextTypes:!0,contextType:!0,contextTypes:!0,defaultProps:!0,displayName:!0,getDefaultProps:!0,getDer
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 5d 2e 73 65 6c 65 63 74 65 64 3d 21 30 2c 76 6f 69 64 28 72 26 26 28 65 5b 6f 5d 2e 64 65 66 61 75 6c 74 53 65 6c 65 63 74 65 64 3d 21 30 29 29 3b 6e 75 6c 6c 21 3d 3d 74 7c 7c 65 5b 6f 5d 2e 64 69 73 61 62 6c 65 64 7c 7c 28 74 3d 65 5b 6f 5d 29 7d 6e 75 6c 6c 21 3d 3d 74 26 26 28 74 2e 73 65 6c 65 63 74 65 64 3d 21 30 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 74 29 7b 69 66 28 6e 75 6c 6c 21 3d 74 2e 64 61 6e 67 65 72 6f 75 73 6c 79 53 65 74 49 6e 6e 65 72 48 54 4d 4c 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6c 28 39 31 29 29 3b 72 65 74 75 72 6e 20 69 28 7b 7d 2c 74 2c 7b 76 61 6c 75 65 3a 76 6f 69 64 20 30 2c 64 65 66 61 75 6c 74 56 61 6c 75 65 3a 76 6f 69 64 20 30 2c 63 68 69 6c 64 72 65 6e 3a 22 22 2b 65 2e 5f 77 72 61 70 70 65 72 53 74 61 74 Data Ascii: ].selected=!0,void(r&&(e[o].defaultSelected=!0));null!==t\|\|e[o].disabled\|\|(t=e[o])}null!==t&&(t.selected=!0)}}function Ie(e,t){if(null!=t.dangerouslySetInnerHTML)throw Error(l(91));return i({},t,{value:void 0,defaultValue:void 0,children:""+e._wrapperStat
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 65 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 6c 28 33 33 29 29 7d 66 75 6e 63 74 69 6f 6e 20 52 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 6a 6e 5d 7c 7c 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 42 6e 28 65 29 7b 64 6f 7b 65 3d 65 2e 72 65 74 75 72 6e 7d 77 68 69 6c 65 28 65 26 26 35 21 3d 3d 65 2e 74 61 67 29 3b 72 65 74 75 72 6e 20 65 7c 7c 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 55 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 2e 73 74 61 74 65 4e 6f 64 65 3b 69 66 28 21 6e 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 6f 3d 6d 28 6e 29 3b 69 66 28 21 6f 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 6e 3d 6f 5b 74 5d 3b 65 3a 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 6f 6e 43 6c 69 63 6b 22 3a 63 61 73 65 22 6f 6e 43 6c 69 63 6b 43 61 70 74 75 72 65 22 3a Data Ascii: e;throw Error(l(33))}function Rn(e){return e[jn]\|\|null}function Bn(e){do{e=e.return}while(e&&5!==e.tag);return e\|\|null}function Un(e,t){var n=e.stateNode;if(!n)return null;var o=m(n);if(!o)return null;n=o[t];e:switch(t){case"onClick":case"onClickCapture":
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 61 2e 75 6e 73 74 61 62 6c 65 5f 73 63 68 65 64 75 6c 65 43 61 6c 6c 62 61 63 6b 2c 45 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 63 61 6e 63 65 6c 43 61 6c 6c 62 61 63 6b 2c 6a 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 72 65 71 75 65 73 74 50 61 69 6e 74 2c 49 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 6e 6f 77 2c 4c 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 67 65 74 43 75 72 72 65 6e 74 50 72 69 6f 72 69 74 79 4c 65 76 65 6c 2c 44 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 49 6d 6d 65 64 69 61 74 65 50 72 69 6f 72 69 74 79 2c 4e 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 55 73 65 72 42 6c 6f 63 6b 69 6e 67 50 72 69 6f 72 69 74 79 2c 52 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 4e 6f 72 6d 61 6c 50 72 69 6f 72 69 74 79 2c 42 6f 3d 61 2e 75 6e 73 74 61 62 6c 65 5f 4c 6f 77 50 72 Data Ascii: a.unstable_scheduleCallback,Eo=a.unstable_cancelCallback,jo=a.unstable_requestPaint,Io=a.unstable_now,Lo=a.unstable_getCurrentPriorityLevel,Do=a.unstable_ImmediatePriority,No=a.unstable_UserBlockingPriority,Ro=a.unstable_NormalPriority,Bo=a.unstable_LowPr
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 7b 76 61 72 20 6f 3d 6e 61 28 29 3b 72 3d 76 6f 69 64 20 30 3d 3d 3d 72 3f 6e 75 6c 6c 3a 72 3b 76 61 72 20 69 3d 76 6f 69 64 20 30 3b 69 66 28 6e 75 6c 6c 21 3d 3d 51 69 29 7b 76 61 72 20 61 3d 51 69 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3b 69 66 28 69 3d 61 2e 64 65 73 74 72 6f 79 2c 6e 75 6c 6c 21 3d 3d 72 26 26 4a 69 28 72 2c 61 2e 64 65 70 73 29 29 72 65 74 75 72 6e 20 76 6f 69 64 20 6c 61 28 74 2c 6e 2c 69 2c 72 29 7d 4b 69 2e 65 66 66 65 63 74 54 61 67 7c 3d 65 2c 6f 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3d 6c 61 28 31 7c 74 2c 6e 2c 69 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 64 61 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 63 61 28 35 31 36 2c 34 2c 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 66 61 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 75 61 28 Data Ascii: {var o=na();r=void 0===r?null:r;var i=void 0;if(null!==Qi){var a=Qi.memoizedState;if(i=a.destroy,null!==r&&Ji(r,a.deps))return void la(t,n,i,r)}Ki.effectTag\|=e,o.memoizedState=la(1\|t,n,i,r)}function da(e,t){return ca(516,4,e,t)}function fa(e,t){return ua(
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 63 2e 6f 6e 43 6c 69 63 6b 26 26 28 65 2e 6f 6e 63 6c 69 63 6b 3d 66 6e 29 7d 78 6e 28 6f 2c 72 29 26 26 28 74 2e 65 66 66 65 63 74 54 61 67 7c 3d 34 29 7d 6e 75 6c 6c 21 3d 3d 74 2e 72 65 66 26 26 28 74 2e 65 66 66 65 63 74 54 61 67 7c 3d 31 32 38 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 63 61 73 65 20 36 3a 69 66 28 65 26 26 6e 75 6c 6c 21 3d 74 2e 73 74 61 74 65 4e 6f 64 65 29 4b 61 28 30 2c 74 2c 65 2e 6d 65 6d 6f 69 7a 65 64 50 72 6f 70 73 2c 72 29 3b 65 6c 73 65 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 72 26 26 6e 75 6c 6c 3d 3d 3d 74 2e 73 74 61 74 65 4e 6f 64 65 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6c 28 31 36 36 29 29 3b 6e 3d 42 69 28 52 69 2e 63 75 72 72 65 6e 74 29 2c 42 69 28 44 69 Data Ascii: on"==typeof c.onClick&&(e.onclick=fn)}xn(o,r)&&(t.effectTag\|=4)}null!==t.ref&&(t.effectTag\|=128)}return null;case 6:if(e&&null!=t.stateNode)Ka(0,t,e.memoizedProps,r);else{if("string"!=typeof r&&null===t.stateNode)throw Error(l(166));n=Bi(Ri.current),Bi(Di
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 34 38 26 4c 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6c 28 33 32 37 29 29 3b 69 66 28 4f 73 28 29 2c 65 3d 3d 3d 44 6c 26 26 74 3d 3d 3d 52 6c 7c 7c 66 73 28 65 2c 74 29 2c 6e 75 6c 6c 21 3d 3d 4e 6c 29 7b 76 61 72 20 6e 3d 4c 6c 3b 4c 6c 7c 3d 41 6c 3b 66 6f 72 28 76 61 72 20 72 3d 67 73 28 29 3b 3b 29 74 72 79 7b 62 73 28 29 3b 62 72 65 61 6b 7d 63 61 74 63 68 28 6f 29 7b 70 73 28 65 2c 6f 29 7d 69 66 28 61 69 28 29 2c 4c 6c 3d 6e 2c 43 6c 2e 63 75 72 72 65 6e 74 3d 72 2c 31 3d 3d 3d 42 6c 29 74 68 72 6f 77 20 6e 3d 55 6c 2c 66 73 28 65 2c 74 29 2c 56 73 28 65 2c 74 29 2c 6c 73 28 65 29 2c 6e 3b 69 66 28 6e 75 6c 6c 21 3d 3d 4e 6c 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6c 28 32 36 31 29 29 3b 65 2e 66 69 6e 69 73 68 65 64 57 6f 72 6b 3d 65 2e 63 75 Data Ascii: 48&Ll))throw Error(l(327));if(Os(),e===Dl&&t===Rl\|\|fs(e,t),null!==Nl){var n=Ll;Ll\|=Al;for(var r=gs();;)try{bs();break}catch(o){ps(e,o)}if(ai(),Ll=n,Cl.current=r,1===Bl)throw n=Ul,fs(e,t),Vs(e,t),ls(e),n;if(null!==Nl)throw Error(l(261));e.finishedWork=e.cu
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 64 69 6e 67 43 68 69 6c 64 72 65 6e 3a 6e 75 6c 6c 2c 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 3a 65 2e 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 7d 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 7a 73 28 65 2c 74 2c 6e 29 7b 74 68 69 73 2e 74 61 67 3d 74 2c 74 68 69 73 2e 63 75 72 72 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 6f 6e 74 61 69 6e 65 72 49 6e 66 6f 3d 65 2c 74 68 69 73 2e 70 69 6e 67 43 61 63 68 65 3d 74 68 69 73 2e 70 65 6e 64 69 6e 67 43 68 69 6c 64 72 65 6e 3d 6e 75 6c 6c 2c 74 68 69 73 2e 66 69 6e 69 73 68 65 64 45 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3d 30 2c 74 68 69 73 2e 66 69 6e 69 73 68 65 64 57 6f 72 6b 3d 6e 75 6c 6c 2c 74 68 69 73 2e 74 69 6d 65 6f 75 74 48 61 6e 64 6c 65 3d 2d 31 2c 74 68 69 73 2e 70 65 6e 64 69 6e 67 43 6f 6e 74 65 Data Ascii: dingChildren:null,implementation:e.implementation},t}function zs(e,t,n){this.tag=t,this.current=null,this.containerInfo=e,this.pingCache=this.pendingChildren=null,this.finishedExpirationTime=0,this.finishedWork=null,this.timeoutHandle=-1,this.pendingConte
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 72 20 48 3d 7b 52 65 61 63 74 43 75 72 72 65 6e 74 44 69 73 70 61 74 63 68 65 72 3a 4d 2c 52 65 61 63 74 43 75 72 72 65 6e 74 42 61 74 63 68 43 6f 6e 66 69 67 3a 7b 73 75 73 70 65 6e 73 65 3a 6e 75 6c 6c 7d 2c 52 65 61 63 74 43 75 72 72 65 6e 74 4f 77 6e 65 72 3a 4f 2c 49 73 53 6f 6d 65 52 65 6e 64 65 72 65 72 41 63 74 69 6e 67 3a 7b 63 75 72 72 65 6e 74 3a 21 31 7d 2c 61 73 73 69 67 6e 3a 6f 7d 3b 74 2e 43 68 69 6c 64 72 65 6e 3d 7b 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 6e 75 6c 6c 3d 3d 65 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 72 3d 5b 5d 3b 72 65 74 75 72 6e 20 46 28 65 2c 72 2c 6e 75 6c 6c 2c 74 2c 6e 29 2c 72 7d 2c 66 6f 72 45 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 6e 75 6c 6c 3d 3d 65 Data Ascii: r H={ReactCurrentDispatcher:M,ReactCurrentBatchConfig:{suspense:null},ReactCurrentOwner:O,IsSomeRendererActing:{current:!1},assign:o};t.Children={map:function(e,t,n){if(null==e)return e;var r=[];return F(e,r,null,t,n),r},forEach:function(e,t,n){if(null==e
2024-05-23 22:56:51 UTC	16383	IN	Data Raw: 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 35 29 2c 6f 3d 6e 28 36 29 3b 65 2e 65 78 70 6f 72 74 73 3d 72 26 26 6f 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 34 32 21 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 22 70 72 6f 74 6f 74 79 70 65 22 2c 7b 76 61 6c 75 65 3a 34 32 2c 77 72 69 74 61 62 6c 65 3a 21 31 7d 29 2e 70 72 6f 74 6f 74 79 70 65 7d 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 31 38 29 2c 6f 3d 53 74 72 69 6e 67 2c 69 3d 54 79 70 65 45 72 72 6f 72 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 72 28 65 29 29 72 65 74 75 72 6e 20 65 3b 74 68 72 6f 77 20 69 28 6f 28 65 29 2b 22 Data Ascii: on(e,t,n){var r=n(5),o=n(6);e.exports=r&&o((function(){return 42!=Object.defineProperty((function(){}),"prototype",{value:42,writable:!1}).prototype}))},function(e,t,n){var r=n(18),o=String,i=TypeError;e.exports=function(e){if(r(e))return e;throw i(o(e)+"

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:53 UTC	634	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:53 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5168516 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:56:53 GMT Etag: 0x8DB77257FFE6B4E Last-Modified: Tue, 27 Jun 2023 15:45:14 GMT Server: ECAcc (lhd/35D9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 0b4e8a4e-701e-0078-2e62-7ef037000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:56:53 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:53 UTC	609	OUT	GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:53 UTC	749	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4455781 Cache-Control: public, max-age=31536000 Content-MD5: Hlt2WzLF9llz2DXp7j6/IA== Content-Type: application/x-javascript Date: Thu, 23 May 2024 22:56:53 GMT Etag: 0x8DC5057934D08E4 Last-Modified: Sat, 30 Mar 2024 01:20:24 GMT Server: ECAcc (lhd/3591) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: a05dde76-e01e-0045-6ade-840e3d000000 x-ms-version: 2009-09-19 Content-Length: 90690 Connection: close
2024-05-23 22:56:53 UTC	16383	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6f 6e 65 64 73 2d 61 6e 61 6c 79 74 69 63 73 2d 6a 73 5f 35 34 62 31 37 32 34 61 66 31 62 30 35 65 32 62 61 33 64 62 5f 65 6e 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 5f 6d 73 69 64 65 6e 74 69 74 79 5f 73 69 73 75 5f 6d 73 61 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 5f 6d 73 69 64 65 6e 74 69 74 79 5f 73 69 73 75 5f 6d 73 61 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 35 31 5d 2c 7b 34 31 36 39 36 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 2c 74 29 7b 74 2e 72 28 65 29 2c 74 2e 64 28 65 2c 7b 41 70 70 49 6e 73 69 67 68 74 73 Data Ascii: /! For license information please see oneds-analytics-js_54b1724af1b05e2ba3db_en.js.LICENSE.txt /"use strict";(self.webpackChunk_msidentity_sisu_msa=self.webpackChunk_msidentity_sisu_msa\|\|[]).push([[251],{41696:function(n,e,t){t.r(e),t.d(e,{AppInsights
2024-05-23 22:56:53 UTC	1	IN	Data Raw: 4d Data Ascii: M
2024-05-23 22:56:53 UTC	16383	IN	Data Raw: 54 53 74 72 69 6e 67 22 2c 61 74 3d 22 74 6f 55 54 43 53 74 72 69 6e 67 22 2c 75 74 3d 22 65 78 70 69 72 65 73 22 2c 63 74 3d 6e 75 6c 6c 2c 73 74 3d 6e 75 6c 6c 2c 6c 74 3d 6e 75 6c 6c 2c 66 74 3d 44 65 28 29 2c 64 74 3d 7b 7d 2c 76 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 70 74 28 6e 2c 65 29 7b 76 61 72 20 74 3d 6d 74 2e 5f 63 6b 4d 67 72 7c 7c 76 74 2e 5f 63 6b 4d 67 72 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 6d 74 2e 5f 63 6b 4d 67 72 3d 6d 74 28 6e 2c 65 29 2c 76 74 2e 5f 63 6b 4d 67 72 3d 74 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 67 74 28 6e 29 7b 72 65 74 75 72 6e 21 6e 7c 7c 6e 2e 69 73 45 6e 61 62 6c 65 64 28 29 7d 66 75 6e 63 74 69 6f 6e 20 79 74 28 6e 2c 65 29 7b 72 65 74 75 72 6e 21 21 28 65 26 26 6e 26 26 42 6e 28 6e 2e 69 67 6e 6f 72 65 Data Ascii: TString",at="toUTCString",ut="expires",ct=null,st=null,lt=null,ft=De(),dt={},vt={};function pt(n,e){var t=mt._ckMgr\|\|vt._ckMgr;return t\|\|(t=mt._ckMgr=mt(n,e),vt._ckMgr=t),t}function gt(n){return!n\|\|n.isEnabled()}function yt(n,e){return!!(e&&n&&Bn(n.ignore
2024-05-23 22:56:53 UTC	16383	IN	Data Raw: 75 72 6e 20 74 65 28 75 29 7d 28 6e 2c 65 2c 74 29 3b 69 7c 7c 28 69 3d 75 29 2c 61 26 26 61 2e 5f 73 65 74 4e 65 78 74 28 75 29 2c 61 3d 75 7d 7d 29 29 7d 72 65 74 75 72 6e 20 72 26 26 21 69 3f 6c 69 28 5b 72 5d 2c 65 2c 74 29 3a 69 7d 66 75 6e 63 74 69 6f 6e 20 66 69 28 29 7b 76 61 72 20 6e 3d 5b 5d 3b 72 65 74 75 72 6e 7b 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 6e 2e 70 75 73 68 28 65 29 7d 2c 72 75 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 57 6e 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 72 79 7b 6e 28 65 2c 74 29 7d 63 61 74 63 68 28 72 29 7b 72 74 28 65 2e 64 69 61 67 4c 6f 67 28 29 2c 32 2c 37 33 2c 22 55 6e 65 78 70 65 63 74 65 64 20 65 72 72 6f 72 20 63 61 6c 6c 69 6e 67 20 75 6e 6c 6f 61 64 20 68 61 6e 64 6c 65 72 Data Ascii: urn te(u)}(n,e,t);i\|\|(i=u),a&&a._setNext(u),a=u}}))}return r&&!i?li([r],e,t):i}function fi(){var n=[];return{add:function(e){e&&n.push(e)},run:function(e,t){Wn(n,(function(n){try{n(e,t)}catch(r){rt(e.diagLog(),2,73,"Unexpected error calling unload handler
2024-05-23 22:56:53 UTC	16383	IN	Data Raw: 5b 32 5d 3d 72 2e 72 6f 6c 65 56 65 72 2c 74 29 2c 64 29 7d 2c 6e 2e 61 70 70 6c 79 41 49 54 72 61 63 65 43 6f 6e 74 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 3b 69 66 28 74 2e 65 6e 61 62 6c 65 41 70 70 6c 69 63 61 74 69 6f 6e 49 6e 73 69 67 68 74 73 54 72 61 63 65 29 7b 76 61 72 20 72 3d 70 28 29 3b 72 26 26 54 6f 28 32 2c 6e 2c 44 69 2c 28 28 65 3d 7b 7d 29 5b 30 5d 3d 72 2e 67 65 74 54 72 61 63 65 49 64 28 29 2c 65 5b 31 5d 3d 72 2e 67 65 74 4e 61 6d 65 28 29 2c 65 5b 32 5d 3d 72 2e 67 65 74 53 70 61 6e 49 64 28 29 2c 65 29 2c 21 31 29 7d 7d 2c 6e 2e 61 70 70 6c 79 44 69 73 74 72 69 62 75 74 65 64 54 72 61 63 65 43 6f 6e 74 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 2c 74 3d 70 28 29 3b 69 66 28 74 29 7b 76 61 Data Ascii: [2]=r.roleVer,t),d)},n.applyAITraceContext=function(n){var e;if(t.enableApplicationInsightsTrace){var r=p();r&&To(2,n,Di,((e={})[0]=r.getTraceId(),e[1]=r.getName(),e[2]=r.getSpanId(),e),!1)}},n.applyDistributedTraceContext=function(n){var e,t=p();if(t){va
2024-05-23 22:56:53 UTC	16383	IN	Data Raw: 73 69 7a 65 45 78 63 65 65 64 3a 5b 5d 2c 66 61 69 6c 65 64 45 76 74 73 3a 5b 5d 2c 62 61 74 63 68 65 73 3a 5b 5d 2c 6e 75 6d 45 76 65 6e 74 73 3a 30 2c 72 65 74 72 79 43 6e 74 3a 6e 2c 69 73 54 65 61 72 64 6f 77 6e 3a 65 2c 69 73 53 79 6e 63 3a 74 2c 69 73 42 65 61 63 6f 6e 3a 72 2c 73 65 6e 64 54 79 70 65 3a 6f 2c 73 65 6e 64 52 65 61 73 6f 6e 3a 69 7d 7d 2c 6e 2e 61 70 70 65 6e 64 50 61 79 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 69 29 7b 76 61 72 20 6f 3d 74 26 26 72 26 26 21 74 2e 6f 76 65 72 66 6c 6f 77 3b 72 65 74 75 72 6e 20 6f 26 26 47 72 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 53 65 72 69 61 6c 69 7a 65 72 3a 61 70 70 65 6e 64 50 61 79 6c 6f 61 64 22 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 Data Ascii: sizeExceed:[],failedEvts:[],batches:[],numEvents:0,retryCnt:n,isTeardown:e,isSync:t,isBeacon:r,sendType:o,sendReason:i}},n.appendPayload=function(t,r,i){var o=t&&r&&!t.overflow;return o&&Gr(e,(function(){return"Serializer:appendPayload"}),(function(){for(
2024-05-23 22:56:53 UTC	8774	IN	Data Raw: 6e 20 58 28 29 7b 28 62 3d 7b 7d 29 5b 6a 6f 5d 3d 5b 32 2c 31 2c 30 5d 2c 62 5b 57 6f 5d 3d 5b 36 2c 33 2c 30 5d 2c 62 5b 56 6f 5d 3d 5b 31 38 2c 39 2c 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 47 28 65 2c 74 29 7b 76 61 72 20 72 3d 5b 5d 2c 69 3d 6b 3b 50 26 26 28 69 3d 4e 29 2c 57 6e 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 65 2e 63 6f 75 6e 74 28 29 3e 30 26 26 57 6e 28 65 2e 65 76 65 6e 74 73 28 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 28 65 2e 73 79 6e 63 26 26 28 65 2e 6c 61 74 65 6e 63 79 3d 34 2c 65 2e 73 79 6e 63 3d 21 31 29 2c 65 2e 73 65 6e 64 41 74 74 65 6d 70 74 3c 69 3f 28 7a 72 28 65 2c 6e 2e 69 64 65 6e 74 69 66 69 65 72 29 2c 41 28 65 2c 21 31 29 29 3a 72 2e 70 75 73 68 28 65 29 29 7d 29 29 7d 29 29 2c 72 2e 6c 65 Data Ascii: n X(){(b={})[jo]=[2,1,0],b[Wo]=[6,3,0],b[Vo]=[18,9,0]}function G(e,t){var r=[],i=k;P&&(i=N),Wn(e,(function(e){e&&e.count()>0&&Wn(e.events(),(function(e){e&&(e.sync&&(e.latency=4,e.sync=!1),e.sendAttempt<i?(zr(e,n.identifier),A(e,!1)):r.push(e))}))})),r.le

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:53 UTC	621	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:53 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5168510 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:56:53 GMT Etag: 0x8DB77257C91B168 Last-Modified: Tue, 27 Jun 2023 15:45:09 GMT Server: ECAcc (lhd/35EB) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6b79b7f9-501e-0096-2962-7e475d000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-05-23 22:56:53 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:54 UTC	634	OUT	GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:54 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5249164 Cache-Control: public, max-age=31536000 Content-MD5: R2FAVxfpONfnQAuxVxXbHg== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:56:54 GMT Etag: 0x8DB772582D4527C Last-Modified: Tue, 27 Jun 2023 15:45:19 GMT Server: ECAcc (lhd/35BC) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 676f708e-501e-007a-5da6-7da633000000 x-ms-version: 2009-09-19 Content-Length: 1592 Connection: close
2024-05-23 22:56:54 UTC	1592	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 34 30 34 30 34 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 61 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 34 30 2c 33 32 2e 35 37 38 56 34 30 48 33 32 56 33 36 48 32 38 56 33 32 48 32 34 56 32 38 2e 37 36 36 41 31 30 2e 36 38 39 2c 31 30 2e 36 38 39 2c 30 2c 30 2c Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:55 UTC	400	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:55 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5168518 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:56:55 GMT Etag: 0x8DB77257FFE6B4E Last-Modified: Tue, 27 Jun 2023 15:45:14 GMT Server: ECAcc (lhd/35D9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 0b4e8a4e-701e-0078-2e62-7ef037000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:56:55 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:56 UTC	612	OUT	GET /16.000.30238.3/images/favicon.ico HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:56 UTC	718	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 701415 Cache-Control: public, max-age=31536000 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Thu, 23 May 2024 22:56:56 GMT Etag: 0x8DC7483BFD3DE35 Last-Modified: Wed, 15 May 2024 02:07:18 GMT Server: ECAcc (lhd/35BE) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8e0252b7-e01e-0095-1703-a73a5b000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-05-23 22:56:56 UTC	16383	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-05-23 22:56:56 UTC	791	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:58 UTC	378	OUT	GET /16.000.30238.3/images/favicon.ico HTTP/1.1 Host: logincdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:58 UTC	718	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 701417 Cache-Control: public, max-age=31536000 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Thu, 23 May 2024 22:56:58 GMT Etag: 0x8DC7483BFD3DE35 Last-Modified: Wed, 15 May 2024 02:07:18 GMT Server: ECAcc (lhd/35BE) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8e0252b7-e01e-0095-1703-a73a5b000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-05-23 22:56:58 UTC	16383	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-05-23 22:56:58 UTC	791	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:56:59 UTC	610	OUT	GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:56:59 UTC	730	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 321809 Cache-Control: public, max-age=604800 Content-MD5: XlkY6UOibS5AN710GAdhEA== Content-Type: text/css Date: Thu, 23 May 2024 22:56:59 GMT Etag: 0x8DC788E3C0F10E5 Last-Modified: Mon, 20 May 2024 05:32:26 GMT Server: ECAcc (lhc/7958) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 92975b5d-301e-0028-2077-aa9304000000 x-ms-version: 2009-09-19 Content-Length: 95910 Connection: close
2024-05-23 22:56:59 UTC	16383	IN	Data Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 Data Ascii: /! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
2024-05-23 22:56:59 UTC	16383	IN	Data Raw: 2d 65 72 72 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 2e 68 61 73 2d 65 72 72 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 38 31 31 32 33 7d 69 6e 70 75 74 3a 3a 2d 6d 73 2d 63 6c 65 61 72 2c 69 6e 70 75 74 3a 3a 2d 6d 73 2d 72 65 76 65 61 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 38 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 70 78 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 7d 69 6e 70 75 74 3a 3a 2d 6d 73 2d 63 6c 65 61 72 3a 68 6f 76 65 72 2c 69 6e 70 75 74 3a 3a 2d 6d 73 2d 72 65 76 65 61 6c 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 30 30 37 38 64 37 Data Ascii: -error input[type="text"],input[type="text"].has-error{border-color:#e81123}input::-ms-clear,input::-ms-reveal{height:100%;padding:4px 8px;margin-right:-8px;margin-left:4px;color:rgba(0,0,0,0.6)}input::-ms-clear:hover,input::-ms-reveal:hover{color:#0078d7
2024-05-23 22:56:59 UTC	16383	IN	Data Raw: 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f 6c 69 61 6e 20 42 61 69 74 69 22 2c 22 4d 56 20 42 6f 6c 69 22 2c 22 4d 79 61 6e 6d 61 72 20 54 65 78 74 22 2c 22 43 61 6d 62 72 69 61 20 4d 61 74 68 22 7d 2e 49 45 5f 4d 37 20 2e 63 5f 69 6e 6d 69 64 64 6c 65 5f 61 72 65 61 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 7d 2e 49 45 5f 4d 37 20 2e 72 6f 77 2c 2e 49 45 5f 4d 37 20 64 69 76 23 69 53 68 6f 77 53 65 6e 64 48 6f 6c 64 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 49 45 5f 4d 37 20 75 6c 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 49 45 5f 4d 37 20 2e 6d 6f 64 61 6c 20 2e 6d 6f 64 61 6c 2d 63 6f 6e 74 65 6e 74 7b 70 61 64 64 69 6e 67 2d Data Ascii: ","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}.IE_M7 .c_inmiddle_area{padding-bottom:20px}.IE_M7 .row,.IE_M7 div#iShowSendHolder{clear:both}.IE_M7 ul{margin-left:0}.IE_M7 .modal .modal-content{padding-
2024-05-23 22:56:59 UTC	16383	IN	Data Raw: 3d 22 64 61 74 65 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 64 61 74 65 74 69 6d 65 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 64 61 74 65 74 69 6d 65 2d 6c 6f 63 61 6c 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 6d 6f 6e 74 68 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 2c 62 6f 64 79 2e 63 62 2e 63 62 54 68 65 6d 65 5f 53 6b 79 70 65 20 69 Data Ascii: ="date"],body.cb.cbTheme_Skype input[type="datetime"],body.cb.cbTheme_Skype input[type="datetime-local"],body.cb.cbTheme_Skype input[type="email"],body.cb.cbTheme_Skype input[type="month"],body.cb.cbTheme_Skype input[type="number"],body.cb.cbTheme_Skype i
2024-05-23 22:56:59 UTC	16383	IN	Data Raw: 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 2c 20 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 27 23 39 39 30 30 30 30 30 30 27 2c 20 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 27 23 39 39 30 30 30 30 30 30 27 29 7d 2e 66 6f 6f 74 65 72 2e 64 65 66 61 75 6c 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 66 6f 6f 74 65 72 2e 64 65 66 61 75 6c 74 20 64 69 76 2e 66 6f 6f 74 65 72 4e 6f 64 65 20 61 2c 2e 66 6f 6f 74 65 72 2e 64 65 66 61 75 6c 74 20 64 69 76 2e 66 6f 6f 74 65 72 4e 6f 64 65 20 73 70 61 6e 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 2e 6f 75 74 Data Ascii: ba(0,0,0,0.6);filter:progid:DXImageTransform.Microsoft.gradient(GradientType=0, startColorstr='#99000000', endColorstr='#99000000')}.footer.default{background:transparent}.footer.default div.footerNode a,.footer.default div.footerNode span{color:#000}.out
2024-05-23 22:56:59 UTC	13995	IN	Data Raw: 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 62 6f 64 79 2e 63 62 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 2e 68 69 70 7b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 31 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 7d 73 65 6c 65 63 74 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 30 7d 73 65 6c 65 63 74 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 73 65 6c 65 63 74 Data Ascii: padding-left:0}body.cb input[type="text"].hip{border-width:0 !important;border-bottom-width:1px !important;padding:6px 0 !important}select{border-top-width:0;border-left-width:0;border-right-width:0;padding:6px 0}select:hover{background:transparent}select

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Windows Analysis Report
https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:00 UTC	590	OUT	GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:00 UTC	744	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407727 Cache-Control: public, max-age=604800 Content-MD5: tZ45+ZIcr8oUnrloW1H2Vg== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:00 GMT Etag: 0x8DC77BF49E4C0AA Last-Modified: Sun, 19 May 2024 04:51:04 GMT Server: ECAcc (lhc/7910) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: d01eb11f-101e-0006-15af-a9a02a000000 x-ms-version: 2009-09-19 Content-Length: 22961 Connection: close
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 65 2c 74 2c 6e 29 7b 65 26 26 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6e 29 3a 65 26 26 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 45 6c 65 6d 65 6e 74 26 26 65 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 74 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 4f 72 53 65 74 50 72 6f 70 73 4f 6e 45 6c 65 6d 65 6e 74 73 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 29 7b 5f 66 6f 72 45 61 63 68 4b 65 79 28 74 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 73 3d 30 2c 69 3d 65 Data Ascii: function _addEventListener(e,t,n){e&&e.addEventListener?e.addEventListener(t,n):e&&e instanceof HTMLElement&&e.attachEvent&&e.attachEvent("on"+t,n)}function _getOrSetPropsOnElements(e,t,n,r){if("object"==typeof t){_forEachKey(t,function(n){for(var s=0,i=e
2024-05-23 22:57:00 UTC	6578	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 68 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 5f 69 73 48 74 6d 6c 45 6c 65 6d 65 6e 74 4c 69 73 74 28 74 68 69 73 2e 65 6c 65 6d 73 29 29 7b 74 68 72 6f 77 22 55 6e 73 75 70 70 6f 72 74 65 64 22 7d 66 6f 72 28 76 61 72 20 65 3d 30 2c 74 3d 74 68 69 73 2e 65 6c 65 6d 73 3b 65 3c 74 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 6e 3d 74 5b 65 5d 3b 5f 73 65 74 43 61 63 68 65 56 61 6c 75 65 28 6e 2c 63 5f 64 69 73 70 6c 61 79 2c 6e 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 29 2c 6e 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 63 5f 6e 6f 6e 65 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 Data Ascii: function(){return this},e.prototype.hide=function(){if(!_isHtmlElementList(this.elems)){throw"Unsupported"}for(var e=0,t=this.elems;e<t.length;e++){var n=t[e];_setCacheValue(n,c_display,n.style.display),n.style.display=c_none}return this},e.prototype.show

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:00 UTC	594	OUT	GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:00 UTC	744	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 321824 Cache-Control: public, max-age=604800 Content-MD5: o3vbuPQYpAFMmawTk+WKWA== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:00 GMT Etag: 0x8DC788E4B7230AB Last-Modified: Mon, 20 May 2024 05:32:52 GMT Server: ECAcc (lhc/7958) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: d8400e9f-e01e-0011-1e77-aac106000000 x-ms-version: 2009-09-19 Content-Length: 80144 Connection: close
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 2f 2a 21 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 0d 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 6e 64 20 74 68 65 20 6c Data Ascii: /*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the l
2024-05-23 22:57:00 UTC	1	IN	Data Raw: 75 Data Ascii: u
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 51 2e 66 6e 3d 7a 3b 61 2e 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 61 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 2e 55 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 7d 3b 61 2e 62 28 22 73 75 62 73 63 72 69 62 61 62 6c 65 22 2c 61 2e 51 29 3b 61 2e 62 28 22 69 73 53 75 62 73 63 72 69 62 61 62 6c 65 22 2c 61 2e 48 62 29 3b 61 2e 5a 3d 61 2e 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 61 29 7b 63 2e 70 75 73 68 28 65 29 3b 65 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 65 3d 63 2e 70 6f 70 28 29 7d 76 61 72 20 63 3d 5b 5d 2c 65 Data Ascii: nction.prototype);a.Q.fn=z;a.Hb=function(a){return null!=a&&"function"==typeof a.U&&"function"==typeof a.notifySubscribers};a.b("subscribable",a.Q);a.b("isSubscribable",a.Hb);a.Z=a.k=function(){function b(a){c.push(e);e=a}function d(){e=c.pop()}var c=[],e
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 65 6f 66 20 61 2e 4e 3f 62 3a 6e 65 77 20 61 2e 4e 28 62 29 7d 61 2e 64 3d 7b 7d 3b 76 61 72 20 78 3d 7b 73 63 72 69 70 74 3a 21 30 2c 74 65 78 74 61 72 65 61 3a 21 30 7d 3b 61 2e 67 65 74 42 69 6e 64 69 6e 67 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 61 2e 64 5b 62 5d 7d 3b 0d 0a 61 2e 4e 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 2c 67 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 66 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 21 61 2e 46 28 62 29 2c 6d 2c 6c 3d 61 2e 6a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6d 3d 66 3f 62 28 29 3a 62 2c 68 3d 61 2e 61 2e 63 28 6d 29 3b 63 3f 28 63 2e 4b 26 26 63 2e 4b 28 29 2c 61 2e 61 2e 65 78 74 65 6e 64 28 65 2c 63 29 2c 6c 26 26 28 65 2e 4b 3d 6c Data Ascii: eof a.N?b:new a.N(b)}a.d={};var x={script:!0,textarea:!0};a.getBindingHandler=function(b){return a.d[b]};a.N=function(b,c,d,g){var e=this,f="function"==typeof b&&!a.F(b),m,l=a.j(function(){var m=f?b():b,h=a.a.c(m);c?(c.K&&c.K(),a.a.extend(e,c),l&&(e.K=l
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 61 74 61 28 22 69 73 52 65 77 72 69 74 74 65 6e 22 2c 21 30 29 7d 3b 61 2e 62 28 22 74 65 6d 70 6c 61 74 65 45 6e 67 69 6e 65 22 2c 61 2e 4a 29 3b 61 2e 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 2c 64 2c 68 29 7b 62 3d 61 2e 68 2e 62 62 28 62 29 3b 66 6f 72 28 76 61 72 20 6c 3d 61 2e 68 2e 6b 61 2c 67 3d 30 3b 67 3c 62 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 6d 3d 62 5b 67 5d 2e 6b 65 79 3b 69 66 28 6c 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6d 29 29 7b 76 61 72 20 78 3d 6c 5b 6d 5d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 78 29 7b 69 66 28 6d 3d 0d 0a 78 28 62 5b 67 5d 2e 76 61 6c 75 65 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6d 29 3b 7d 65 6c 73 65 20 69 66 28 Data Ascii: ata("isRewritten",!0)};a.b("templateuser",a.J);a.kb=function(){function b(b,c,d,h){b=a.h.bb(b);for(var l=a.h.ka,g=0;g<b.length;g++){var m=b[g].key;if(l.hasOwnProperty(m)){var x=l[m];if("function"===typeof x){if(m=x(b[g].value))throw Error(m);}else if(
2024-05-23 22:57:00 UTC	14611	IN	Data Raw: 73 68 28 62 29 2c 63 2e 6f 70 74 69 6f 6e 73 2e 6c 69 76 65 26 26 6e 2e 69 73 4f 62 73 65 72 76 61 62 6c 65 41 72 72 61 79 28 62 29 26 26 63 2e 73 75 62 73 63 72 69 70 74 69 6f 6e 73 2e 70 75 73 68 28 62 2e 73 75 62 73 63 72 69 62 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 67 72 61 70 68 4d 6f 6e 69 74 6f 72 2e 76 61 6c 75 65 48 61 73 4d 75 74 61 74 65 64 28 29 7d 29 29 29 2c 67 26 26 21 67 2e 5f 64 65 73 74 72 6f 79 26 26 28 6e 2e 69 73 41 72 72 61 79 28 67 29 3f 66 3d 67 3a 6e 2e 69 73 4f 62 6a 65 63 74 28 67 29 26 26 28 66 3d 6e 2e 76 61 6c 75 65 73 28 67 29 29 29 2c 30 21 3d 3d 64 26 26 6e 2e 66 6f 72 45 61 63 68 28 66 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 21 62 7c 7c 62 2e 6e 6f 64 65 54 79 70 65 7c 7c 61 2e 69 73 43 6f 6d 70 75 74 65 64 28 62 29 Data Ascii: sh(b),c.options.live&&n.isObservableArray(b)&&c.subscriptions.push(b.subscribe(function(){c.graphMonitor.valueHasMutated()}))),g&&!g._destroy&&(n.isArray(g)?f=g:n.isObject(g)&&(f=n.values(g))),0!==d&&n.forEach(f,function(b){!b\|\|b.nodeType\|\|a.isComputed(b)

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:00 UTC	617	OUT	GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:00 UTC	744	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407751 Cache-Control: public, max-age=604800 Content-MD5: 4Ta/akFj3682LuM6XM4hQQ== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:00 GMT Etag: 0x8DC77BF4C097C7D Last-Modified: Sun, 19 May 2024 04:51:07 GMT Server: ECAcc (lhc/795D) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fbce0222-201e-0031-1baf-a95035000000 x-ms-version: 2009-09-19 Content-Length: 28981 Connection: close
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 67 69 73 74 65 72 4e 61 6d 65 73 70 61 63 65 28 22 24 43 6f 6e 66 69 67 22 29 2c 24 43 6f 6e 66 69 67 2e 73 68 61 72 65 64 53 74 72 69 6e 67 73 3d 7b 22 65 72 72 6f 72 73 22 3a 7b 22 72 65 71 75 69 72 65 64 22 3a 22 54 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 69 73 20 72 65 71 75 69 72 65 64 2e 22 2c 22 65 6d 61 69 6c 52 65 71 75 69 72 65 64 22 3a 22 41 6e 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 69 73 20 72 65 71 75 69 72 65 64 22 2c 22 70 68 6f 6e 65 52 65 71 75 69 72 65 64 22 3a 22 41 20 70 68 6f 6e 65 20 6e 75 6d 62 65 72 20 69 73 20 72 65 71 75 69 72 65 64 22 2c 22 70 61 73 73 77 6f 72 64 52 65 71 75 69 72 65 64 22 3a 22 41 20 70 61 73 73 77 6f 72 64 20 69 73 20 72 65 71 75 69 72 65 64 22 2c 22 69 Data Ascii: !function(){registerNamespace("$Config"),$Config.sharedStrings={"errors":{"required":"This information is required.","emailRequired":"An email address is required","phoneRequired":"A phone number is required","passwordRequired":"A password is required","i
2024-05-23 22:57:00 UTC	12598	IN	Data Raw: 61 6c 62 61 72 64 22 2c 22 69 73 6f 22 3a 22 53 4a 22 7d 2c 7b 22 63 6f 64 65 22 3a 22 32 36 38 22 2c 22 6e 61 6d 65 22 3a 22 53 77 61 7a 69 6c 61 6e 64 22 2c 22 69 73 6f 22 3a 22 53 5a 22 7d 2c 7b 22 63 6f 64 65 22 3a 22 34 36 22 2c 22 6e 61 6d 65 22 3a 22 53 77 65 64 65 6e 22 2c 22 69 73 6f 22 3a 22 53 45 22 2c 22 69 6e 45 55 22 3a 21 30 7d 2c 7b 22 63 6f 64 65 22 3a 22 34 31 22 2c 22 6e 61 6d 65 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 69 73 6f 22 3a 22 43 48 22 7d 2c 7b 22 63 6f 64 65 22 3a 22 39 36 33 22 2c 22 6e 61 6d 65 22 3a 22 53 79 72 69 61 22 2c 22 69 73 6f 22 3a 22 53 59 22 7d 2c 7b 22 63 6f 64 65 22 3a 22 38 38 36 22 2c 22 6e 61 6d 65 22 3a 22 54 61 69 77 61 6e 22 2c 22 69 73 6f 22 3a 22 54 57 22 7d 2c 7b 22 63 6f 64 65 22 3a 22 39 Data Ascii: albard","iso":"SJ"},{"code":"268","name":"Swaziland","iso":"SZ"},{"code":"46","name":"Sweden","iso":"SE","inEU":!0},{"code":"41","name":"Switzerland","iso":"CH"},{"code":"963","name":"Syria","iso":"SY"},{"code":"886","name":"Taiwan","iso":"TW"},{"code":"9

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:00 UTC	604	OUT	GET /lightweightsignuppackage_xUzYzJceL8JC5cjTFIHHBQ2.js?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:00 UTC	745	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 387689 Cache-Control: public, max-age=604800 Content-MD5: XGn6Wrqfrcylqs/UoDlHxA== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:00 GMT Etag: 0x8DC7530F4439F7B Last-Modified: Wed, 15 May 2024 22:47:09 GMT Server: ECAcc (lhc/7957) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 12baf21d-001e-001f-25dd-a9631b000000 x-ms-version: 2009-09-19 Content-Length: 210292 Connection: close
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 45 6e 63 72 79 70 74 28 65 2c 74 2c 6e 2c 61 29 7b 76 61 72 20 6f 3d 5b 5d 3b 73 77 69 74 63 68 28 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 63 61 73 65 22 63 68 67 73 71 73 61 22 3a 69 66 28 6e 75 6c 6c 3d 3d 65 7c 7c 6e 75 6c 6c 3d 3d 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 6f 3d 50 61 63 6b 61 67 65 53 41 44 61 74 61 28 65 2c 74 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 63 68 67 70 77 64 22 3a 69 66 28 6e 75 6c 6c 3d 3d 65 7c 7c 6e 75 6c 6c 3d 3d 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 6f 3d 50 61 63 6b 61 67 65 4e 65 77 41 6e 64 4f 6c 64 50 77 64 28 65 2c 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 77 64 22 3a 69 66 28 6e 75 6c 6c 3d 3d 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 6f 3d 50 61 63 6b 61 67 65 Data Ascii: function Encrypt(e,t,n,a){var o=[];switch(n.toLowerCase()){case"chgsqsa":if(null==e\|\|null==t){return null}o=PackageSAData(e,t);break;case"chgpwd":if(null==e\|\|null==a){return null}o=PackageNewAndOldPwd(e,a);break;case"pwd":if(null==e){return null}o=Package
2024-05-23 22:57:00 UTC	1	IN	Data Raw: 6c Data Ascii: l
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 6c 62 61 63 6b 29 2c 21 6c 26 26 65 2e 47 65 74 53 74 72 69 6e 67 26 26 28 6c 3d 65 2e 47 65 74 53 74 72 69 6e 67 28 22 6c 69 76 65 2e 61 63 63 6f 75 6e 74 73 2e 73 74 72 69 6e 67 73 2e 67 65 6e 65 72 61 6c 5f 6d 6f 64 75 6c 65 5f 6c 6f 61 64 69 6e 67 22 29 29 2c 6e 3d 6e 7c 7c 24 66 2e 6c 6f 61 64 69 6e 67 54 79 70 65 2e 73 70 69 6e 6e 69 6e 67 2c 61 3d 61 7c 7c 22 32 30 70 78 22 2c 6f 3d 6f 7c 7c 61 2c 69 3d 69 7c 7c 22 33 70 78 22 2c 72 3d 72 26 26 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7c 7c 22 23 36 36 36 22 2c 6c 3d 6c 7c 7c 22 22 3b 0a 76 61 72 20 75 2c 70 3d 22 63 5f 73 70 69 6e 6e 69 6e 67 44 6f 74 73 22 2c 6d 3d 28 24 43 6f 6e 66 69 67 2e 69 6d 67 73 42 61 73 65 7c 7c 22 2f 69 6d 61 67 65 73 22 29 2b 22 2f 63 6f 6d 6d 6f 6e 2f 22 3b 6e 3d Data Ascii: lback),!l&&e.GetString&&(l=e.GetString("live.accounts.strings.general_module_loading")),n=n\|\|$f.loadingType.spinning,a=a\|\|"20px",o=o\|\|a,i=i\|\|"3px",r=r&&r.toLowerCase()\|\|"#666",l=l\|\|"";var u,p="c_spinningDots",m=($Config.imgsBase\|\|"/images")+"/common/";n=
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 70 75 74 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 22 2c 65 29 2c 64 74 0a 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 29 7b 72 65 74 75 72 6e 20 72 2e 73 75 70 70 6f 72 74 73 55 6e 69 66 69 65 64 48 65 61 64 65 72 3f 65 74 26 26 65 74 2e 70 61 67 65 54 69 74 6c 65 3f 7b 22 61 72 69 61 2d 6c 61 62 65 6c 22 3a 65 74 2e 70 61 67 65 54 69 74 6c 65 7d 3a 7b 22 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 22 3a 22 69 50 61 67 65 54 69 74 6c 65 20 44 69 61 6c 6f 67 55 73 65 72 54 69 74 6c 65 22 7d 3a 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 58 28 29 7b 76 61 72 20 65 3d 24 50 61 67 65 48 65 6c 70 65 72 2e 67 65 74 28 65 74 2e 76 69 65 77 54 65 6d 70 6c 61 74 65 29 2e 63 6c 6f 6e 65 28 29 2c 74 3d 65 74 2e 76 69 65 77 43 6f 6e 74 65 78 74 54 6f 6b 65 Data Ascii: put[type=submit]",e),dt}return e}function j(){return r.supportsUnifiedHeader?et&&et.pageTitle?{"aria-label":et.pageTitle}:{"aria-labelledby":"iPageTitle DialogUserTitle"}:{}}function X(){var e=$PageHelper.get(et.viewTemplate).clone(),t=et.viewContextToke
2024-05-23 22:57:00 UTC	2	IN	Data Raw: 6f 6e Data Ascii: on
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 66 69 67 7c 7c 73 2e 73 69 67 6e 75 70 2c 63 3d 6c 26 26 6c 2e 70 61 67 65 2c 64 3d 63 26 26 63 2e 69 6d 67 73 3b 74 2e 67 65 74 44 72 6f 70 44 6f 77 6e 43 61 72 65 74 49 6d 61 67 65 3d 6e 2c 74 2e 67 65 74 41 72 72 6f 77 49 6d 61 67 65 3d 61 2c 74 2e 67 65 74 4d 73 4c 6f 67 6f 49 6d 61 67 65 3d 6f 2c 74 2e 64 69 73 61 62 6c 65 4c 69 67 68 74 62 6f 78 3d 69 7d 28 6e 3d 74 2e 43 6f 6e 76 65 72 67 65 64 55 78 55 74 69 6c 7c 7c 28 74 2e 43 6f 6e 76 65 72 67 65 64 55 78 55 74 69 6c 3d 7b 7d 29 29 7d 28 74 3d 65 2e 55 74 69 6c 7c 7c 28 65 2e 55 74 69 6c 3d 7b 7d 29 29 0a 7d 28 74 3d 65 2e 41 63 63 6f 75 6e 74 7c 7c 28 65 2e 41 63 63 6f 75 6e 74 3d 7b 7d 29 29 7d 28 77 4c 69 76 65 7c 7c 28 77 4c 69 76 65 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 Data Ascii: fig\|\|s.signup,c=l&&l.page,d=c&&c.imgs;t.getDropDownCaretImage=n,t.getArrowImage=a,t.getMsLogoImage=o,t.disableLightbox=i}(n=t.ConvergedUxUtil\|\|(t.ConvergedUxUtil={}))}(t=e.Util\|\|(e.Util={}))}(t=e.Account\|\|(e.Account={}))}(wLive\|\|(wLive={})),function(e){v
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 75 6e 74 2e 46 69 65 6c 64 48 65 6c 70 65 72 2e 65 72 72 6f 72 73 3d 7b 22 72 65 71 75 69 72 65 64 22 3a 4d 2c 22 69 6e 76 61 6c 69 64 46 6f 72 6d 61 74 22 3a 54 2c 22 65 6d 61 69 6c 49 6e 76 61 6c 69 64 46 6f 72 6d 61 74 22 3a 42 7d 2c 79 2e 24 44 6f 26 26 79 2e 24 44 6f 2e 72 65 67 69 73 74 65 72 28 22 77 4c 69 76 65 2e 41 63 63 6f 75 6e 74 2e 46 69 65 6c 64 48 65 6c 70 65 72 22 2c 30 2c 21 30 29 0a 7d 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 29 7b 69 66 28 65 29 7b 69 66 28 74 29 7b 76 61 72 20 61 3d 6e 2e 41 63 63 6f 75 6e 74 2e 76 69 65 77 4d 6f 64 65 6c 48 61 6e 64 6c 65 3b 69 66 28 61 26 26 61 2e 76 61 6c 69 64 61 74 69 6f 6e 4f 72 64 65 72 29 7b 76 61 72 20 6f 3d 2d 31 21 3d 3d 24 50 61 67 65 48 65 6c 70 Data Ascii: unt.FieldHelper.errors={"required":M,"invalidFormat":T,"emailInvalidFormat":B},y.$Do&&y.$Do.register("wLive.Account.FieldHelper",0,!0)}(),function(){function e(e,t){if(e){if(t){var a=n.Account.viewModelHandle;if(a&&a.validationOrder){var o=-1!==$PageHelp
2024-05-23 22:57:00 UTC	2	IN	Data Raw: 74 3f Data Ascii: t?
2024-05-23 22:57:00 UTC	16383	IN	Data Raw: 22 66 69 72 73 74 4e 61 6d 65 22 3a 22 6c 61 73 74 4e 61 6d 65 22 2c 61 74 3d 74 74 3f 22 6c 61 73 74 4e 61 6d 65 22 3a 22 66 69 72 73 74 4e 61 6d 65 22 2c 6f 74 3d 31 3d 3d 3d 57 2e 73 68 6f 77 43 68 69 6e 61 50 49 50 4c 43 6f 6e 73 65 6e 74 56 69 65 77 2c 69 74 3d 6a 2e 73 6b 69 70 43 72 65 64 65 6e 74 69 61 6c 73 50 61 67 65 2c 72 74 3d 6a 2e 73 74 61 72 74 53 74 61 74 65 46 6f 72 53 6b 69 70 43 72 65 64 65 6e 74 69 61 6c 73 50 61 67 65 3b 0a 57 2e 73 74 61 72 74 53 74 61 74 65 3d 57 2e 63 6f 6c 6c 65 63 74 44 65 76 69 63 65 54 69 63 6b 65 74 3f 50 3a 59 3f 47 26 26 58 26 26 58 2e 64 61 74 61 26 26 58 2e 64 61 74 61 2e 70 72 65 66 69 6c 6c 26 26 58 2e 64 61 74 61 2e 70 72 65 66 69 6c 6c 2e 62 69 72 74 68 64 61 74 65 3f 75 3a 6c 3a 65 74 3f 63 3a 6a 2e Data Ascii: "firstName":"lastName",at=tt?"lastName":"firstName",ot=1===W.showChinaPIPLConsentView,it=j.skipCredentialsPage,rt=j.startStateForSkipCredentialsPage;W.startState=W.collectDeviceTicket?P:Y?G&&X&&X.data&&X.data.prefill&&X.data.prefill.birthdate?u:l:et?c:j.
2024-05-23 22:57:00 UTC	1	IN	Data Raw: 42 Data Ascii: B

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:01 UTC	628	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:02 UTC	734	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407946 Cache-Control: public, max-age=604800 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:57:02 GMT Etag: 0x8DC77BF44611D91 Last-Modified: Sun, 19 May 2024 04:50:54 GMT Server: ECAcc (lhc/7956) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 4b23eb12-001e-00e3-57ae-a93257000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:57:02 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:03 UTC	393	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:03 UTC	734	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407947 Cache-Control: public, max-age=604800 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:57:03 GMT Etag: 0x8DC77BF44611D91 Last-Modified: Sun, 19 May 2024 04:50:54 GMT Server: ECAcc (lhc/7956) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 4b23eb12-001e-00e3-57ae-a93257000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:57:03 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:06 UTC	601	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:06 UTC	716	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407669 Cache-Control: public, max-age=604800 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Thu, 23 May 2024 22:57:06 GMT Etag: 0x8DC77BF43885385 Last-Modified: Sun, 19 May 2024 04:50:53 GMT Server: ECAcc (lhc/78AE) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: ba0a35f4-c01e-0003-56af-a92720000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-05-23 22:57:06 UTC	15669	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-05-23 22:57:06 UTC	1505	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 Data Ascii: {L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""33333

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:06 UTC	555	OUT	GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:06 UTC	745	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407703 Cache-Control: public, max-age=604800 Content-MD5: aLM4Wm3/yNZOAZgyrMkY7Q== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:06 GMT Etag: 0x8DC77BF4E13F013 Last-Modified: Sun, 19 May 2024 04:51:11 GMT Server: ECAcc (lhc/792B) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 35977366-201e-0059-04af-a94a06000000 x-ms-version: 2009-09-19 Content-Length: 273170 Connection: close
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 2f 2a 21 0d 0a 20 2a 20 31 44 53 20 4a 53 20 53 44 4b 20 43 6f 72 65 2c 20 33 2e 32 2e 36 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0d 0a 20 2a 2f 0d 0a 76 61 72 20 6e 3d 74 68 69 73 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 50 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 75 3d 22 6f 62 6a 65 63 74 22 2c 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 73 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 45 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 74 3d 4f 62 6a 65 63 74 Data Ascii: /! 1DS JS SDK Core, 3.2.6 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */var n=this,e=function(n){"use strict";var P="function",u="object",e="undefined",s="prototype",E="hasOwnProperty",t=Object
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 30 3c 28 65 3d 57 65 28 29 2b 31 65 33 2a 74 29 26 26 28 28 72 3d 6e 65 77 20 44 61 74 65 29 2e 73 65 74 54 69 6d 65 28 65 29 2c 4a 65 28 6f 2c 72 69 2c 43 69 28 72 2c 61 3f 6e 69 3a 65 69 29 7c 7c 43 69 28 72 2c 61 3f 6e 69 3a 65 69 29 7c 7c 67 2c 24 65 29 29 2c 61 7c 7c 4a 65 28 6f 2c 22 6d 61 78 2d 61 67 65 22 2c 67 2b 74 2c 6e 75 6c 6c 2c 68 29 29 2c 28 65 3d 65 72 28 29 29 26 26 22 68 74 74 70 73 3a 22 3d 3d 3d 65 2e 70 72 6f 74 6f 63 6f 6c 26 26 28 4a 65 28 6f 2c 22 73 65 63 75 72 65 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 68 29 2c 28 6c 69 3d 6e 75 6c 6c 3d 3d 3d 6c 69 3f 21 49 69 28 28 59 74 28 29 7c 7c 7b 7d 29 5b 45 6e 5d 29 3a 6c 69 29 26 26 4a 65 28 6f 2c 22 53 61 6d 65 53 69 74 65 22 2c 22 4e 6f 6e 65 22 2c 6e 75 6c 6c 2c 68 29 29 2c 4a 65 28 6f Data Ascii: 0<(e=We()+1e3*t)&&((r=new Date).setTime(e),Je(o,ri,Ci(r,a?ni:ei)\|\|Ci(r,a?ni:ei)\|\|g,$e)),a\|\|Je(o,"max-age",g+t,null,h)),(e=er())&&"https:"===e.protocol&&(Je(o,"secure",null,null,h),(li=null===li?!Ii((Yt()\|\|{})[En]):li)&&Je(o,"SameSite","None",null,h)),Je(o
2024-05-23 22:57:06 UTC	2	IN	Data Raw: 6c 72 Data Ascii: lr
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 65 61 64 79 20 6c 6f 61 64 65 64 21 22 29 29 3a 28 6f 3d 7b 72 65 61 73 6f 6e 3a 31 36 7d 2c 69 3f 66 28 75 3d 5b 69 2e 70 6c 75 67 69 6e 5d 2c 7b 72 65 61 73 6f 6e 3a 32 2c 69 73 41 73 79 6e 63 3a 21 21 74 7d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6e 3f 28 6f 2e 72 65 6d 6f 76 65 64 3d 75 2c 6f 2e 72 65 61 73 6f 6e 7c 3d 33 32 2c 61 28 29 29 3a 72 26 26 72 28 21 31 29 7d 29 3a 61 28 29 29 3a 28 72 26 26 72 28 21 31 29 2c 64 28 6a 6f 29 29 7d 2c 70 2e 65 76 74 4e 61 6d 65 73 70 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 70 5b 73 6e 5d 3d 73 2c 70 2e 67 65 74 54 72 61 63 65 43 74 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 3b 72 65 74 75 72 6e 20 41 7c 7c 28 65 3d 7b 7d 2c 41 3d 7b 67 65 74 4e 61 6d 65 3a 66 75 Data Ascii: eady loaded!")):(o={reason:16},i?f(u=[i.plugin],{reason:2,isAsync:!!t},function(n){n?(o.removed=u,o.reason\|=32,a()):r&&r(!1)}):a()):(r&&r(!1),d(jo))},p.evtNamespace=function(){return n},p[sn]=s,p.getTraceCtx=function(n){var e;return A\|\|(e={},A={getName:fu
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 75 6c 65 72 3d 47 2c 6e 2e 45 76 65 6e 74 48 65 6c 70 65 72 3d 64 65 2c 6e 2e 45 76 65 6e 74 4c 61 74 65 6e 63 79 3d 69 75 2c 6e 2e 45 76 65 6e 74 50 65 72 73 69 73 74 65 6e 63 65 3d 72 75 2c 6e 2e 45 76 65 6e 74 50 72 6f 70 65 72 74 79 54 79 70 65 3d 6e 75 2c 6e 2e 45 76 65 6e 74 73 44 69 73 63 61 72 64 65 64 52 65 61 73 6f 6e 3d 67 65 2c 6e 2e 46 75 6c 6c 56 65 72 73 69 6f 6e 53 74 72 69 6e 67 3d 76 75 2c 6e 2e 49 6e 74 65 72 6e 61 6c 41 70 70 49 6e 73 69 67 68 74 73 43 6f 72 65 3d 24 6f 2c 6e 2e 49 6e 74 65 72 6e 61 6c 42 61 73 65 43 6f 72 65 3d 4b 6f 2c 6e 2e 4c 6f 67 67 69 6e 67 53 65 76 65 72 69 74 79 3d 63 75 2c 6e 2e 4d 69 6e 43 68 61 6e 6e 65 6c 50 72 69 6f 72 74 79 3d 31 30 30 2c 6e 2e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 4d 61 6e 61 67 65 72 3d Data Ascii: uler=G,n.EventHelper=de,n.EventLatency=iu,n.EventPersistence=ru,n.EventPropertyType=nu,n.EventsDiscardedReason=ge,n.FullVersionString=vu,n.InternalAppInsightsCore=$o,n.InternalBaseCore=Ko,n.LoggingSeverity=cu,n.MinChannelPriorty=100,n.NotificationManager=
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 7c 76 65 28 72 2c 22 74 72 69 64 65 6e 74 2f 22 29 29 2c 48 65 29 29 7b 69 66 28 21 68 74 29 74 72 79 7b 76 61 72 20 69 3d 32 31 34 37 34 38 33 36 34 37 26 43 65 28 29 3b 28 65 3d 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 64 74 5e 69 29 2b 69 29 3c 30 26 26 28 65 3e 3e 3e 3d 30 29 2c 70 74 3d 31 32 33 34 35 36 37 38 39 2b 65 26 76 74 2c 79 74 3d 39 38 37 36 35 34 33 32 31 2d 65 26 76 74 2c 68 74 3d 21 30 7d 63 61 74 63 68 28 6f 29 7b 7d 72 3d 28 28 79 74 3d 33 36 39 36 39 2a 28 36 35 35 33 35 26 79 74 29 2b 28 79 74 3e 3e 31 36 29 26 76 74 29 3c 3c 31 36 29 2b 28 36 35 35 33 35 26 28 70 74 3d 31 38 65 33 2a 28 36 35 35 33 35 26 70 74 29 2b 28 70 74 3e 3e 31 36 29 26 76 74 29 29 3e 3e 3e 30 26 76 74 7c 30 2c 74 3d 28 72 3e 3e 3e 3d 30 29 26 76 74 7d 72 Data Ascii: \|ve(r,"trident/")),He)){if(!ht)try{var i=2147483647&Ce();(e=(Math.random()dt^i)+i)<0&&(e>>>=0),pt=123456789+e&vt,yt=987654321-e&vt,ht=!0}catch(o){}r=((yt=36969(65535&yt)+(yt>>16)&vt)<<16)+(65535&(pt=18e3*(65535&pt)+(pt>>16)&vt))>>>0&vt\|0,t=(r>>>=0)&vt}r
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 65 6f 75 74 2c 61 3d 21 30 2c 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 31 29 2c 73 3d 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 2c 61 26 26 66 28 73 2c 22 4d 69 63 72 6f 73 6f 66 74 5f 41 70 70 6c 69 63 61 74 69 6f 6e 49 6e 73 69 67 68 74 73 5f 42 79 70 61 73 73 41 6a 61 78 49 6e 73 74 72 75 6d 65 6e 74 61 74 69 6f 6e 22 2c 61 29 2c 69 26 26 66 28 73 2c 73 72 2c 69 29 2c 73 2e 6f 70 65 6e 28 22 50 4f 53 54 22 2c 74 2c 21 65 29 2c 69 26 26 66 28 73 2c 73 72 2c 69 29 2c 21 65 26 26 63 26 26 66 28 73 2c 22 74 69 6d 65 6f 75 74 22 2c 63 29 3b 76 61 72 20 69 2c 61 2c 63 2c 73 2c 6c 3d 73 3b 66 75 6e 63 74 69 6f 6e 20 66 28 6e 2c 65 2c 74 29 7b 74 72 79 7b 6e 5b 65 5d 3d 74 7d 63 61 74 63 68 28 72 29 7b 7d 7d 65 6e 28 6e 2e 68 65 61 64 65 72 Data Ascii: eout,a=!0,void 0===e&&(e=!1),s=new XMLHttpRequest,a&&f(s,"Microsoft_ApplicationInsights_BypassAjaxInstrumentation",a),i&&f(s,sr,i),s.open("POST",t,!e),i&&f(s,sr,i),!e&&c&&f(s,"timeout",c);var i,a,c,s,l=s;function f(n,e,t){try{n[e]=t}catch(r){}}en(n.header
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 74 22 3b 76 61 72 20 75 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 73 3d 22 6f 62 6a 65 63 74 22 2c 66 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 66 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 6c 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 67 3d 4f 62 6a 65 63 74 2c 76 3d 67 5b 66 5d 2c 79 3d 67 2e 61 73 73 69 67 6e 2c 54 3d 67 2e 63 72 65 61 74 65 2c 49 3d 67 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 43 3d 76 5b 6c 5d 2c 62 3d 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 45 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 30 29 2c 62 26 26 65 7c 7c 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 66 65 26 26 67 6c 6f 62 61 6c 54 68 69 73 26 26 28 62 3d 67 6c 6f 62 61 6c 54 68 69 73 29 2c 74 79 70 65 6f 66 20 Data Ascii: t";var u="function",s="object",fe="undefined",f="prototype",l="hasOwnProperty",g=Object,v=g[f],y=g.assign,T=g.create,I=g.defineProperty,C=v[l],b=null;function E(e){return void 0===e&&(e=!0),b&&e\|\|(typeof globalThis!==fe&&globalThis&&(b=globalThis),typeof
2024-05-23 22:57:06 UTC	16383	IN	Data Raw: 72 3f 21 43 72 28 28 72 69 28 29 7c 7c 7b 7d 29 5b 78 65 5d 29 3a 75 72 29 26 26 4a 74 28 61 2c 22 53 61 6d 65 53 69 74 65 22 2c 22 4e 6f 6e 65 22 2c 6e 75 6c 6c 2c 6a 29 29 2c 4a 74 28 61 2c 22 70 61 74 68 22 2c 72 7c 7c 6c 2c 6e 75 6c 6c 2c 6a 29 2c 28 73 2e 73 65 74 43 6f 6f 6b 69 65 7c 7c 49 72 29 28 65 2c 54 72 28 6f 2c 61 29 29 2c 75 3d 21 30 29 2c 75 7d 2c 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 70 3b 72 65 74 75 72 6e 20 70 72 28 64 29 3f 28 73 2e 67 65 74 43 6f 6f 6b 69 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3d 70 3b 72 65 74 75 72 6e 20 6c 72 26 26 28 74 3d 6c 72 5b 74 72 5d 7c 7c 70 2c 73 72 21 3d 3d 74 26 26 28 66 72 3d 68 72 28 74 29 2c 73 72 3d 74 29 2c 6e 3d 51 28 66 72 5b 65 5d 7c Data Ascii: r?!Cr((ri()\|\|{})[xe]):ur)&&Jt(a,"SameSite","None",null,j)),Jt(a,"path",r\|\|l,null,j),(s.setCookie\|\|Ir)(e,Tr(o,a)),u=!0),u},e.get=function(e){var t=p;return pr(d)?(s.getCookie\|\|function(e){var t,n=p;return lr&&(t=lr[tr]\|\|p,sr!==t&&(fr=hr(t),sr=t),n=Q(fr[e]\|
2024-05-23 22:57:06 UTC	6	IN	Data Raw: 64 43 62 22 2c 66 Data Ascii: dCb",f

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:06 UTC	594	OUT	GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:06 UTC	743	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407993 Cache-Control: public, max-age=604800 Content-MD5: GpB463eVzCq5vobQLSGoUw== Content-Type: application/javascript Date: Thu, 23 May 2024 22:57:06 GMT Etag: 0x8DC77BF3B692785 Last-Modified: Sun, 19 May 2024 04:50:39 GMT Server: ECAcc (lhc/7914) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 817635ef-801e-003b-4fae-a95e20000000 x-ms-version: 2009-09-19 Content-Length: 8111 Connection: close
2024-05-23 22:57:06 UTC	8111	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 73 74 61 74 65 3d 3d 6c 26 26 28 65 2e 70 72 65 76 26 26 28 65 2e 70 72 65 76 2e 6e 65 78 74 3d 65 2e 6e 65 78 74 29 2c 65 2e 6e 65 78 74 26 26 28 65 2e 6e 65 78 74 2e 70 72 65 76 3d 65 2e 70 72 65 76 29 2c 44 3d 3d 65 26 26 28 44 3d 65 2e 6e 65 78 74 29 2c 24 3d 3d 65 26 26 28 24 3d 65 2e 70 72 65 76 29 2c 65 2e 73 74 61 74 65 3d 75 2c 65 2e 70 72 65 76 3d 65 2e 6e 65 78 74 3d 6e 75 6c 6c 2c 79 2d 2d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 69 66 28 65 26 26 65 2e 73 74 61 74 65 3d 3d 75 29 7b 76 61 72 20 72 3d 24 3b 72 3f 28 72 2e 6e 65 78 74 3d 65 2c 65 2e 70 72 65 76 3d 72 29 3a 44 3d Data Ascii: !function(){function e(e){function t(e){return e&&e.state==l&&(e.prev&&(e.prev.next=e.next),e.next&&(e.next.prev=e.prev),D==e&&(D=e.next),$==e&&($=e.prev),e.state=u,e.prev=e.next=null,y--),e}function a(e){if(e&&e.state==u){var r=$;r?(r.next=e,e.prev=r):D=

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:57:06 UTC	615	OUT	GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1 Host: acctcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:57:06 UTC	734	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 407963 Cache-Control: public, max-age=604800 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:57:06 GMT Etag: 0x8DC77BF3C17B5C2 Last-Modified: Sun, 19 May 2024 04:50:41 GMT Server: ECAcc (lhc/7914) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 185cff9c-501e-002e-51ae-a96908000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-05-23 22:57:06 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6