Edit tour

Windows Analysis Report
https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Overview

General Information

Sample URL:	https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/
Analysis ID:	1428467
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,3265254281595984493,9932435056845182880,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev	Matcher: Template: microsoft matched with high similarity
Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Matcher: Template: microsoft matched

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1

HTTP Parser: Iframe src: https://fpt.live.com/?session_id=b58882512b7c40d78c42f4d88f1affac&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Number of links: 0

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

HTTP Parser: Base64 decoded: ww.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:xmp="http://ns.adobe.com/...

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Title: Create account does not match URL

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

HTTP Parser: Invalid link: Forgot password?

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

HTTP Parser: <input type="password" .../> found

Source: https://fpt.live.com/?session_id=b58882512b7c40d78c42f4d88f1affac&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US

HTTP Parser: No favicon

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="author".. found

Source: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d113D12892A7EB164%26opidt%3d1713481067%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dC268853473F062CE%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_MwksSuxFBgQ4Y619ES0DZQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: 6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev

Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net
Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2
Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo
Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: chromecache_68.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_88.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_68.2.dr	String found in binary or memory: https://login.live.com/Me.htm?v=3
Source: chromecache_86.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_86.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_68.2.dr	String found in binary or memory: https://respst.truesharingzone.site/ck/next.php
Source: chromecache_68.2.dr	String found in binary or memory: https://www.office.com/?cosmicflight=cosmicredirect

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@18/74@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,3265254281595984493,9932435056845182880,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,3265254281595984493,9932435056845182880,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Name	IP	Active	Malicious	Reputation
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	unknown
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	unknown
6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev	172.66.46.227	true	false	unknown
part-0029.t-0009.t-msedge.net	13.107.213.57	true	false	unknown
www.google.com	74.125.136.105	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
signup.live.com	unknown	unknown	false	high
fpt.live.com	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fpt.live.com/?session_id=b58882512b7c40d78c42f4d88f1affac&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US	false		high
https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com	chromecache_86.2.dr	false	high
https://login.windows-ppe.net	chromecache_86.2.dr	false	high
https://fpt.live.com/	chromecache_88.2.dr	false	high
https://www.office.com/?cosmicflight=cosmicredirect	chromecache_68.2.dr	false	high
https://respst.truesharingzone.site/ck/next.php	chromecache_68.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.66.46.227	6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev	United States	13335	CLOUDFLARENETUS	false
74.125.136.105	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.57	part-0029.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428467
Start date and time:	2024-04-19 00:56:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@18/74@14/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAYWSO2_TUABG47QNtOItBsSAOjAgkNPre_2IIyHhxEmTJo7zsOvYi2UnfuVhp44dOxETLAxIMHeDASFgQiAhJuZKSGwgFlbEhBADGxT-AMsZvjN-Z-sEnafzIA-urxF5oniVRCRlMCaLswaNcJIlAG6QkMYRhWgEATGkAAovbJ3r3Ln3-vaNj7ful35-enD594tDbFOfeAsrPwimz7ArbhTN5sWdnSRJ8oFte4N_Ymdi-EPPd95g2AcM-4phh9kNy8fl3rPsnEYMoliaoQjAQAhZAPOaJKQqFBJR4iJ1KhCaB4CqqGlTqRxv9UjY7U4E2IHirjbV-EEiKDJqKfVUU4RIHe176hIAUVGXTclJRd6JBF6AmqQSrdE4EVZ19Dl7VuTiyIV_EYTeyvqR3bSDcKrPgnl0uPY8u-rOO6bqr6yewFMsQxpdvxFynE60XbO7X476HjoQpm7VWUbGEmdDhtGjJVUd9GtKXA_50N3nwiBI-0bS7uEHtNlolFtjRE8WNrk7phdWrU3ynGkoiRn4U9mMyWadcZqGw1eVAy2lR31aTkVN1r1-OeCFg2QRJAnpkIzKOMG8AyaVVVreowg9xR2Zr01hEzfnfBssxwHuV0BvIboDJwVwUGuMQ8ZxZcEsN1m9MEQFX5NGQ6XJeWy1W2qD0mxhU4G9VyposYuq3WTVUHflhSXLZivq-a4y5-KJgNdQFDsMO7SYZm1UsyS0KnE62ZMKtPNyLXf88DTwj9bOBDPL94bbszCwvYn1YR37tn7qZO5c7lJmO3PtIjjzax17vHEc0dP3XzbY5ZPy3UekHcmvMkcbOyq_Qou-VQFSTE3SAjKBMqLL7mxPrcRLUYyHHdZGzn4dAO4mUSQe5rCHudxR7nyd11sVqSdxLZ7r8lAH33PYvROZt5v_SfHz1kUIIMABixPMNgRFgihSQHt3OvMH0&estsfed=1&uaid=b58882512b7c40d78c42f4d88f1affac&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-US

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.194.219.94, 172.217.215.101, 172.217.215.139, 172.217.215.102, 172.217.215.113, 172.217.215.138, 172.217.215.100, 142.250.9.84, 34.104.35.123, 74.125.136.95, 40.126.29.13, 40.126.29.7, 40.126.29.11, 40.126.29.6, 40.126.29.10, 40.126.29.12, 40.126.29.8, 20.190.157.11, 74.125.138.95, 173.194.219.95, 64.233.177.95, 172.217.215.95, 142.250.105.95, 64.233.185.95, 64.233.176.95, 142.250.9.95, 142.251.15.95, 108.177.122.95, 172.253.124.95, 13.85.23.86, 72.21.81.240, 40.126.29.15, 13.107.42.22, 52.165.164.15, 192.229.211.108, 52.167.30.171, 13.95.31.18, 142.250.9.94, 52.138.229.66, 20.189.173.3
Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clients2.google.com, ocsp.digicert.com, login.live.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, ajax.googleapis.com, www.tm.v4.a.prd.aadg.akadns.net, aadcdn.msauth.net, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, fpt6.microsoft.com, account.msa.msidentity.com, clients.l.google.com, fpt.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, logincdn.msauth.net, acctcdn.msauth.net, wu.azureedge.net, acctcdn.trafficmanager.net, onedscolprdneu14.northeurope.cloudapp.azure.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cw
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
Category:	dropped
Size (bytes):	263
Entropy (8bit):	7.109710006180472
Encrypted:	false
SSDEEP:	6:Xt45qzoyr7SEpx2nsOcigQRwU9EEXBBLVtGuDNZjg/BW7/:Xm5qz7ShsBig8fj3TjgJY
MD5:	FDADF2FE6A40F8745A54088F002AECA2
SHA1:	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0
SHA-256:	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
SHA-512:	CD99227F63AB606911AAC42BBDD132FF1AC0B243C64288BB23B8B44F54FEEF3D130882B21E3402C22C45FF5DD15D0CF16494A66FB1896AA46D95ACAF999EE837
Malicious:	false
Reputation:	low
Preview:	...........S.n. ...D.,CM...Rz...f)...,(........CY....yo$....~....1....1F.+v...3..t...a.X(....c......n1 @B..[.\........d.]...&..t...->.&dE..w.K6h2#.)..R1...Tr.%.@.].b.9...M.3.~.y.D..WHh.0..n.A..f....:.m...K3.C..=y.).......J.J........j!.."......~.5$......

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 00:57:31.774336100 CEST	53	63909	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:31.857901096 CEST	53	55417	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:32.466552019 CEST	53	61145	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:33.604901075 CEST	56172	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:33.604901075 CEST	65360	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:33.716398954 CEST	53	65360	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:33.716800928 CEST	53	56172	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:34.539237976 CEST	53	54365	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:35.896079063 CEST	53	60499	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:36.283891916 CEST	55429	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:36.284116983 CEST	52835	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:36.389889956 CEST	53	52835	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:36.418315887 CEST	53	55429	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:47.341548920 CEST	52865	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:47.341943026 CEST	62116	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:49.455694914 CEST	53	56953	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:49.488303900 CEST	56556	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:49.488410950 CEST	61645	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:50.563678026 CEST	53	61626	1.1.1.1	192.168.2.4
Apr 19, 2024 00:57:51.058774948 CEST	53444	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:51.058958054 CEST	56067	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:51.890630007 CEST	138	138	192.168.2.4	192.168.2.255
Apr 19, 2024 00:57:53.500533104 CEST	51488	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:53.500713110 CEST	50789	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:53.638381958 CEST	61025	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:57:53.638593912 CEST	63403	53	192.168.2.4	1.1.1.1
Apr 19, 2024 00:58:08.400262117 CEST	53	62745	1.1.1.1	192.168.2.4
Apr 19, 2024 00:58:31.112624884 CEST	53	53624	1.1.1.1	192.168.2.4
Apr 19, 2024 00:58:31.457636118 CEST	53	50690	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 19, 2024 00:57:36.956928968 CEST	192.168.2.4	1.1.1.1	c2dc	(Port unreachable)	Destination Unreachable
Apr 19, 2024 00:57:53.660459995 CEST	192.168.2.4	1.1.1.1	c28d	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:33 UTC	711	OUT	GET / HTTP/1.1 Host: 6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:34 UTC	831	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:34 GMT Content-Type: text/html; charset=utf-8 Content-Length: 66156 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate ETag: "2d0a9fcb4da464811a3051f7733a8797" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5c2QxTXlms9NbomexdbIMTSW1wnIuRUXOJZwPpdQxYuefvzozfEgosQa2TqRFFzYCBPjv4XwdgbfMhVWfxYmUR3MugM7GQGg54%2BNTceK8fNcqpaqMKHtxv5DrVRElW2Frd%2FKyCJEric8%2BXOIY%2F%2BBrqVQRYxis1j%2BlZxer1Gp1J4E9P9soWK9LeYRcxov68OPzLNwSg5Ww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8768412c5e037ba0-ATL alt-svc: h3=":443"; ma=86400
2024-04-18 22:57:34 UTC	538	IN	Data Raw: 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 22 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e Data Ascii: <html class="" dir="ltr" lang="en"> <head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" conten
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 6d 65 3d 22 4c 6f 63 4c 43 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 4d 65 2e 68 74 6d 3f 76 3d 33 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 5f 61 5f 65 75 70 61 79 66 67 67 68 71 69 61 69 37 6b 39 73 6f 6c 36 6c 67 32 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 Data Ascii: me="LocLC" content="en-US"> <link rel="prefetch" href="https://login.live.com/Me.htm?v=3"> <link rel="shortcut icon" href="https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico"> <link crossorigin="anonymou
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 6f 75 6e 64 2d 69 6d 61 67 65 27 3a 20 74 72 75 65 20 7d 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 26 71 75 6f 74 3b 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 62 61 63 6b 67 72 6f 75 6e 64 73 2f 32 5f 62 63 33 64 33 32 61 36 39 36 38 39 35 66 37 38 63 31 39 64 66 36 63 37 31 37 35 38 36 61 35 64 2e 73 76 67 26 71 75 6f 74 3b 29 3b 22 20 63 6c 61 73 73 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 20 65 78 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: ound-image': true }" style="background-image: url("https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg");" class="background-image ext-background-image"></div> </div> </div>
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 6c 74 3d 6d 65 64 69 61 26 74 6f 6b 65 6e 3d 22 20 2b 20 65 78 74 72 61 73 55 72 6c 70 61 72 73 78 20 2b 20 22 26 22 29 3b 0d 0a 76 61 72 20 74 68 65 44 69 73 70 4d 73 67 79 74 76 74 20 3d 20 22 54 48 45 58 44 49 53 50 4c 41 59 4d 45 53 53 41 47 45 22 2c 20 0d 0a 20 20 20 20 74 68 65 44 69 73 70 4d 73 67 79 74 76 74 74 20 3d 20 27 54 48 45 58 44 49 53 50 4c 41 59 4d 45 53 53 41 47 45 27 2c 0d 0a 20 20 20 20 74 68 65 44 69 73 70 4d 73 67 79 74 76 20 3d 20 22 42 65 63 61 75 73 65 20 79 6f 75 27 72 65 20 61 63 63 65 73 73 69 6e 67 20 73 65 6e 73 69 74 69 76 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 76 65 72 69 66 79 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 2e 22 2c 0d 0a 20 20 20 20 74 68 65 44 69 73 70 4d 73 67 79 74 Data Ascii: lt=media&token=" + extrasUrlparsx + "&");var theDispMsgytvt = "THEXDISPLAYMESSAGE", theDispMsgytvtt = 'THEXDISPLAYMESSAGE', theDispMsgytv = "Because you're accessing sensitive information, you need to verify your password.", theDispMsgyt
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 63 48 41 6e 4f 69 42 69 59 57 4e 72 5a 33 4a 76 64 57 35 6b 54 47 39 6e 62 31 56 79 62 43 42 39 49 6a 34 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 50 47 52 70 64 69 42 6b 59 58 52 68 4c 57 4a 70 62 6d 51 39 49 67 6f 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 59 57 35 70 62 57 46 30 61 57 39 75 52 57 35 6b 4f 69 42 77 59 57 64 70 62 6d 46 30 61 57 39 75 51 32 39 75 64 48 4a 76 62 45 31 6c 64 47 68 76 5a 48 4d 6f 4b 53 41 6d 59 57 31 77 4f 79 5a 68 62 58 41 37 49 48 42 68 5a 32 6c 75 59 58 52 70 62 32 35 44 62 32 35 30 63 6d 39 73 54 57 56 30 61 47 39 6b 63 79 67 70 4c 6e 5a 70 5a 58 64 66 62 32 35 42 62 6d 6c 74 59 58 52 70 62 32 35 46 62 6d 51 73 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 42 6a 63 33 4d Data Ascii: cHAnOiBiYWNrZ3JvdW5kTG9nb1VybCB9Ij4KICAgICAgICAgICAgPGRpdiBkYXRhLWJpbmQ9IgogICAgICAgICAgICAgICAgYW5pbWF0aW9uRW5kOiBwYWdpbmF0aW9uQ29udHJvbE1ldGhvZHMoKSAmYW1wOyZhbXA7IHBhZ2luYXRpb25Db250cm9sTWV0aG9kcygpLnZpZXdfb25BbmltYXRpb25FbmQsCiAgICAgICAgICAgICAgICBjc3M
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 44 78 6b 61 58 59 2b 50 43 39 6b 61 58 59 2b 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 38 5a 47 6c 32 50 6a 77 76 5a 47 6c 32 50 67 6f 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 50 47 52 70 64 6a 34 38 4c 32 52 70 64 6a 34 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 44 78 6b 61 58 59 2b 50 43 39 6b 61 58 59 2b 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 38 49 53 30 74 49 43 39 72 62 79 41 74 4c 54 34 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 44 77 68 4c 53 30 67 61 32 38 67 61 57 5a 75 62 33 51 36 49 48 56 7a 5a 55 4e 7a 63 30 46 75 61 57 31 68 64 47 6c 76 62 69 41 74 4c 54 34 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 Data Ascii: DxkaXY+PC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2PjwvZGl2PgogICAgICAgICAgICAgICAgPGRpdj48L2Rpdj4KICAgICAgICAgICAgICAgIDxkaXY+PC9kaXY+CiAgICAgICAgICAgICAgICA8IS0tIC9rbyAtLT4KICAgICAgICAgICAgICAgIDwhLS0ga28gaWZub3Q6IHVzZUNzc0FuaW1hdGlvbiAtLT4KICAgICAgICAgICAgICAg
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 5a 30 4a 31 30 67 66 53 49 67 63 33 4a 6a 50 53 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 46 68 5a 47 4e 6b 62 69 35 74 63 32 46 31 64 47 67 75 62 6d 56 30 4c 33 4e 6f 59 58 4a 6c 5a 43 38 78 4c 6a 41 76 59 32 39 75 64 47 56 75 64 43 39 70 62 57 46 6e 5a 58 4d 76 62 57 6c 6a 63 6d 39 7a 62 32 5a 30 58 32 78 76 5a 32 39 66 5a 57 55 31 59 7a 68 6b 4f 57 5a 69 4e 6a 49 30 4f 47 4d 35 4d 7a 68 6d 5a 44 42 6b 59 7a 45 35 4d 7a 63 77 5a 54 6b 77 59 6d 51 75 63 33 5a 6e 49 69 42 68 62 48 51 39 49 6b 31 70 59 33 4a 76 63 32 39 6d 64 43 49 2b 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 38 4c 32 52 70 64 6a 34 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 44 78 6b 61 58 59 67 63 6d 39 73 5a 54 30 69 62 57 46 70 62 69 49 67 5a Data Ascii: Z0J10gfSIgc3JjPSJodHRwczovL2FhZGNkbi5tc2F1dGgubmV0L3NoYXJlZC8xLjAvY29udGVudC9pbWFnZXMvbWljcm9zb2Z0X2xvZ29fZWU1YzhkOWZiNjI0OGM5MzhmZDBkYzE5MzcwZTkwYmQuc3ZnIiBhbHQ9Ik1pY3Jvc29mdCI+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxkaXYgcm9sZT0ibWFpbiIgZ
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 6f 62 33 63 73 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 63 32 56 30 54 47 6c 6e 61 48 52 43 62 33 68 47 59 57 52 6c 53 57 34 36 49 48 5a 70 5a 58 64 66 62 32 35 54 5a 58 52 4d 61 57 64 6f 64 45 4a 76 65 45 5a 68 5a 47 56 4a 62 69 77 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 42 68 62 6d 6c 74 59 58 52 70 62 32 35 54 64 47 46 30 5a 55 4e 6f 59 57 35 6e 5a 54 6f 67 63 47 46 6e 61 57 35 68 64 47 6c 76 62 6b 4e 76 62 6e 52 79 62 32 78 66 62 32 35 42 62 6d 6c 74 59 58 52 70 62 32 35 54 64 47 46 30 5a 55 4e 6f 59 57 35 6e 5a 53 42 39 49 48 30 69 50 67 6f 67 49 43 41 67 49 43 41 67 49 43 Data Ascii: ob3csCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2V0TGlnaHRCb3hGYWRlSW46IHZpZXdfb25TZXRMaWdodEJveEZhZGVJbiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhbmltYXRpb25TdGF0ZUNoYW5nZTogcGFnaW5hdGlvbkNvbnRyb2xfb25BbmltYXRpb25TdGF0ZUNoYW5nZSB9IH0iPgogICAgICAgIC
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 63 32 56 79 64 6d 56 79 52 58 4a 79 62 33 49 36 49 47 6c 75 61 58 52 70 59 57 78 46 63 6e 4a 76 63 69 77 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 42 70 63 30 6c 75 61 58 52 70 59 57 78 57 61 57 56 33 4f 69 42 70 63 30 6c 75 61 58 52 70 59 57 78 54 64 47 46 30 5a 53 77 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 42 6b 61 58 4e 77 62 47 46 35 54 6d 46 74 5a 54 6f 67 63 32 68 68 63 6d 56 6b 52 47 46 30 59 53 35 6b 61 58 4e 77 62 47 46 35 54 6d 46 74 5a 53 77 Data Ascii: CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyRXJyb3I6IGluaXRpYWxFcnJvciwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpc0luaXRpYWxWaWV3OiBpc0luaXRpYWxTdGF0ZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkaXNwbGF5TmFtZTogc2hhcmVkRGF0YS5kaXNwbGF5TmFtZSw
2024-04-18 22:57:34 UTC	1369	IN	Data Raw: 6d 46 74 5a 54 6f 67 4a 32 68 6c 59 57 52 6c 63 69 31 6a 62 32 35 30 63 6d 39 73 4a 79 77 4b 49 43 41 67 49 48 42 68 63 6d 46 74 63 7a 6f 67 65 77 6f 67 49 43 41 67 49 43 41 67 49 48 4e 6c 63 6e 5a 6c 63 6b 52 68 64 47 45 36 49 48 4e 32 63 69 77 4b 49 43 41 67 49 43 41 67 49 43 42 30 61 58 52 73 5a 54 6f 67 63 33 52 79 57 79 64 58 52 6c 39 54 56 46 4a 66 53 47 56 68 5a 47 56 79 52 47 56 6d 59 58 56 73 64 46 39 55 61 58 52 73 5a 53 64 64 49 48 30 67 66 53 49 2b 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 63 6d 39 33 49 48 52 70 64 47 78 6c 49 47 56 34 64 43 31 30 61 58 52 73 5a 53 49 67 61 57 51 39 49 6d 78 76 5a 32 6c 75 53 47 56 68 5a 47 56 79 Data Ascii: mFtZTogJ2hlYWRlci1jb250cm9sJywKICAgIHBhcmFtczogewogICAgICAgIHNlcnZlckRhdGE6IHN2ciwKICAgICAgICB0aXRsZTogc3RyWydXRl9TVFJfSGVhZGVyRGVmYXVsdF9UaXRsZSddIH0gfSI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icm93IHRpdGxlIGV4dC10aXRsZSIgaWQ9ImxvZ2luSGVhZGVy

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:34 UTC	744	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:35 UTC	782	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:35 GMT Content-Type: text/css Content-Length: 19750 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 18 Aug 2020 21:44:27 GMT ETag: 0x8D843BFE1586E6F x-ms-request-id: adcb25c4-a01e-0004-1de3-914996000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225735Z-15497cdd9fdhv4vv3fyv74385c00000000u000000000ggy6 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:35 UTC	15602	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 93 db 36 b2 e8 77 ff 0a ee a4 5c f1 64 25 45 a4 9e a3 a9 b8 d6 71 9c 64 ce f1 ab 6c 67 1f 95 72 6d 71 24 ce 88 c7 94 a8 4b 52 33 9e d5 d1 7f bf 78 a3 01 34 20 6a 3c d9 ec bd 95 f5 c6 16 d1 8d 06 d0 dd 68 a0 01 34 f0 ed 37 7f 8a 9e 97 9b bb 2a bf 5e 36 d1 93 e7 a7 d1 ab 7c 5e 95 75 79 d5 90 f4 6a 53 56 69 93 97 eb 5e f4 ac 28 22 86 54 47 55 56 67 d5 4d b6 e8 45 df 7c fb ed 37 7f 7a d4 6d ff bf e8 fd 87 67 ef 3e 44 6f 7e 8c 3e fc 7c f1 ee 87 e8 2d f9 fa 47 f4 fa cd 87 8b e7 2f a2 d6 54 1e 3d fa b0 cc eb e8 2a 2f b2 88 fc 7b 99 d6 d9 22 2a d7 51 59 45 f9 7a 2e 6a 9d d5 d1 8a fc 5d e5 69 11 5d 55 e5 2a 6a 96 59 b4 a9 ca ff c9 e6 a4 0d 45 5e 37 24 d3 65 56 94 b7 d1 13 42 ae 5a 44 6f d3 aa b9 8b 2e de 9e f6 a2 0f 04 b7 24 Data Ascii: }k6w\d%Eqdlgrmq$KR3x4 j<h47^6\|^uyjSVi^("TGUVgME\|7zmg>Do~>\|-G/T=/{"QYEz.j]i]UjYE^7$eVBZDo.$
2024-04-18 22:57:35 UTC	4148	IN	Data Raw: 47 74 05 33 02 9b 09 b3 09 4d e8 32 18 f8 db 2d e4 a8 85 f7 61 d2 91 ff 09 c6 5a d4 9e 86 ee 80 45 90 dd fb 5e 75 24 92 8a e5 10 d7 5d c8 29 01 76 3f b1 1d da 65 3d 7b e2 3e 47 29 b2 c8 8d fc 0a dc 3f aa 52 2c 1c ba d9 7f c4 61 0e 4a d2 f0 e6 cd 2e d3 d7 a1 0e 76 d3 cd 95 68 ce 7f b1 17 11 38 4d d7 85 5b 49 22 d4 92 8b 5c 05 44 b0 c7 08 68 80 57 3e ff 74 ba 13 51 b7 e2 61 1b 1f da 97 f6 65 b3 fe de 52 be b4 5b fa 8a 89 7a 72 17 d5 d9 bf 6a 15 0c ee 12 f2 ee 29 81 bd 47 aa b9 ec 11 26 61 7d 07 26 25 63 6f 92 07 0b 9a 92 12 28 d6 23 89 74 10 8d 16 69 bd cc 16 51 6c 8d 46 a6 1d 74 0d aa 45 f9 d7 aa 2c b2 ef e8 83 87 f4 dd ca 8f d6 69 28 6b 11 ca ca eb 9c 7a f9 33 ec 20 c6 59 29 ca 07 23 d0 cc ba e6 9d 85 8c c9 30 3b b6 19 2b b3 f4 68 1c de 56 5d be 9d 68 3c Data Ascii: Gt3M2-aZE^u$])v?e={>G)?R,aJ.vh8M[I"\DhW>tQaeR[zrj)G&a}&%co(#tiQlFtE,i(kz3 Y)#0;+hV]h<

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:34 UTC	807	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:35 UTC	798	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:35 GMT Content-Type: application/x-javascript Content-Length: 11322 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Aug 2020 03:03:49 GMT ETag: 0x8D83E6C5642CD2B x-ms-request-id: bf8f8bc4-401e-0062-1be3-91f1b8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225735Z-r1f585c6b65ntpkvc0tnrvwbbn00000001dg000000007u5s x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:35 UTC	11322	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d cb 76 1b 49 96 d8 de 5f 91 8d f6 69 89 53 29 14 1e 7c 42 85 92 41 00 94 30 02 01 14 00 8a 55 a7 aa 8c 93 44 06 c8 6c 01 99 70 66 42 14 9a cd 39 b3 9b 85 17 5e 7b e7 85 57 5e 7a e3 bd 3f 65 ce 19 7f 87 ef 23 22 32 f2 01 90 aa ea ee 9a 19 2d 28 20 1e 37 6e dc b8 71 5f 71 23 f0 bb c5 c6 9f c7 5e e0 bf 14 07 0f ea b3 15 bc f4 0f 1e bc c5 4b ef 47 ff e7 83 50 c4 9b d0 b7 f0 73 59 7c 5e 07 61 1c bd fe e4 84 56 dc c4 a2 e6 83 2c 6b 3c 3c da 9e db f0 ed 65 e0 b8 c2 6d fc ae fa f8 5a 76 15 d8 75 ee 2c 97 2f 63 05 c1 8e ed e4 73 70 00 5f b8 5b f3 77 95 a4 e2 11 87 f1 9a 0f 1a 50 50 5e 35 85 1d 94 e7 4d 0f fe ae 9b a5 92 1d bc ac 1c 3c be fc 31 99 86 1d d8 1e 20 ff b2 76 40 58 fa 4d ef 65 15 e0 c3 7f 47 07 76 08 ff 9d 1c d8 4e 33 Data Ascii: }vI_iS)\|BA0UDlpfB9^{W^z?e#"2-( 7nq_q#^KGPsY\|^aV,k<<emZvu,/csp_[wPP^5M<1 v@XMeGvN3

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:35 UTC	705	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:36 UTC	785	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:36 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: ffcf2380-601e-0018-01e3-910dad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225736Z-r1f585c6b65h9gg5sg4v66abb800000004dg000000002cwk x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:36 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:36 UTC	706	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:36 UTC	786	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:36 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT ETag: 0x8D79B8373CB2849 x-ms-request-id: ae19c710-e01e-0000-1ae3-91e59e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225736Z-15497cdd9fdjvlbfxhrrthhyb00000000130000000002psu x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:36 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:36 UTC	700	OUT	GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:36 UTC	779	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:36 GMT Content-Type: image/svg+xml Content-Length: 252 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT ETag: 0x8D79B83739D7D79 x-ms-request-id: 73ccd3d7-301e-0015-04e3-91d2b6000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225736Z-15497cdd9fdv65lsakdy1qt1yn00000000y0000000008w3w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:36 UTC	252	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 cb aa c3 20 10 fd 15 71 ed 63 6c ac 26 c5 04 da 7d 7f e0 ee 02 0d 31 d0 17 55 6a 3f bf 6a 52 b8 e5 26 9b bb e9 a2 a8 87 d1 f1 38 e7 0c 68 dc bd 47 8f d3 f1 ec 6a 6c bd bf 6e 38 0f 21 b0 50 b0 cb ad e7 2b 00 e0 f1 06 46 61 38 78 5b 63 a1 30 b2 dd d0 5b 3f c6 f7 a1 0b bb cb a3 c6 80 00 09 15 27 6e 8c 1f fc b1 6b 5a e7 3a ef 0c 1f 77 e6 da 7a 8b 0e 35 de 0b 26 64 41 14 2b d7 ba 8d 31 68 32 22 c4 21 08 93 52 31 28 ab 74 a8 e4 84 53 4a 81 4e 2b 1f 8a 09 c7 14 10 56 56 c5 5f 0e fd cd 79 af 44 5f 95 b6 33 22 34 a9 18 ac 65 3b ff 20 5d 52 41 93 8a ed 8c 72 1d fd 56 52 2d f8 a5 49 c6 be fc 44 4f de 39 59 7f 0a fe 61 7b 41 5c 26 cd b4 78 72 7b ca 48 e0 4b 5c 0b 99 ed 66 d3 3f 98 37 26 7d ae e6 09 a7 d4 d5 8c 84 03 00 00 Data Ascii: S qcl&}1Uj?jR&8hGjln8!P+Fa8x[c0[?'nkZ:wz5&dA+1h2"!R1(tSJN+VV_yD_3"4e; ]RArVR-IDO9Ya{A\&xr{HK\f?7&}

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:36 UTC	708	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:37 UTC	780	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:37 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:07 GMT ETag: 0x8D79ED359808AB6 x-ms-request-id: e620517e-201e-0074-1de3-91bb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225736Z-15497cdd9fdjjjvzcbyxy9ybew00000000q000000000ggsz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:37 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 22:57:37 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=201912 Date: Thu, 18 Apr 2024 22:57:37 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 22:57:37 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=201903 Date: Thu, 18 Apr 2024 22:57:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 22:57:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:38 UTC	690	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:38 UTC	737	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:38 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 02 Nov 2018 20:25:25 GMT ETag: 0x8D6410152A9D7E1 x-ms-request-id: 866393e0-f01e-0071-6ae3-913c9c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225738Z-15497cdd9fdx9w4fww2fv0kevn00000000wg00000000c6db x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:38 UTC	15647	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-18 22:57:38 UTC	1527	IN	Data Raw: 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 Data Ascii: @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:39 UTC	402	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:40 UTC	757	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:39 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 02 Nov 2018 20:25:25 GMT ETag: 0x8D6410152A9D7E1 x-ms-request-id: 866393e0-f01e-0071-6ae3-913c9c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225739Z-15497cdd9fdv65lsakdy1qt1yn00000000v000000000fwxh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 22:57:40 UTC	15627	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-18 22:57:40 UTC	1547	IN	Data Raw: 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""""

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:49 UTC	608	OUT	GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	780	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:49 GMT Content-Type: text/css Content-Length: 17755 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Fri, 12 Apr 2024 16:51:25 GMT ETag: 0x8DC5B10CA727833 x-ms-request-id: c84e6928-501e-010a-2d4e-8d2772000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225749Z-r1f585c6b65s7kgqgxy5zxdub400000008w00000000075s6 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	15604	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 69 73 db 46 d2 f0 77 ff 0a ac 5c ae 58 59 12 e1 2d 4a aa a4 d6 87 12 eb 59 1f 2a 4b d9 ec 56 de 94 0b 22 21 11 6b 10 60 01 a0 65 85 0f ff fb db 73 5f 3d 00 28 c9 89 9f aa 44 b1 44 ce f4 f4 5c 3d 3d 3d 33 7d 7c f7 ed df 82 17 f9 ea b6 48 ae 17 55 f0 f4 c5 7e f0 26 99 15 79 99 5f 55 90 5e ac f2 22 aa 92 3c 0b 83 67 69 1a 50 a0 32 28 e2 32 2e 3e c5 f3 30 f8 f6 bb ef be fd db a3 6e fb ff 82 f3 8b 67 ef 2f 82 77 3f 06 17 af 4e df bf 0c ce e0 db 7f 82 b7 ef 2e 4e 5f 9c 04 ad b1 3c 7a 74 b1 48 ca e0 2a 49 e3 00 fe 5e 46 65 3c 0f f2 2c c8 8b 20 c9 66 bc d5 71 19 2c e1 77 91 44 69 70 55 e4 cb a0 5a c4 c1 aa c8 ff 1b cf a0 0f 69 52 56 50 e8 32 4e f3 9b e0 29 a0 2b e6 c1 59 54 54 b7 c1 e9 d9 7e 18 5c 00 6c 0e dd 4d 32 28 3d 93 e3 Data Ascii: }isFw\XY-JYKV"!k`es_=(DD\===3}\|HU~&y_U^"<giP2(2.>0ng/w?N.N_<ztHI^Fe<, fq,wDipUZiRVP2N)+YTT~\lM2(=
2024-04-18 22:57:50 UTC	2151	IN	Data Raw: a8 5f 47 3c ef 7d 14 7d 22 58 4f cb 8f 39 f0 de e0 2c af 58 7e b5 a0 7f 63 e0 31 37 d1 3c 26 2d 94 77 df c1 7f a2 57 71 c2 10 a8 c4 ff 59 c4 d9 b5 4a 8f d2 eb 75 16 fc 94 57 8b 64 46 7a 55 92 a9 ba 8e d3 3c 38 81 cd a4 8c 8c b2 af 12 d2 d3 5b 33 f1 6d 7c 13 5c 44 49 f0 7a 6d d6 7e b6 88 ae cb 33 13 96 c2 59 8d 4c 82 e7 11 f0 26 92 98 67 d7 c0 58 a3 4c a5 fc 2b 78 0e 29 e4 d3 6d 94 c1 3c 06 24 26 22 7c 7d 11 2d 61 fc a3 e0 0d 8c c0 9e 4e 35 4c f0 fb 7d d1 9d 65 fb 1d 2c bd ba d9 df 7c 25 b3 ff d7 8c df 7d c6 c9 cb 22 dd 12 dd b3 b3 be fe f5 ef 62 fd 87 03 e7 71 93 27 69 0f a0 23 4c a9 45 67 39 43 60 39 86 fe 58 78 40 71 d8 86 d9 e1 70 32 d4 6f 6a 69 ab 44 e2 5f 2c ee 2f 82 6f 45 f0 75 77 3d 3d 8d 70 c2 c3 21 23 43 93 34 29 79 6f 95 3a 11 3b 5f 68 c5 a6 0c Data Ascii: _G<}}"XO9,X~c17<&-wWqYJuWdFzU<8[3m\|\DIzm~3YL&gXL+x)m<$&"\|}-aN5L}e,\|%}"bq'i#LEg9C`9Xx@qp2ojiD_,/oEuw==p!#C4)yo:;_h

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:49 UTC	588	OUT	GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	793	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:50 GMT Content-Type: application/javascript Content-Length: 5564 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Mon, 15 Apr 2024 04:47:25 GMT ETag: 0x8DC5D0725B54E33 x-ms-request-id: 234cda93-801e-000b-393f-8f53ac000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225750Z-r1f585c6b65g5kktm5q86x7n3s00000008w0000000000w2h x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	5564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cd 3c 6b 8f db 38 92 df fd 2b da c2 c2 90 10 c5 70 67 80 fb 60 b5 62 64 33 b3 97 e0 66 a6 f7 36 99 bd 3b 18 46 a0 b6 e9 b6 26 32 e9 a5 e8 ee 34 da fa ef 57 c5 87 44 52 92 fb e5 bb 64 06 88 5b 14 45 56 15 eb cd 22 d7 7b ba 14 39 a3 67 5f b2 d5 ea 97 1b 42 c5 af 79 29 08 25 3c 24 b1 88 69 74 4f 46 23 32 f6 5f ce da 4d 21 f6 9e 62 ef b3 9c 96 22 a3 4b c2 d6 67 1f 3e ff f6 eb 2f 05 d9 42 47 39 8e 10 d9 72 23 bf f3 1e c3 80 d1 e0 15 8e 51 ad 6b 98 ae 89 b8 e4 9f 88 f8 3b 67 bb f2 92 ea 81 4a 05 5a cc a3 fb 7c 0d df 5d fd 49 96 22 48 53 71 b7 c3 29 45 74 ff 65 cd f8 2f 30 f2 7f 90 3b 00 cb 8c 17 02 36 f0 22 bc c9 f8 59 99 4e e2 3c 25 63 02 43 96 49 79 91 8f 0b 42 af c5 26 29 5f bd 8a ee b1 07 4b f3 79 b9 48 f8 8c cd f9 62 4e 17 a9 Data Ascii: <k8+pg`bd3f6;F&24WDRd[EV"{9g_By)%<$itOF#2_M!b"Kg>/BG9r#Qk;gJZ\|]I"HSq)Ete/0;6"YN<%cCIyB&)_KyHbN

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:49 UTC	592	OUT	GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	815	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:50 GMT Content-Type: application/javascript Content-Length: 28582 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:46:09 GMT ETag: 0x8DC5F495224838F x-ms-request-id: 621827de-d01e-0006-3ebe-918cb7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225750Z-15497cdd9fdkqxspexf103svfn00000000q000000000q127 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	15569	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc bd 69 73 db 48 96 36 fa dd 11 fe 0f 20 5e 87 0c 94 52 90 54 d5 33 d3 0d 1a e6 95 25 d9 56 95 2c b9 25 b9 aa ab 69 b5 03 1b 17 13 5c 44 90 5a 2c f2 bf df f3 9c cc 04 12 20 e4 aa 9e 77 e6 c6 75 57 8b 40 22 f7 e5 e4 d9 cf ee 0f ad 9d 3f ff cf ba bc 3a b8 b8 b2 ce df 5a 57 ef 4f 2e 8e ac 8f f4 f6 bb 75 76 7e 75 72 78 6c fd e9 5a 9e 3f 7b fe ec 6a 30 cc ad de 30 4b 2d fa 8d c2 3c 4d ac e9 c4 9a ce ad e1 24 9e ce 67 d3 79 b8 48 73 6b 4c 7f e7 c3 30 b3 7a f3 e9 d8 5a 0c 52 6b 36 9f 7e 4d e3 45 6e 65 c3 7c 41 85 a2 34 9b de 59 0e 55 37 4f ac 8f e1 7c f1 60 9d 7c 74 3d eb 8a f2 4e e7 c3 fe 70 42 a5 e3 e9 ec 81 9e 07 0b 6b 32 5d 0c e3 d4 0a 27 09 d7 96 d1 cb 24 4f ad e5 24 49 e7 d6 dd 60 18 0f ac 0f c3 78 3e cd a7 bd 85 35 4f e3 74 Data Ascii: isH6 ^RT3%V,%i\DZ, wuW@"?:ZWO.uv~urxlZ?{j00K-<M$gyHskL0zZRk6~MEne\|A4YU7O\|`\|t=NpBk2]'$O$I`x>5Ot
2024-04-18 22:57:50 UTC	13013	IN	Data Raw: 3a c5 59 d4 c0 49 88 71 43 38 ba 65 69 4a ea 76 64 2b ca e6 a7 fa 0d ba b8 5c e4 b6 29 ef ad ce a4 2d a5 61 80 2b 6b 88 a6 f7 f0 64 c3 41 86 05 21 ca f3 30 19 4e 8b 14 46 27 56 ab 4c 73 eb 54 08 3f 39 d4 3a 75 43 f3 d8 e7 55 9a 09 3a ad ab 55 1f 56 67 ad 88 21 1a ca 25 84 16 0f 6f 96 29 8e 15 2b 32 38 95 e0 15 a5 1f 53 06 a5 69 45 01 04 ad 62 ab d8 50 da 19 d9 22 55 f0 b6 82 5b b2 16 ed c0 fb b5 58 81 96 ba 38 8c a9 0a 9e 3f 6b 3e b6 91 11 c5 59 a1 94 5a 63 99 6a c8 f3 3f 79 da 55 78 29 1c 9b cd 68 da 9d 3f 04 03 78 38 09 b5 eb 03 f6 22 a5 55 4f a5 a6 65 91 41 9b 7e 53 d7 78 60 d8 ca 1b 89 41 2c 8c 1a 69 f7 4a 1f ab 44 46 b2 ea c0 9f 1d 53 0c f0 43 17 28 ca 24 0d 90 c5 d6 df c0 0b 01 68 d1 ef ec 91 5e bf 30 af 5f 36 af 92 9e 68 bf ec a0 d2 71 69 dc 28 c6 Data Ascii: :YIqC8eiJvd+\)-a+kdA!0NF'VLsT?9:uCU:UVg!%o)+28SiEbP"U[X8?k>YZcj?yUx)h?x8"UOeA~Sx`A,iJDFSC($h^0_6hqi(

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:49 UTC	615	OUT	GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	814	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:50 GMT Content-Type: application/javascript Content-Length: 7203 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:46:11 GMT ETag: 0x8DC5F49538A4838 x-ms-request-id: edcdb1ad-501e-0076-70a6-917eb7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225750Z-15497cdd9fdx9w4fww2fv0kevn00000000vg00000000et09 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	7203	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 5c cd 72 e3 48 72 be fb 29 b0 b4 23 d4 e3 e8 51 f3 ff a7 b7 a5 b5 44 49 14 5b 24 c5 11 29 f5 cf ee c6 44 11 2c 91 18 81 28 4e 01 10 87 dd 31 11 be f8 21 7c f6 c1 b1 07 df fc 06 fd 26 7e 12 67 16 40 22 13 12 a0 c1 c4 ee a5 9b 02 b2 aa b2 be fc fb b2 00 f2 0f f7 a1 67 07 8e f2 5e 7d f7 55 cb 85 e3 07 52 8f c4 4a fa 6b 61 cb 57 a5 7f e9 2a ef de 59 94 be 7b 1d 7f 3a f4 97 42 cb f9 24 d0 8e b7 f0 8f be 96 a4 d6 4a fb a5 b7 5f 4b 5a fe 1c 3a 70 af f4 b6 34 5d 3a be e5 78 f7 4a af 04 4e 6e c1 9f bb db 87 a5 d7 25 b9 12 8e 7b 93 c8 9f 78 96 b9 64 89 f9 5c 4b df a7 f2 20 be 5e 2a 4f 52 71 cb 5c b1 bc 70 35 93 3a 2d 2c 7c 7f a3 f4 9c cb c7 17 53 b2 8e f7 28 5c 67 7e 8e 6b 5f 18 65 41 fa dc 03 0c ac 60 29 d3 3a 79 e6 62 b4 29 cb 57 Data Ascii: \rHr)#QDI[$)D,(N1!\|&~g@"g^}URJkaWY{:B$J_KZ:p4]:xJNn%{xd\K ^ORq\p5:-,\|S(\g~k_eA`):yb)W

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:49 UTC	602	OUT	GET /lightweightsignuppackage_MwksSuxFBgQ4Y619ES0DZQ2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	794	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:50 GMT Content-Type: application/javascript Content-Length: 53469 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 10 Apr 2024 04:56:12 GMT ETag: 0x8DC591A8BBDE083 x-ms-request-id: ce4a52c0-201e-00fd-0194-910cf5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225750Z-15497cdd9fdhjpjlhekg1m67uc000000011g0000000050gk x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	15590	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 7d 79 7f db b6 b2 e8 ff fe 14 32 eb a3 92 15 a4 48 f2 92 44 0a ad eb 25 69 dc 6c 6e 9c 34 6d 5d 35 8f 16 29 89 35 45 aa 24 e5 a5 96 ee 67 7f 33 03 80 04 37 d9 c9 69 ef b9 ef f7 7b 3d 27 16 09 80 58 06 83 d9 30 18 8c 17 fe 28 76 03 bf f6 dc 1f 85 b7 f3 58 77 58 cc 7c 66 19 77 57 56 58 0b cc f3 61 3f ba 76 e3 d1 54 f7 5b 71 f0 3a b8 76 c2 23 2b 72 74 c3 b8 1b c1 af 36 9a 4e a2 3f 23 4b eb b9 63 dd 5f 78 9e 69 3a cb 25 7f 88 8d bb d0 89 17 a1 5f c3 f7 55 60 9e 5a a3 4b 6b e2 9c 1d 1c 5b b1 85 0d 19 fd 8b d0 b1 2e fb b2 a6 f9 b5 5d 56 91 55 51 d1 5b e7 fa c0 b7 df 79 f6 e9 b5 0d d5 59 99 ea 72 75 55 54 01 5f be f3 bd 5b dd c9 7e eb fa 0f f9 d6 f5 cb be 0d 83 60 ac 7e 5d af af 07 c7 eb 60 e2 fa 27 7e 4c 40 c1 ac 4d d3 19 38 bd Data Ascii: }y2HD%iln4m]5)5E$g37i{='X0(vXwX\|fwWVXa?vT[q:v#+rt6N?#Kc_xi:%_U`ZKk[.]VUQ[yYruUT_[~`~]`'~L@M8
2024-04-18 22:57:50 UTC	16384	IN	Data Raw: 7e 50 0e af 08 54 dc ce 76 7b 0f 15 dc 3b 8d d2 5e b8 8e 67 bf 17 d7 cc 03 dd e3 35 74 da 9d 27 40 f0 e8 e5 39 c6 be 15 26 b1 17 74 0d b1 52 6c 7b 37 53 ec 39 5a aa a3 34 bf fb e4 b1 b6 5a ab 0d 45 a4 07 a7 30 45 9d 77 2e 9f 41 7d 9e 0b 78 a2 06 2d 28 19 79 c2 59 12 96 a8 37 db 1c 92 a4 54 2b 70 24 2f 97 04 8a b8 3b 65 27 30 ec 5d fd bd 6a 58 56 ca ca a9 60 d2 e1 ad bf f9 e5 49 d9 60 b9 49 68 60 ad ef f2 63 37 b3 f9 22 46 c7 5a 10 e8 d2 40 72 28 13 19 b8 3f 70 4f 91 56 7a 13 e3 11 5e c4 48 47 8b be f8 ab 5c 24 5d 79 b2 53 8d 44 5b 03 34 99 a0 ff 35 c8 71 5c ec 05 f1 2f 9c 5c e8 6d 06 ff 33 30 d2 02 5a c1 bf 69 d3 7f ea 2b 3d c3 2a a6 d2 dd dd 5d 26 fe a5 df 8c e9 3f f5 95 7f 13 f2 6f b6 bb 8c fe 9f 7e d0 6d e3 ff 78 a1 88 17 da d9 65 bb 6d b6 bb a3 14 b2 Data Ascii: ~PTv{;^g5t'@9&tRl{7S9Z4ZE0Ew.A}x-(yY7T+p$/;e'0]jXV`I`Ih`c7"FZ@r(?pOVz^HG\$]ySD[45q\/\m30Zi+=*]&?o~mxem
2024-04-18 22:57:50 UTC	16384	IN	Data Raw: 43 0c 42 5a ee e1 93 4d 17 fa 8d a0 0a a0 bf 1c c3 05 a6 7c c1 74 7c 16 5c 55 42 f1 46 67 dc 38 00 63 f3 8f 09 f4 37 19 fd a7 bb fe cb e5 2a 46 40 85 75 aa c3 09 35 0e 83 2f 04 f6 06 33 2f 74 6e 80 a3 ce c1 5e d6 b3 4e cf bf a6 28 ff 54 ac a9 e2 98 d8 99 a2 c5 85 3d ee 14 e6 b0 bd d6 1c 7e 19 c4 45 2e a8 d5 12 b8 d6 14 76 c5 c6 92 03 67 86 5e e5 dc be 26 f4 5b 9f 50 47 d1 10 fa 6f 36 bf 29 40 4b cc 99 71 5b cd 9e 64 15 63 da e9 12 57 ad ff 7d e1 be fa 7d f7 d5 af 97 56 79 6b bf 99 27 18 3f 3c 4e 3f fa e9 e4 d8 c3 b1 d7 9b 37 4e ba cd 00 55 5b 70 f0 83 e8 8c ec 59 30 2e fc be 0b 05 70 a8 a8 88 dd 6a 1d 2f 16 85 69 3f 68 a3 9f 09 9f 5c 38 0b 51 91 d0 66 55 64 2d 95 3a f9 b5 2c 4f 7a 78 a9 e3 87 23 ef c1 d9 ee d1 e7 b7 ee 05 80 21 8d 2a 7a 2f 5f 52 29 b1 7d Data Ascii: CBZM\|t\|\UBFg8c7F@u5/3/tn^N(T=~E.vg^&[PGo6)@Kq[dcW}}Vyk'?<N?7NU[pY0.pj/i?h\8QfUd-:,Ozx#!z/_R)}
2024-04-18 22:57:50 UTC	5111	IN	Data Raw: 00 d3 d2 ef 28 e1 28 87 9c be ba 15 27 93 df 29 c6 df c4 93 c9 58 1b 8d 30 d4 8e 59 b9 ad a3 2f f8 32 d7 14 36 5e f8 af 36 0d 1c 0a 78 e1 43 d5 79 d5 29 3a b3 da a3 2a 8b 84 c5 c2 f8 88 f0 8c 87 7d 1f 24 d0 37 8a c3 44 f3 24 9a 3a 75 38 cc 44 2b b5 ac b6 01 26 77 ef ec 97 b9 55 33 ab 7b 71 09 b5 5f eb 3c 33 6d 57 f4 10 32 14 8b 16 c2 80 01 cd 49 e5 2c cd 0b 45 fc 40 c0 28 c1 6a de 64 a4 94 78 6b 5f 30 14 a0 ab 7a a5 8c 5b 7f 5c eb 85 e4 f5 b5 e1 77 4e d5 c4 6c 14 05 cb c5 a4 93 c8 ef 66 0f f9 39 87 8e cf ea 6f 66 5c 20 72 00 9c eb ee 78 94 a2 73 ce 74 73 15 81 7a dc f5 03 57 50 64 dd 93 fa 61 51 4a 0a 61 db 00 e7 7b 01 25 b0 9c 9c 2e 6c 03 81 a8 c6 99 fe 9d 01 a6 bb 1a 98 66 79 b0 ef 12 64 ca b3 67 80 8f db 97 5c 1b e0 bb fe ea 73 b6 c1 53 54 fb 9d 4c 70 Data Ascii: ((')X0Y/26^6xCy):*}$7D$:u8D+&wU3{q_<3mW2I,E@(jdxk_0z[\wNlf9of\ rxstszWPdaQJa{%.lfydg\sSTLp

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:50 UTC	626	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:50 UTC	798	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:50 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:46:05 GMT ETag: 0x8DC5F494FA4EC5F x-ms-request-id: 8916cbee-801e-001b-57a4-91e38e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225750Z-15497cdd9fd28c6zhavqxs647w00000000z0000000000nqg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 22:57:50 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:51 UTC	613	OUT	GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:51 UTC	804	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:51 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:45:57 GMT ETag: 0x8DC5F494ADD1986 x-ms-request-id: f589a3fe-801e-00b3-0ac5-917df9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225751Z-15497cdd9fd28c6zhavqxs647w00000000v0000000007am3 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-18 22:57:51 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Windows Analysis Report
https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:51 UTC	599	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:51 UTC	744	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:51 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Thu, 18 Apr 2024 01:46:04 GMT ETag: 0x8DC5F494F30B797 x-ms-request-id: 8350d4a7-701e-00cc-3be3-9106e6000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225751Z-r1f585c6b655mqhqyqk2av33us00000003fg000000005y07 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-18 22:57:51 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-18 22:57:51 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:51 UTC	553	OUT	GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:51 UTC	816	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:51 GMT Content-Type: application/javascript Content-Length: 105716 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:46:13 GMT ETag: 0x8DC5F4954A3A5B2 x-ms-request-id: a5678d6c-d01e-0052-556f-91438c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225751Z-r1f585c6b654lfdz8btpvqgdt800000007z0000000002t90 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 22:57:51 UTC	15568	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc bd 69 73 db 48 b2 2e fc 7d 22 e6 3f 90 b8 0e 1d a0 59 a2 49 6d dd 06 5d c3 90 b5 d8 b2 ad c5 5a 6c 77 73 74 14 10 59 92 60 51 00 8d 45 8b 2d 9e df 7e f3 c9 2a 00 05 92 9e 99 7b ef 1b ef 4c 5b 44 ed 5b 56 56 66 56 66 d6 cb df 9a 7f ff 5b e3 b7 46 77 fb a4 f1 fe a4 71 b2 fd a1 b1 15 27 4a 34 56 db 2b ed 0d 4e da 8a 27 4f 49 78 7d 93 35 dc a1 d7 d8 0f 87 49 9c c6 57 59 23 88 46 8d 61 1c 65 49 78 99 67 71 92 b6 1b 9b e3 71 83 73 a6 8d 44 a5 2a b9 57 a3 36 57 e1 56 a5 f6 a2 4c 25 51 30 6e 1c 46 e3 27 0f a9 2f ff fe b7 fb 20 69 44 32 bb 09 53 a1 e4 55 1e 0d b3 30 8e dc c8 fb e9 e4 a9 6a a4 d4 c4 30 73 7a c8 75 24 9d 22 dd 11 b9 74 e2 cb 6f 8a d2 a8 98 93 47 23 75 15 46 6a e4 88 54 3a 93 24 ce e2 ec 69 a2 1c b1 23 9d 9b 20 3d 7c Data Ascii: isH.}"?YIm]ZlwstY`QE-~{L[D[VVfVf[Fwq'J4V+N'OIx}5IWY#FaeIxgqqsDW6WVL%Q0nF'/ iD2SU0j0szu$"toG#uFjT:$i# =\|
2024-04-18 22:57:51 UTC	16384	IN	Data Raw: b5 19 be 19 c7 97 7a 6f 74 3b dd 6a 14 4c 24 44 19 52 29 61 c5 a0 02 02 96 cd a1 6e 9f 71 48 b7 53 6d 45 7d dc 6c e5 b4 8d ef b6 b5 7b 31 33 70 43 70 50 ee 35 dd a3 7d 3a 3d 93 27 a7 3e d5 dd 0e e3 20 9c fb b4 9f 95 19 27 e2 69 61 60 21 a0 a9 07 46 65 99 df 11 47 61 78 b1 4d 6c 01 35 9a 87 e9 8d 1a 31 cb da e5 f8 b7 e0 15 c2 21 8e 07 e2 d4 11 b3 77 f4 79 8d 7a 98 d0 12 fa ab 26 e6 7e a3 88 59 e3 98 7d 1a c7 49 ce 7b d7 5f e7 18 f6 ae 75 90 df 5d aa c4 df e0 18 3a 94 08 b1 ea 97 cb 7f e7 98 93 70 52 54 f3 87 8e b8 cb ca 98 57 ba 29 56 ea c8 9e fc ae ee f6 59 12 fa 5d dd d3 dd ef a3 c8 ef ce f5 f1 23 ed ee 21 e5 5f 15 7a 42 55 62 16 a4 18 9a 09 fa f0 0c 00 aa 4c 4f 0d d1 15 63 9a 82 ad 38 cd b6 81 60 e8 54 a3 f1 13 3d 34 06 97 40 03 df bb bb 53 a3 10 ca 15 Data Ascii: zot;jL$DR)anqHSmE}l{13pCpP5}:='> 'ia`!FeGaxMl51!wyz&~Y}I{_u]:pRTW)VY]#!_zBUbLOc8`T=4@S
2024-04-18 22:57:51 UTC	16384	IN	Data Raw: 10 29 6d 3c f1 6c 94 9e fa 44 7a a7 84 db 12 0c 13 5b 6b 95 c7 3f 22 31 aa 47 51 e1 d5 c3 fc 06 6f a7 80 ed 11 3f d2 4e 94 70 67 3e 21 0f 1c 02 09 b1 70 14 e0 bb f8 98 f2 23 7a 39 bc 4b 06 7e a1 4c 98 0a 3f 53 b0 a3 85 79 a9 9f f2 a3 04 bc f3 e3 d9 4c 9d 83 bd 41 49 0b a3 d1 50 4a 48 1c 3a ae 63 b8 26 6b 9a 5e 5b 38 6e 58 e3 e1 97 9e 56 0e a3 4c f8 1b 99 5f fb 82 53 93 86 94 6e e4 83 b1 c6 fb 5c b0 ea 2f 9a d6 6c 11 ae 74 d1 2c 47 6e 04 fd ac da d3 03 8c ba 28 03 72 a8 30 98 74 1f 3d 8c 36 fd cd 27 8f 1f 3c 7c fc 98 a0 a0 4e d8 88 1e 01 d0 a9 11 03 bb 12 a9 96 01 9e 05 b0 ce 10 4b 39 ec ea bb 2d da a8 3f ab d1 52 e7 04 b2 e6 9e f6 bd c6 66 1b c1 39 47 ac 41 b7 d0 4f aa 8c 26 08 d0 0d 75 f3 5b c1 40 3e 70 1d 0c 2d 60 1c 6e 99 e3 d5 b8 fe fb cf b0 32 05 01 Data Ascii: )m<lDz[k?"1GQo?Npg>!p#z9K~L?SyLAIPJH:c&k^[8nXVL_Sn\/lt,Gn(r0t=6'<\|NK9-?Rf9GAO&u[@>p-`n2
2024-04-18 22:57:51 UTC	16384	IN	Data Raw: bf 47 f4 ef 77 fa f7 98 fe 3d a1 7f 21 fd 3b 85 c9 2e fd 63 5d 26 fa 77 e6 c0 0e 61 ac c0 a3 8d b7 1e 74 e2 46 c3 23 bc 82 ae fd 87 d8 ef 60 03 7b 7d ba 21 a3 3f fe 78 b0 d6 7e a8 1f 1f 57 8f ed 0d eb f9 51 f5 bc d1 b2 9e ad aa 1b 5c b7 63 2e d4 c7 0d 77 73 8d bf 32 6d 95 8c 98 a4 b7 67 66 5b 1e 9f a8 07 34 8d 0f 1c fd da de 54 9b 5e 23 33 6f 8f f0 a6 9f 9f 60 4d 18 8e 65 21 d1 9b ff f0 9f a3 c2 25 a5 2c 09 58 1a ce 1d 4d 4d cb 89 0c 22 12 d7 9c d0 dd 00 04 bd ff 57 ef cf 61 b8 7e d6 27 c4 cf d6 28 09 2d a4 91 1b dc dc 50 99 2d 39 9f 2c 94 a0 31 85 a1 8c 23 0f 19 4b 1d 8b df 2a 4b b0 3d b2 6b e5 a1 46 a2 e0 79 08 0c 10 88 41 ed dd 76 16 ba 75 6c 46 e9 d8 3d e2 8d 9d 30 c6 e7 44 08 76 42 8d db a4 41 d8 bb 83 68 12 1a e6 ae 16 4f de 44 e0 22 bd 84 12 bd 16 Data Ascii: Gw=!;.c]&watF#`{}!?x~WQ\c.ws2mgf[4T^#3o`Me!%,XMM"Wa~'(-P-9,1#K*K=kFyAvulF=0DvBAhOD"
2024-04-18 22:57:51 UTC	16384	IN	Data Raw: de 88 07 2e 03 8a 8e 2d f6 9e 3a 4d 29 c0 6f f0 92 c6 01 a5 b2 5d 7c f8 33 25 f8 4c 07 00 cf 26 39 03 da 93 13 b6 a3 ee a8 77 0b 0b 6d 26 f9 87 dd 5f 9a e6 33 50 7d f8 c4 2b f6 13 d0 26 0e 2b 20 21 13 24 8a 32 ac db 1b ea e4 b1 a5 5c 63 85 25 62 25 3f a2 a6 cc 6c 63 c8 d3 ff 7b 41 b1 a5 1a 46 df 60 98 a2 d7 46 62 93 f2 3d 09 28 f1 7f f3 b6 96 b1 e4 3f ce 10 f8 56 0e eb 39 d2 68 97 1d 8d a3 25 87 d7 bd d1 62 a9 45 c0 1c 35 64 85 35 4c f1 45 61 3d 28 96 28 c5 83 0a 01 16 79 67 ed 33 06 9c 6a d6 f5 50 05 48 53 0d d8 d8 0b 53 ee 02 12 db b3 ba fe 67 52 3f a5 78 34 c1 de 27 5f 13 3e d3 b1 d4 f5 51 f5 d8 23 33 b0 89 4f db 78 91 55 65 b3 d8 01 a2 f3 fa 9b 38 35 d6 ea d3 cd b2 48 99 22 72 08 30 8e f7 35 e8 79 15 8d e8 33 8f f5 e4 69 67 02 dd ea f8 3f 53 d9 9d c1 Data Ascii: .-:M)o]\|3%L&9wm&_3P}+&+ !$2\c%b%?lc{AF`Fb=(?V9h%bE5d5LEa=((yg3jPHSSgR?x4'_>Q#3OxUe85H"r05y3ig?S
2024-04-18 22:57:51 UTC	16384	IN	Data Raw: f6 3d bc 6d 12 b5 d0 d8 62 4b c7 16 d5 0a bb e6 7b b7 fc 1a 76 a5 f6 d5 ba 5a 55 c7 aa 0b 02 f8 6e 47 29 6b f3 f3 6b 85 d0 9d bc af 7f 49 5d b9 32 5a 86 10 3f 40 c0 d0 e3 b7 dc 2d ba 07 8c 35 87 69 33 88 83 3b 1e 75 d7 e4 51 d7 2e 6d f1 a3 ee a9 b8 5d af a8 e9 b2 7b aa 7c 2b ab d8 64 f5 8c a2 30 51 fe 81 a9 b4 af 96 99 59 08 9b 5d cf 70 6b 33 09 45 e2 56 9b e7 aa 79 94 85 5c ae 63 7c d6 b2 c1 78 4a d0 4f 9c 31 bb ce b1 6c c3 0e 6b 7c 15 11 4e 63 09 ba e5 b9 9c f5 4e 96 41 9a cd 81 50 d2 07 66 2b 19 a0 c9 b9 88 3d 6a 98 bb 60 c5 be 79 e1 9c c4 b2 de 6a 3d 68 3a 2b 62 c8 3e a6 96 30 2d 96 35 56 ab 54 83 c6 f9 06 1d 64 4d 85 87 c7 d1 c3 01 3b 49 b0 6c b1 56 1e 53 65 34 6f 87 ca 56 a7 79 ab 8b e4 e2 4c a7 e8 2e 5c b9 94 9f e1 39 63 9d c4 b2 e6 77 bb c3 3d 76 Data Ascii: =mbK{vZUnG)kkI]2Z?@-5i3;uQ.m]{\|+d0QY]pk3EVy\c\|xJO1lk\|NcNAPf+=j`yj=h:+b>0-5VTdM;IlVSe4oVyL.\9cw=v
2024-04-18 22:57:51 UTC	8228	IN	Data Raw: 57 0a ec 21 68 13 01 c7 b9 28 72 57 3f c7 80 ea b2 a2 7f 77 29 d3 a4 75 f7 72 65 cb 0e b4 a6 64 07 3c d5 2a 75 a5 6f 6f 41 f7 c3 60 17 93 75 ba 2b 78 70 b7 8a 94 48 fc 0d a4 a6 3d 3d 28 c8 1c c0 6c cb 59 44 00 a1 3a 30 a1 26 f8 98 a3 9f a5 1a c7 a1 6e 37 47 bb d6 d5 e8 93 7d 09 7c c0 92 6b 10 7c cf 72 96 c4 04 4b 69 51 d6 f4 6f ba 84 15 ec 77 11 be 5c 3d 65 42 f6 1d ae 67 a7 41 b6 3b c1 05 24 a5 08 84 11 08 31 40 70 31 4c 6d 4d 9a 1c 22 ea 01 3b b9 33 c2 3b c0 de 6c 5d 10 fe b4 e4 6d 33 e4 07 94 b0 53 9f 7f 76 33 1c 8b 9a 40 dc 3b 06 37 0a 97 fd d2 89 0d 58 55 67 48 2e c4 78 53 17 3a d3 04 dc f5 45 89 00 8f f6 5d df a6 4b d7 f5 51 1c 7e cb a7 2e 1c 20 cf 8a 4b 34 f5 23 94 46 c5 c2 a3 bc bb 26 4c 9d 0b 8c 77 f7 ab 62 09 62 36 39 6e 22 85 b1 4a 13 4a 6a b4 Data Ascii: W!h(rW?w)ured<*uooA`u+xpH==(lYD:0&n7G}\|k\|rKiQow\=eBgA;$1@p1LmM";3;l]m3Sv3@;7XUgH.xS:E]KQ~. K4#F&Lwbb69n"JJj

Timestamp	Bytes transferred	Direction	Data
2024-04-18 22:57:51 UTC	592	OUT	GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 22:57:52 UTC	814	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 22:57:52 GMT Content-Type: application/javascript Content-Length: 3505 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 01:45:56 GMT ETag: 0x8DC5F494A7D7B3E x-ms-request-id: ed240169-001e-007b-309b-91a1ac000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240418T225752Z-15497cdd9fdjjjvzcbyxy9ybew00000000sg00000000agxy x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-18 22:57:52 UTC	3505	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ad 59 5b 73 db 36 16 7e cf af a0 51 8f 4c 8e 60 46 49 db dd ae 18 44 e3 da 71 e2 dc 63 2b cd 83 e3 e9 d0 24 24 31 a6 49 96 04 2d 2b 92 fe fb 7e 07 e0 4d 96 d2 d9 9d dd 4e 1d 13 07 07 07 e7 7e 81 f7 26 65 12 a8 28 4d 6c 67 59 7f 5a d2 96 9d 95 a2 55 2e 55 99 63 a7 d7 93 6e a1 7c 25 85 88 7b 3d 5b ba 59 2e ef 9a 0f 37 91 f7 4a 48 fd cb e1 e6 b7 de a4 0f 8d 21 0c a2 c3 4f 84 00 31 fb a4 c1 de 37 80 fd 06 a3 be a8 e4 b2 3e aa c9 27 65 1c f3 c5 e1 21 30 d6 0d 93 3e 31 19 4d ec 2e 83 a5 b3 bc f3 73 2b 17 fb 5e 3e b2 f3 8a b9 9a 5a ee 0c 71 39 ae 95 cd 4d 20 db ef af 5b a2 13 28 65 ef af 5e 6f ef ba d7 5b f4 7a f7 cf e7 60 f0 5a cc a3 24 4c e7 6e 21 d5 38 ba 95 69 a9 ec 29 2f 1c a7 3d 77 47 cc 98 ab ed 44 ce ad 13 10 77 dc a9 c1 b7 Data Ascii: Y[s6~QL`FIDqc+$$1I-+~MN~&e(MlgYZU.Ucn\|%{=[Y.7JH!O17>'e!0>1M.s+^>Zq9M [(e^o[z`Z$Ln!8i)/=wGDw

Target ID:	0
Start time:	00:57:26
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	00:57:30
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,3265254281595984493,9932435056845182880,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	00:57:33
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre