Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

{
    "explanation": [
        "The email claims to be about payment issues but includes suspicious OneDrive links and multiple attachments, a common phishing tactic",
        "The sender email (joebstream@msn.com) appears unrelated to Vail Health despite claiming to be a patient",
        "The message is repetitive and poorly formatted, showing signs of automated generation or manipulation"
    ],
    "phishing": true,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Sat, 21 Dec 2024 04:26:45 +0000", 
    "subject": "joe bartner shared \"Vail Health Portal Payment Issues Documentation\" with you", 
    "communications": [
        " This email came from outside VAIL HEALTHSTOP, LOOK, THINK!This email was sent from an external source. Do NOT click links or open attachments from an unknown or unexpected sender. Report suspicious e-mails using the Phish-Alert button in Outlook, if available, or forward to aa-spam@vailhealth.org joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open Privacy Statement This email came from outside VAIL HEALTHSTOP, LOOK, THINK!This email was sent from an external source. Do NOT click links or open attachments from an unknown or unexpected sender. Report suspicious e-mails using the Phish-Alert button in Outlook, if available, or forward to aa-spam@vailhealth.org joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open Privacy Statement This email came from outside VAIL HEALTH This email came from outside VAIL HEALTH This email came from outside VAIL HEALTH STOP, LOOK, THINK! STOP, LOOK, THINK! STOP, LOOK, THINK! This email was sent from an external source. Do NOT click links or open attachments from an unknown or unexpected sender. Report suspicious e-mails using the Phish-Alert button in Outlook, if available, or forward to aa-spam@vailhealth.org This email was sent from an external source. Do NOT click links or open attachments from an unknown or unexpected sender. Report suspicious e-mails using the Phish-Alert button in Outlook, if available, or forward to aa-spam@vailhealth.org Phish-Alert button aa-spam@vailhealth.org aa-spam@vailhealth.org joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open Privacy Statement @font-face { font-family: \"Segoe UI\"; src: local(\"Segoe UI Light\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2\") format(\"woff2\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff\") format(\"woff\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.ttf\") format(\"truetype\"); font-weight: 100; font-style: normal; } @font-face { font-family: \"Segoe UI\"; src: local(\"Segoe UI Semilight\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semilight.woff2\") format(\"woff2\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semilight.woff\") format(\"woff\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semilight.ttf\") format(\"truetype\"); font-weight: 300; font-style: normal; } @font-face { font-family: \"Segoe UI\"; src: local(\"Segoe UI\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2\") format(\"woff2\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff\") format(\"woff\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.ttf\") format(\"truetype\"); font-weight: 400; font-style: normal; } @font-face { font-family: \"Segoe UI\"; src: local(\"Segoe UI Semibold\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2\") format(\"woff2\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff\") format(\"woff\"), url(\"https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.ttf\") format(\"truetype\"); font-weight: 600; font-style: normal; } @media only screen and (max-width: 640px) { body { background-color: #ffffff; } div.grey-bg-container { background-color: #ffffff; } } @media only screen and (min-width: 640px) { .CommentMention-TextRow-rightColumn { width: 52px !important; } } /* Responsive visibility clases. */ .u-largeOnly { display: none !important; } @media only screen and (min-width: 640px) { .u-smallOnly { display: none !important; } .u-largeOnly { display: block !important; } } /* Adjustments to the Sharing template. */ @media only screen and (min-width: 640px) { .Sharing-main { padding: 40px !important; } } @media only screen and (max-width: 640px) { .NotificationHeader-icon { width: 36px !important; } .NotificationHeader-title { padding-left: 28px !important; padding-right: 28px !important; } .NotificationHeader-title-text { font-size: 20px !important; line-height: 28px !important; } } .word-button:hover { background-color: #124078 !important; border-color: #124078 !important; } .word-button:active { background-color: #002050 !important; border-color: #002050 !important; } .powerpoint-button:hover { background-color: #a92b1a !important; border-color: #a92b1a !important; } .powerpoint-button:active { background-color: #740912 !important; border-color: #740912 !important; } .excel-button:hover { background-color: #217346 !important; border-color: #217346 !important; } .excel-button:active { background-color: #004b1c !important; border-color: #004b1c !important; } joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open Privacy Statement joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation This link will work for anyone. Open joe bartner invited you to access a file joe bartner invited you to access a file joe bartner invited you to access a file Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Hi Will;Resolving the inability to pay my invoices as illustrated in this video should improve Vail's financial position, as I am sure I am not the only patient having this issue.Thanks;Joe Bartner Vail Health Portal Payment Issues Documentation Vail Health Portal Payment Issues Documentation Vail Health Portal Payment Issues Documentation https://1drv.ms/v/c/9e074ca6193b2ab0/EZ7P27rGCMNLhgyDJhriBm8Bb7mOpqxeTdEkIA6QZ4QufQ?e=4%3aSxQQ0F&sharingv2=true&fromShare=true&at=9 Vail Health Portal Payment Issues Documentation Vail Health Portal Payment Issues Documentation Vail Health Portal Payment Issues Documentation Vail Health Portal Payment Issues Documentation This link will work for anyone. This link will work for anyone. This link will work for anyone. This link will work for anyone. This link will work for anyone. This link will work for anyone. This link will work for anyone. Open Open Open https://1drv.ms/v/c/9e074ca6193b2ab0/EZ7P27rGCMNLhgyDJhriBm8Bb7mOpqxeTdEkIA6QZ4QufQ?e=4%3aSxQQ0F&sharingv2=true&fromShare=true&at=9 Privacy Statement Privacy Statement Privacy Statement Privacy Statement Privacy Statement Privacy Statement https://aka.ms/privacy "
    ], 
    "from": "joe bartner <joebstream@msn.com>", 
    "to": "valdentist@outlook.com, Will Cook <will.cook@vailhealth.org>", 
    "attachements": [
        "AttachedImage", 
        "AttachedImage", 
        "AttachedImage", 
        "AttachedImage"
    ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "joe bartner invited you to access a file",
  "prominent_button_name": "Open",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Vail Health"
  ]
}

{"classification":"Invoice Scam"}

Email:
Detected potential phishing email: The email claims to be about payment issues but includes suspicious OneDrive links and multiple attachments, a common phishing tactic. The sender email (joebstream@msn.com) appears unrelated to Vail Health despite claiming to be a patient. The message is repetitive and poorly formatted, showing signs of automated generation or manipulation

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a configuration object for the OneDrive Photos service. It contains various properties related to the user's session, environment, and configuration settings. While it includes some potentially sensitive information like the client ID and tenant ID, the overall behavior seems to be benign and related to legitimate service functionality. There are no clear indicators of high-risk activities like dynamic code execution, data exfiltration, or suspicious redirects. The script appears to be part of a trusted Microsoft service, so the risk is relatively low."
}

window.SessionInformation = {"accountType":"consumer","ariaToken":"a23e4f242c9c4097a968f28c62633e19-62d0d830-5afd-4df3-8e40-351c8711cf5c-7157","clientId":"073204aa-c1e0-4e66-a200-e5815a0aa93d","clientVersion":"onedrive-photos-ci_20241217.2","dogfoodUser":false,"embedded":false,"environment":"production","locale":"en","loginAuthority":"login.microsoftonline.com","ramps":{"EnableMemoriesPage":false,"EnableMOJNotificationBanner":true,"DisableVideoPlaybackForItalianLanguageUsers":false,"EnableTagPagination":false,"EnableMOJDirectToOneup":false,"OnlyHighMatches":false,"ShowAutoGeneratedAlbums":false,"EnableServerZipDownload":true},"experiments":{"EnableMOJDirectToOneup":"Default"},"ring":"1","redirectUri":"https://photos.onedrive.com/auth/login","refreshUri":"https://photos.onedrive.com/auth/refresh","serverVersion":"onedrive-photos-ci_20241112.1","tenantId":"9188040d-6c67-4c5b-b112-36a304b66dad","telemetryEndpoint":"https://browser.events.data.microsoft.com/OneCollector/1.0/"};

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://photos.onedrive.com

```json
{
    "risk_score": 1,
    "reasoning": "The script primarily involves DOM manipulation and state management for a web application, with no high-risk behaviors such as dynamic code execution or data exfiltration. It uses modern JavaScript practices and interacts with the DOM in a controlled manner. There are no interactions with external domains or obfuscated code present."
}

"use strict";(this.webpackChunkonedrive_photos=this.webpackChunkonedrive_photos||[]).push([[179],{8128:(e,t,n)=>{n.d(t,{n:()=>d});var o=n(72243),r=n(2408),a=n(84851),i=n(82435);let s=0;const l=[],c="data-modal-generation";function d(e){const{selector:t}=e,[n]=o.useState((()=>s++));return(0,r.OR)(document,"focusin",(e=>{if(n===l[l.length-1]){const{body:n}=document,o=n.querySelector(t);let r=e.target;for(;r&&r!==n&&null!==r.parentElement;){if(r.getAttribute("data-modal-generation")){const t=(0,a.$)(o);if(t.length){let n=0;for(;n<t.length-1&&"-1"===t[n].getAttribute("tabIndex");)n++;t[n].focus(),e.stopImmediatePropagation();break}}r=r.parentElement}}}),{capture:!0}),o.useEffect((()=>{const{body:e}=document,o=e.querySelector(t);if(o){let t=o;for(l.push(n);t!==e&&null!==t.parentElement;){const e=t.parentElement.children;for(const o of e)o===t||"SCRIPT"===o.nodeName||"STYLE"===o.nodeName||o.getAttribute("aria-hidden")||o.querySelector("[data-modal-generation]")||(o.setAttribute(c,n.toString()),o.setAttribute("aria-hidden","true"));t=t.parentElement}return()=>{const t=e.querySelectorAll(`*[data-modal-generation='${n}']`);for(const e of t)e.removeAttribute("aria-hidden"),e.removeAttribute(c);l.splice(l.indexOf(n),1)}}}),[n,t]),(0,i.jsx)(i.Fragment,{children:e.children})}},26107:(e,t,n)=>{n.d(t,{U:()=>c});var o=n(72243),r=n(23190),a=n(67280),i=n(8128),s=n(82435);let l=0;function c(e){const{children:t,componentRef:n,contentClassName:c,modal:d}=e,u=o.useRef(null),[h]=o.useState((()=>"aria-callout-element-"+ ++l));o.useImperativeHandle(n,(()=>({updateLayout:()=>{var e;return null===(e=u.current)||void 0===e?void 0:e.updateLayout()}})));let m=t;return d&&(m=(0,s.jsx)(i.n,{selector:`.${h}`,children:t})),(0,s.jsx)(r.UW,{...e,contentClassName:(0,a.iv)(c,h),ref:u,children:m})}},37140:(e,t,n)=>{n.d(t,{V:()=>c});var o=n(72243),r=n(14766),a=n(14288),i=n(78465),s=n(63693),l=n(82435);function c(e){const t={default:void 0};let n;const c=()=>(n=n||new Promise(((n,o)=>e().then((e=>{t.default=e.default,n(e)})).catch(o))),n);return function(e){const n=o.useContext(r.A),d=o.useContext(a.r),u=o.useRef(void 0),h=o.useRef(void 0),{trackPromise:m}=(0,i.f)(),[,p]=o.useState(0),[{reject:v,resolve:f,promise:g}]=o.useState((()=>(0,s.PQ)()));let x;if(!t.default){const e=m(c(),"Shim.componentPromise"),o=d.getScenario();o&&(u.current=o.waitUntil(g,{scenarioName:"lazyLoad",scenarioType:"scriptDownload"},(e=>{var n;Object.assign(e.properties,{componentName:null===t||void 0===t||null===(n=t.default)||void 0===n?void 0:n.name})}))),e.then((()=>p((e=>e+1)))).catch((e=>{e.isCanceled||n.dispatchEvent("telemetryAvailable",{action:"exception",error:e,name:"lazyLoad"}),v(e)}))}h.current||(h.current=o.lazy(c));if(x=o.createElement(h.current,e),u.current){const e=u.current;x=(0,l.jsx)(a.r.Provider,{value:{getScenario:()=>{if("working"===e.status())return e}},children:x})}return o.useEffect((()=>{t.default&&f()})),x}}},77357:(e,t,n)=>{n.d(t,{Q:()=>a});var o=n(18421),r=n(72243);function a(e){const{children:t,values:n}=e,[,a]=r.useState(0),[i]=r.useState((()=>new Set)),s={};i.forEach((e=>{let{delegate:t,observableValue:n}=e;return n.unsubscribe(t)})),i.clear();for(const r in n){const e=n[r];if(o.PY.isObservable(e)){const t=n[r].value,o=e=>{e!==t&&a((e=>e+1))};e.subscribe(o),i.add({delegate:o,observableValue:e,resolvedValue:t}),s[r]=t}else s[r]=n[r]}return r.useEffect((()=>()=>{i.forEach((e=>{let{delegate:t,observableValue:n}=e;return n.unsubscribe(t)})),i.clear()}),[i]),t?t(s):null}},69902:(e,t,n)=>{n.d(t,{b:()=>i});var o=n(72243),r=n(69873),a=n(43409);function i(e){const{children:t,containerElement:n,responsiveSelectors:i}=e,s=o.useRef(-1),[,l]=o.useState(0),{setTimeout:c}=(0,a.K)();return(0,r.a)(n,o.useCallback(d,[i])),o.useLayoutEffect((()=>{const e=u();let t=s.current;for(;t>=0;){const n=e[i[t--]];n&&n.forEach((e=>e.classList.add("hidden")))}d()})),t({responsiveIndex:s.current});function d(){const{current:e}=n,t=u();if(e){let n=s.current;if(e.scrollWidth>e.clientWidth)for(;n<i.le

```json
{
    "risk_score": 1,
    "reasoning": "The script appears to be part of a larger application, likely related to OneDrive Photos, and does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. It primarily involves event handling and DOM manipulation, which are typical for interactive web applications. There are no indicators of malicious intent or interaction with untrusted domains."
}

"use strict";(this.webpackChunkonedrive_photos=this.webpackChunkonedrive_photos||[]).push([[4937],{44937:(e,t,n)=>{n.r(t),n.d(t,{PhotoView:()=>ze,default:()=>We});var o=n(75894),i=n(18421),l=n(87501),a=n(78070),s=n(98381),r=n(2243),d=n(67280),c=n(72243),u=n(52557),h=n(37140),m=n(77357),v=n(69902),f=n(32580),p=n(14766),g=n(13812),x=n(7803),b=n(25496),w=n(2408),P=n(98667),y=n(98540),j=n(71914);var C=n(1632),A=n(36003);function S(e,t){const{limitPadding:n=50,onEventCallback:o}=t,i=function(e,t){const n=c.useRef();return n.current&&n.current.key===e||(n.current={key:e,value:"function"===typeof t?t():t}),n.current.value}(e,{containerBounds:void 0,lastPoints:[],lastAveragePoint:void 0,scale:1,xPosition:0,yPosition:0}),{onMouseDown:l}=(0,C.Y)((function(e){if(i.scale<=1)return;e.preventDefault();const n=[{x:e.pageX,y:e.pageY}],o=n.reduce(d);if(i.lastAveragePoint){const e=i.xPosition+o.x-i.lastAveragePoint.x,t=i.yPosition+o.y-i.lastAveragePoint.y;r(e,t,i.scale)}t.onEventCallback(i.xPosition,i.yPosition,i.scale),i.lastPoints=n,i.lastAveragePoint=o})),{onTouchStart:a}=(0,A.R)((function(e){if(1===i.scale)return;const n=Array.from(e.touches).map((e=>({x:e.pageX,y:e.pageY}))),o=n.reduce(d),l=t.containerReference.current.getBoundingClientRect();if(i.lastAveragePoint){const e=i.xPosition+o.x-i.lastAveragePoint.x,t=i.yPosition+o.y-i.lastAveragePoint.y;if(n.length>1){const a=(0,j.TE)(n[0],n[1])/(0,j.TE)(i.lastPoints[0],i.lastPoints[1]);r(e-(o.x-l.left)*(a-1),t-(o.y-l.top)*(a-1),i.scale*a,l)}else r(e,t,i.scale)}t.onEventCallback(i.xPosition,i.yPosition,i.scale),i.lastPoints=n,i.lastAveragePoint=o}));return s(),(0,w.OR)(window,"resize",s),{onWheel:function(e){var n;s();const l=null===(n=t.containerReference.current)||void 0===n?void 0:n.getBoundingClientRect();if(!l)return;let a=-1*e.deltaY;1===e.deltaMode&&(a*=15);a=Math.max(Math.min(a,60),-60);const d=a/300+1;if(i.scale*d>10)return;r(i.xPosition-(e.pageX-l.left)*(d-1),i.yPosition-(e.pageY-l.top)*(d-1),i.scale*d,l),o(i.xPosition,i.yPosition,i.scale)},onMouseDown:function(e){if("mousedown"===e.type&&0!==e.button)return;i.lastPoints=[{x:e.pageX,y:e.pageY}],i.lastAveragePoint=i.lastPoints.reduce(d),l(e)},onTouchStart:function(e){i.lastPoints=Array.from(e.touches).map((e=>({x:e.pageX,y:e.pageY}))),i.lastAveragePoint=i.lastPoints.reduce(d),a(e)}};function s(){var e,n,o;const l=null===(e=t.imageReference.current)||void 0===e?void 0:e.getBoundingClientRect();(!i.containerBounds||l&&(l.height<(null===(n=i.containerBounds)||void 0===n?void 0:n.height)||(null===l||void 0===l?void 0:l.width)<(null===(o=i.containerBounds)||void 0===o?void 0:o.width)))&&(i.containerBounds=l,r(i.xPosition,i.yPosition,i.scale))}function r(e,o,l,a){if(t.containerReference.current!==t.imageReference.current&&i.containerBounds&&(a=a||t.containerReference.current.getBoundingClientRect(),e!==i.xPosition||o!==i.yPosition||l!==i.scale)){const t=1/(i.scale/l);o=Math.min(0,Math.max(o,i.containerBounds.height-a.height*t-n)),e=Math.min(0,Math.max(e,i.containerBounds.width-a.width*t-n))}i.scale=Math.max(1,l),i.xPosition=e,i.yPosition=o}function d(e,t){return{x:(e.x+t.x)/2,y:(e.y+t.y)/2}}}var k=n(69873),D=n(43409),N=n(1375),E=n(98444),I=n(84851),B=n(6558),R=n(74278),M=n(44721),L=n(22400),T=n(51150),U=n(96827),V=n(960),F=n(60946),z=n(48090),$=n(67502),W=n(39086),H=n(13097),Q=n(23990),G=n(18365),O=n(10995),K=n(39146),X=n(14260),Y=n(78649),_=n(64126),J=n(13854),q=n(46303),Z=n(75864),ee=n(68684),te=n(29993),ne=n(15690),oe=n(71197);const ie="SEFH",le="SEFT",ae=ie.length,se=le.length;function re(e){return new Promise(((t,n)=>{const o=new FileReader;o.onload=()=>{const e=o.result;try{const o=new DataView(e),l={startSignature:"",formatVersion:0,dataCount:0,dataReferences:[],endSignature:""},a=e.byteLength-se;l.endSignature=String.fromCharCode(o.getInt8(a),o.getInt8(a+1),o.getInt8(a+2),o.getInt8(a+3));const s=4+se,r=o.getUint32(e.byteLength-s,!0)+s;let d=e.byteLength-r;const c=d+ae,u=c+4;l.startSignature=String.fromCharCode(o.getInt8(d),o.getInt8(d+1),

```json
{
    "risk_score": 1,
    "reasoning": "The script appears to be part of a legitimate application, likely related to OneDrive Photos, and does not exhibit any high-risk behaviors such as dynamic code execution or data exfiltration. It primarily involves UI component rendering and state management, with no interactions with untrusted domains or obfuscated code."
}

/*! For license information please see 324.657729a4.js.LICENSE.txt */
(this.webpackChunkonedrive_photos=this.webpackChunkonedrive_photos||[]).push([[324],{8945:(e,t,n)=>{"use strict";n.d(t,{J:()=>u});var r=n(72243),o=function(e){if(!(null===e||void 0===e?void 0:e.friendlyName))return"ME";var t=e.friendlyName.split(" ",2),n=t[0],r=t[1];return"".concat(n[0]).concat(r?r[0]:"")},i=function(){return i=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},i.apply(this,arguments)},a={height:36,width:36,backgroundColor:"transparent",borderColor:"white",borderRadius:"50%",borderStyle:"solid",borderWidth:"1px",display:"inline-block",fontSize:14,cursor:"pointer",color:"white"},s=function(e){var t=e.onClick,n=e.placeholderStyles,o=e.initials;return r.createElement("button",{type:"button",onClick:t,style:i(i({},a),n)},r.createElement("span",null,o))},l=r.lazy((function(){return Promise.all([n.e(4345),n.e(9667)]).then(n.bind(n,4345))})),u=function(e){var t=e.handlers,n=e.currentAccount,i=e.locale,a=e.theme,u=e.rememberedAccounts,c=e.additionalLinks,d=e.placeholderStyles,f=(0,r.useState)(!1),p=f[0],h=f[1],m=r.createElement(s,{onClick:function(){h(!0),n||t.signIn()},initials:o(n),placeholderStyles:d}),v=p&&n;return r.createElement("div",null,v?r.createElement(r.Suspense,{fallback:r.createElement("div",null,m)},r.createElement(l,{startWithMenuOpened:!0,locale:i,theme:a,handlers:t,placeholderComponent:m,currentAccount:n,rememberedAccounts:u,additionalLinks:c})):m)}},52953:(e,t,n)=>{"use strict";n.d(t,{Z:()=>R});var r=n(87020),o=n(69844),i=n(7223),a=n(68258),s=n(19507),l=n(19648),u=n(30114),c=(((0,u.Rd)()||{}).Symbol,((0,u.Rd)()||{}).Reflect,l.rl,function(e,t){return c=l.Pw.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)t[l.bO](n)&&(e[n]=t[n])},c(e,t)});function d(e,t){function n(){this.constructor=e}typeof t!==l.cb&&null!==t&&(0,u.ZU)("Class extends value "+String(t)+" is not a constructor or null"),c(e,t),e[l.hB]=null===t?(0,u.pu)(t):(n[l.hB]=t[l.hB],new n)}function f(e,t){for(var n=0,r=t.length,o=e.length;n<r;n++,o++)e[o]=t[n];return e}var p=n(61692),h=n(779),m=n(19012),v=n(13594),g=n(59078),y=n(79340),b=n(42821),w=500;function x(e,t,n,r){t&&(0,a.kJ)(t)&&t.length>0&&(t=t.sort((function(e,t){return e.priority-t.priority})),(0,a.tO)(t,(function(e){e.priority<w&&(0,a._y)("Channel has invalid priority - "+e.identifier)})),e.push({queue:(0,a.FL)(t),chain:(0,h.jV)(t,n,r)}))}var E=function(e){function t(){var n,r,i=e.call(this)||this;function l(){n=0,r=[]}return i.identifier="TelemetryInitializerPlugin",i.priority=199,l(),(0,p.Z)(t,i,(function(e,t){e.addTelemetryInitializer=function(e){var t={id:n++,fn:e};return r.push(t),{remove:function(){(0,a.tO)(r,(function(e,n){if(e.id===t.id)return r.splice(n,1),-1}))}}},e.processTelemetry=function(t,n){for(var i=!1,l=r.length,u=0;u<l;++u){var c=r[u];if(c)try{if(!1===c.fn.apply(null,[t])){i=!0;break}}catch(d){(0,o.kP)(n.diagLog(),1,64,"One of telemetry initializers failed, telemetry item will not be sent: "+(0,a.jj)(d),{exception:(0,s.eU)(d)},!0)}}i||e.processNext(t,n)},e[b.Ho]=function(){l()}})),i}return d(t,e),t}(n(57042).i),C=n(5479),S=n(96831),k="Plugins must provide initialize method",I="SDK is still unloading...",T={loggingLevelConsole:1};function P(e,t){return new i.Jk(t)}function M(e,t){var n=!1;return(0,a.tO)(t,(function(t){if(t===e)return n=!0,-1})),n}function D(e,t,n,r){(0,a.tO)(e,(function(e){if(e&&e[t])if(n)setTimeout((function(){return r(e)}),0);else try{r(e)}catch(o){}}))}var _=function e(t){this.listeners=[];var n=!!(t||{}).perfEvtsSendAll;(0,p.Z)(e,this,(function(e){e[b.dV]=function(t){e.listeners.push(t)},e[b.XP]=function(t){for(var n=(0,a.UA)(e.listeners,t);n>-1;)e.listeners.splice(n,1),n=(0,a.UA)(e.listeners,t)},e[b.eO]=function(t){D(e.listeners,b.eO,!0,(function(e){e[b.eO](t)}))},e[b.H4]=function(t,n){D(e.listeners,b.H4,!0,(funct

{
  "contains_trigger_text": true,
  "trigger_text": "BALANCE REQUIRING ACTION",
  "prominent_button_name": "PAY NOW",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "VAIL HEALTH"
  ]
}