Edit tour

Windows Analysis Report
https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D

Overview

General Information

Sample URL:	https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2B
Analysis ID:	1430822
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2128,i,8466329584062212164,3061137521727942845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1

HTTP Parser: Iframe src: https://fpt.live.com/?session_id=c4c87b039cc74659b3188fb5a3c019f3&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhdNPi-NkAAbwZjpbZwbcHRZZRhGcgwcR2yZvkyYdGKRt0iZtk6Zpm0kCGpo0TdI0efOvTdM9C97c26J40tueRBHEg-xBcJm9LHtR9hPIHkQUlj3a-QRentPv9jzPyVG9AkAFq6AfFrEKdvE-hZqmOauTZQI35mUcnxllqg6IMm6QDROfmyRJEvHdk9Pi_Se__va12vnh7Isfv3389r-PkPecNA2Ti2o1scx17KZ5xXfNGCZwkVZM6Fd_QpBnCPIngjw6SOo1Cm8QtQYAdRKgjQbAKrzPZzxt5qrPp8JS8NUxigoTaTWYeJgARqm2ZDCNbu6N4wiA2Wq-Smi0CobdvZ9IzrB947ndYGLXhrSd8qDjqleSq4JpptGy9-LgzrC5Th1wEzB2d9Y_B8cLGPt6CJP0q-Lz4jC0Am7ehkFgmWnlhllB6pqz1IWBGMPQilPXSi7p3dpGV5zOKXTgyO0eKXSF1WADzUxaXgF81oyC3hije45BKiQnMG3WLgsTetNZpH56tYiBPu9QnqYTzsJI1ig3l1sp26IDXFZbwGNYYtVIajUdj1pqc2TFMCNszou4eb8xwWCPLMOdU5slwJBGAh9SeGSJLtkug-m2paSks4tEdyL2cIljJWM-7QrmiMm13U5ChTZDxOMos8l4KY1wIt8E6YCaUhiPtpxcabKzKG9u1b5qs9qwL9ci2bKgHAZ85tUFxd5krbyDGSLeV_3uYMF0iLBOUxzdRZWMYDh6SHr5HLMHYyLIAz1pc56lqVlCjxpMuA3nC7ntCUp_ZTMB1Ri4bA78DePyJmPw7JQRRCXMxrxp-cCcaGJnEakbrK4r1tSx1mpZtJx2RiZ9at1v0taa4GamonYwEPE45Oww4Y22sSlPXKIzE_VFtLFhX2RlAL8v...	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: Title: Create account does not match URL

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0	HTTP Parser: No favicon
Source: https://fpt.live.com/?session_id=c4c87b039cc74659b3188fb5a3c019f3&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhdNPi-NkAAbwZjpbZwbcHRZZRhGcgwcR2yZvkyYdGKRt0iZtk6Zpm0kCGpo0TdI0efOvTdM9C97c26J40tueRBHEg-xBcJm9LHtR9hPIHkQUlj3a-QRentPv9jzPyVG9AkAFq6AfFrEKdvE-hZqmOauTZQI35mUcnxllqg6IMm6QDROfmyRJEvHdk9Pi_Se__va12vnh7Isfv3389r-PkPecNA2Ti2o1scx17KZ5xXfNGCZwkVZM6Fd_QpBnCPIngjw6SOo1Cm8QtQYAdRKgjQbAKrzPZzxt5qrPp8JS8NUxigoTaTWYeJgARqm2ZDCNbu6N4wiA2Wq-Smi0CobdvZ9IzrB947ndYGLXhrSd8qDjqleSq4JpptGy9-LgzrC5Th1wEzB2d9Y_B8cLGPt6CJP0q-Lz4jC0Am7ehkFgmWnlhllB6pqz1IWBGMPQilPXSi7p3dpGV5zOKXTgyO0eKXSF1WADzUxaXgF81oyC3hije45BKiQnMG3WLgsTetNZpH56tYiBPu9QnqYTzsJI1ig3l1sp26IDXFZbwGNYYtVIajUdj1pqc2TFMCNszou4eb8xwWCPLMOdU5slwJBGAh9SeGSJLtkug-m2paSks4tEdyL2cIljJWM-7QrmiMm13U5ChTZDxOMos8l4KY1wIt8E6YCaUhiPtpxcabKzKG9u1b5qs9qwL9ci2bKgHAZ85tUFxd5krbyDGSLeV_3uYMF0iLBOUxzdRZWMYDh6SHr5HLMHYyLIAz1pc56lqVlCjxpMuA3nC7ntCUp_ZTMB1Ri4bA78DePyJmPw7JQRRCXMxrxp-cCcaGJnEakbrK4r1tSx1mpZtJx2RiZ9at1v0taa4GamonYwEPE45Oww4Y22sSlPXKIzE_VFtLFhX2RlAL8v	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhdNPi-NkAAbwZjpbZwbcHRZZRhGcgwcR2yZvkyYdGKRt0iZtk6Zpm0kCGpo0TdI0efOvTdM9C97c26J40tueRBHEg-xBcJm9LHtR9hPIHkQUlj3a-QRentPv9jzPyVG9AkAFq6AfFrEKdvE-hZqmOauTZQI35mUcnxllqg6IMm6QDROfmyRJEvHdk9Pi_Se__va12vnh7Isfv3389r-PkPecNA2Ti2o1scx17KZ5xXfNGCZwkVZM6Fd_QpBnCPIngjw6SOo1Cm8QtQYAdRKgjQbAKrzPZzxt5qrPp8JS8NUxigoTaTWYeJgARqm2ZDCNbu6N4wiA2Wq-Smi0CobdvZ9IzrB947ndYGLXhrSd8qDjqleSq4JpptGy9-LgzrC5Th1wEzB2d9Y_B8cLGPt6CJP0q-Lz4jC0Am7ehkFgmWnlhllB6pqz1IWBGMPQilPXSi7p3dpGV5zOKXTgyO0eKXSF1WADzUxaXgF81oyC3hije45BKiQnMG3WLgsTetNZpH56tYiBPu9QnqYTzsJI1ig3l1sp26IDXFZbwGNYYtVIajUdj1pqc2TFMCNszou4eb8xwWCPLMOdU5slwJBGAh9SeGSJLtkug-m2paSks4tEdyL2cIljJWM-7QrmiMm13U5ChTZDxOMos8l4KY1wIt8E6YCaUhiPtpxcabKzKG9u1b5qs9qwL9ci2bKgHAZ85tUFxd5krbyDGSLeV_3uYMF0iLBOUxzdRZWMYDh6SHr5HLMHYyLIAz1pc56lqVlCjxpMuA3nC7ntCUp_ZTMB1Ri4bA78DePyJmPw7JQRRCXMxrxp-cCcaGJnEakbrK4r1tSx1mpZtJx2RiZ9at1v0taa4GamonYwEPE45Oww4Y22sSlPXKIzE_VFtLFhX2RlAL8v	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DDzug0lI_IXDnhVCJ7NGNlLvocwRjW24aAqnJS1DJhb7X7INECHg-NTDvFftmtWfr2_dF8kZ_5hfbsu0IdVBtHBDn4VYB2kEH5l9s33_4qBYAQerow5gIkqIdK9T1oJ7-ozh3as2bRQNMp84qePi7C-2UxBXt7hzqPiTPJ4RIHRbdUGNcQEyZzzR0NCE5rSqwg7rjRQ45yvntL8U81M0BhyXAHaqyAxYKYgHZOKV3qVeeoVpnMwk6NXgvwByF1bP4KYmGLfEF5p6D8IDG0Xw5EIDO7kyd1gLS5nyn_sCIkeZYwsDQ9EpxpdfVCkNXKlgEn89LiHy2mvEiMcEbMHUENPXpwSMcem2cTZPFfqYv16_XeUheuY-PehCw7sK8uKADeu5IacXYF12qM4oIgpsMbCbv-Ti5FaP_fqvgoKPHV2o&response_mode=form_post&nonce=638495392267209921.MmMwMDcyYmMtNjNmYS00NTRlLTk1N2QtZjE1ZDAwMDhhN2ExZmY5ZDY2OGMtNTRhOC00NTIzLTg3ODgtM2FiYWRiY2UwZDVk&client-request-id=c4c87b03-9cc7-4659-b318-8fb5a3c019f3&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.22.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhdNPi-NkAAbwZjpbZwbcHRZZRhGcgwcR2yZvkyYdGKRt0iZtk6Zpm0kCGpo0TdI0efOvTdM9C97c26J40tueRBHEg-xBcJm9LHtR9hPIHkQUlj3a-QRentPv9jzPyVG9AkAFq6AfFrEKdvE-hZqmOauTZQI35mUcnxllqg6IMm6QDROfmyRJEvHdk9Pi_Se__va12vnh7Isfv3389r-PkPecNA2Ti2o1scx17KZ5xXfNGCZwkVZM6Fd_QpBnCPIngjw6SOo1Cm8QtQYAdRKgjQbAKrzPZzxt5qrPp8JS8NUxigoTaTWYeJgARqm2ZDCNbu6N4wiA2Wq-Smi0CobdvZ9IzrB947ndYGLXhrSd8qDjqleSq4JpptGy9-LgzrC5Th1wEzB2d9Y_B8cLGPt6CJP0q-Lz4jC0Am7ehkFgmWnlhllB6pqz1IWBGMPQilPXSi7p3dpGV5zOKXTgyO0eKXSF1WADzUxaXgF81oyC3hije45BKiQnMG3WLgsTetNZpH56tYiBPu9QnqYTzsJI1ig3l1sp26IDXFZbwGNYYtVIajUdj1pqc2TFMCNszou4eb8xwWCPLMOdU5slwJBGAh9SeGSJLtkug-m2paSks4tEdyL2cIljJWM-7QrmiMm13U5ChTZDxOMos8l4KY1wIt8E6YCaUhiPtpxcabKzKG9u1b5qs9qwL9ci2bKgHAZ85tUFxd5krbyDGSLeV_3uYMF0iLBOUxzdRZWMYDh6SHr5HLMHYyLIAz1pc56lqVlCjxpMuA3nC7ntCUp_ZTMB1Ri4bA78DePyJmPw7JQRRCXMxrxp-cCcaGJnEakbrK4r1tSx1mpZtJx2RiZ9at1v0taa4GamonYwEPE45Oww4Y22sSlPXKIzE_VFtLFhX2RlAL8v...	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/password/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhdNPi-NkAAbwZjpbZwbcHRZZRhGcgwcR2yZvkyYdGKRt0iZtk6Zpm0kCGpo0TdI0efOvTdM9C97c26J40tueRBHEg-xBcJm9LHtR9hPIHkQUlj3a-QRentPv9jzPyVG9AkAFq6AfFrEKdvE-hZqmOauTZQI35mUcnxllqg6IMm6QDROfmyRJEvHdk9Pi_Se__va12vnh7Isfv3389r-PkPecNA2Ti2o1scx17KZ5xXfNGCZwkVZM6Fd_QpBnCPIngjw6SOo1Cm8QtQYAdRKgjQbAKrzPZzxt5qrPp8JS8NUxigoTaTWYeJgARqm2ZDCNbu6N4wiA2Wq-Smi0CobdvZ9IzrB947ndYGLXhrSd8qDjqleSq4JpptGy9-LgzrC5Th1wEzB2d9Y_B8cLGPt6CJP0q-Lz4jC0Am7ehkFgmWnlhllB6pqz1IWBGMPQilPXSi7p3dpGV5zOKXTgyO0eKXSF1WADzUxaXgF81oyC3hije45BKiQnMG3WLgsTetNZpH56tYiBPu9QnqYTzsJI1ig3l1sp26IDXFZbwGNYYtVIajUdj1pqc2TFMCNszou4eb8xwWCPLMOdU5slwJBGAh9SeGSJLtkug-m2paSks4tEdyL2cIljJWM-7QrmiMm13U5ChTZDxOMos8l4KY1wIt8E6YCaUhiPtpxcabKzKG9u1b5qs9qwL9ci2bKgHAZ85tUFxd5krbyDGSLeV_3uYMF0iLBOUxzdRZWMYDh6SHr5HLMHYyLIAz1pc56lqVlCjxpMuA3nC7ntCUp_ZTMB1Ri4bA78DePyJmPw7JQRRCXMxrxp-cCcaGJnEakbrK4r1tSx1mpZtJx2RiZ9at1v0taa4GamonYwEPE45Oww4Y22sSlPXKIzE_VFtLFhX2RlAL8v...	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3d39931C6663A5EF82%26opidt%3d1713942453%26uaid%3dc4c87b039cc74659b3188fb5a3c019f3%26contextid%3d11133D18AA8AB244%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=c4c87b039cc74659b3188fb5a3c019f3&suc=80ccca67-54bd-44ab-8625-4b79c4dc7775&lic=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49698 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_9itStK--DdHYjkMJSN7X3A2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: unknown

HTTP traffic detected: POST /report/MSA-UX-All HTTP/1.1Host: csp.microsoft.comConnection: keep-aliveContent-Length: 790sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/csp-reportAccept: */*Origin: https://signup.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: reportReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_117.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_75.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_75.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49698 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@20/93@24/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2128,i,8466329584062212164,3061137521727942845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2128,i,8466329584062212164,3061137521727942845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
part-0041.t-0009.t-msedge.net	13.107.246.69	true	false	unknown
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	unknown
www.google.com	142.250.141.147	true	false	high
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
signup.live.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	high
account.live.com	unknown	unknown	false	high
fpt.live.com	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fpt.live.com/?session_id=c4c87b039cc74659b3188fb5a3c019f3&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com	chromecache_75.2.dr	false	high
https://login.windows-ppe.net	chromecache_75.2.dr	false	high
https://fpt.live.com/	chromecache_117.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.104	unknown	United States	15169	GOOGLEUS	false
13.107.246.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
13.107.213.69	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.141.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430822
Start date and time:	2024-04-24 09:06:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@20/93@24/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAAhdNPi-NkAAbwZjpbZwbdHUSWUQTn4EHEtsnbpEkHBmmbtEnbpGnaZpKAhiZNkzRN3vxr03TPgjf3trh40tueFkUQD7IHwWX2suxF8RPIHkQUZI92PoGX5_S7Pc9zclSvAFDBKuiHRayCXbxPoaZpzupkmcCNeRnHZ0aZqgOijBtkw8TnJkmSRPzmyWnx3tOff_lK7Xx39sX33zx5-5-HyLG-cjdWxYT-I-Q9J03D5KJaTSxzHbtpXvFdM4YJXKQ3oPoDgjxHkD8Q5NFBUq9ReIOoNQCokwBtNABW4X0-42kzV30-FZaCr45RVJhIq8HEwwQwSrUlg2l0c28cRwDMVvNVQqNVMOzu_URyhu0bz-0GE7s2pO2UBx1XvZJcFUwzjZa93w_uDJvr1AE3AWN3Z_19cLyAsa-HMEkfFl8Uh6EVcPM2DALLTCs3zApS15ylLgzEGIZWnLpWcknv1ja64nROoQNHbvdIoSusBhtoZtLyCuCzZhT0xhjdcwxSITmBabN2WZjQm84i9dOrRQz0eYfyNJ1wFkayRrm53ErZFh3gstoCHsMSq0ZSq-l41FKbIyuGGWFzXsTN-40JBntkGe6c2iwBhjQS-JDCI0t0yXYZTLctJSWdXSS6E7GHSxwrGfNpVzBHTK7tdhIqtBkiHkeZTcZLaYQT-SZIB9SUwni05eRKk51FeXOr9lWb1YZ9uRbJlgXlMOAzry4o9iZr5R3MEPG-6ncHC6ZDhHWa4uguqmQEw9FD0svnmD0YE0Ee6Emb8yxNzRJ61GDCbThfyG1PUPormwmoxsBlc-BvGJc3GYNnp4wgKmE25k3LB-ZEEzuLSN1gdV2xpo61Vsui5bQzMulT636TttYENzMVtYOBiMchZ4cJb7SNTXniEp2ZqC-ijQ37IisD-G2xtF-eD4Pr4u19f4E7Pw9juHBX1vND5OXh3aPS6d0z5LzwwVto8eLo6OS0cFY4L7w6RL6-tZ-79-69Zx9_-iv7k_70-sE7nxxc36rKUZh6uZT4whK6DBAVKk890erMvFaL05KpQ4yDAbDloJdd4hfY_RJyv1S6Lh1ztC4wE7yO_VVCPn-t8OPx_53l8evIkzcKr27_-9uDZy8--_JP9uWdj66GatbPh1EOeRBELBmM8kFVUOK15zc9lktoYsDt4qZW3TKXj08L_wE1&estsfed=1&uaid=c4c87b039cc74659b3188fb5a3c019f3&signup=1&lw=1&fl=easi2&fci=80ccca67-54bd-44ab-8625-4b79c4dc7775

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.139, 142.251.2.101, 142.251.2.138, 142.251.2.113, 142.251.2.102, 142.251.2.100, 142.251.2.84, 34.104.35.123, 13.107.6.192, 20.190.151.8, 20.190.151.132, 20.190.151.9, 20.190.151.6, 20.190.151.70, 20.190.151.69, 20.190.151.134, 20.190.151.133, 184.50.26.67, 184.50.26.42, 20.190.151.68, 20.190.151.67, 20.190.151.7, 142.250.141.95, 142.251.2.95, 40.68.123.157, 23.1.234.24, 23.1.234.57, 192.229.211.108, 20.3.187.198, 13.107.42.22, 13.95.31.18, 20.42.73.24, 74.125.137.95, 20.72.243.62, 142.250.101.94, 74.125.137.113, 74.125.137.139, 74.125.137.100, 74.125.137.101, 74.125.137.102, 74.125.137.138
Excluded domains from analysis (whitelisted): lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, onedscolprdeus03.eastus.cloudapp.azure.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, a767.dspw65.akamai.net, ak.privatelink.msidentity.com, clients2.google.com, ocsp.digicert.com, login.live.com, update.googleapis.com, csp.microsoft.com, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, fpt2.microsoft.com, fs.microsoft.com, b-0037.b-msedge.net, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, lgincdnvzeuno.ec.azureedge.net, aadcdn.msauth.net, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, aadcdnoriginwus2.afd.azureedge.net, account.msa.msidentity.com, clients.l.google.com, greenid-prod-pme.westus2.cloudapp.azure.com, fpt.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, logincdn.msauth.net, protection.office.trafficmanager.net, a1894.dscb.akamai.net, acctcdn.msaut
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 612341
Category:	downloaded
Size (bytes):	162243
Entropy (8bit):	7.998374720324254
Encrypted:	true
SSDEEP:	3072:iDtFDFBLO2HEdtsl9XeDZnxlGjNV9IoWfr65I/dKXW5/8yFAEMc:oXBS2HOSl9Xeh69IVu5IVKX/TEMc
MD5:	E1F5FE684FA7D6B8F6B799DCA8BE75F2
SHA1:	9AE45E697348FCD2E29545B58D8B62F166BB9782
SHA-256:	C51E9E2FEB0B82ECF225B4C0DA8AB51F79BAB68125BFD6B7E2783C9D8BD9CF55
SHA-512:	44CDDEC4C15A526768CB40F192758928F6269C807077A47252F2C2812C2F9FBEFA7AC3D6BBF2A101C581B37A81C9F1031A3B33AD9088A607B20BEE5F8ED21B73
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js
Preview:	...........mw.H.(......%.t..........a....''K.....$'.....K.Jr.g.}....[.VwuuuwUuU...X_...i:.Y)..l....J.lm>..d.R......<)...o..Y.fY2.'2.~..^>.{s...Vk.q..Y.,.......I.&E%2Q.<.~.p.. 2..Mx.Y`CU......(.,x...^......y.U.k..j..h.'F...H..r.,..."..sZ........d.[+AYEz!.UR.."...E^.xg..._.Rs.2.T..R..u.Z...:WE...'.,L...l1.YU.CZ]QeI\|}..~.O..yR...p;l..z9..6.dx].jQdkE7-_.Y.Y.$...n...&_N.....eR.....U!.1..'..`.Nl.8N......'9..PK.I.D..(u>...e...RL._.^.N.i)..we9.y..b.x.G.`".t.........P.D..u:.:H..Yg=f.e.}.s"..A...\|=..66...>]..$...dc#H...=J.`.y!..E....(.Bq.?Y(fqo0{.t.....3n.4N.f..hy=H.Na..........nlL!...W.<..i8......u..%.0:....%.STR-....~...lp.9.....5~x.66:%%./.i%...hh[3...r....P...$...]...8.M..N.1.j.".....h........bh..N!..+9.8.;a........V..-..B.`=h+4).3...0.......T%..Q{.E>Ia..b.{b...E:..z.a...Sk....s..TR^e#..~.f..F...../=n...Z'.....0.[.(.).b;0.n+v2MK.m..Z..`yS.....E..+U.j-r:.G.UK}q...E6N..4...........Z...........c;..q..j............). .kJ...dP^....J1B.#.T..BX

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 09:07:04.596616983 CEST	53	55079	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:04.621700048 CEST	53	65187	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:05.759882927 CEST	53	62845	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:06.582828045 CEST	56060	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:06.583134890 CEST	56307	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:06.735994101 CEST	53	56060	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:06.736498117 CEST	53	56307	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:06.818689108 CEST	55903	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:06.818840027 CEST	50844	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:11.238126040 CEST	49651	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:11.238529921 CEST	65425	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:11.329691887 CEST	64806	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:11.330353975 CEST	63716	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:11.483612061 CEST	53	64806	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:11.484802008 CEST	53	63716	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:15.899091005 CEST	53	61241	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:22.796221972 CEST	53	50383	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:30.064625978 CEST	58109	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:30.065546036 CEST	55087	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:31.758126974 CEST	54365	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:31.758342028 CEST	49412	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:31.912317038 CEST	53	54365	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:31.912777901 CEST	53	49412	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:32.394548893 CEST	17713	9829	192.168.2.6	192.168.2.1
Apr 24, 2024 09:07:34.007245064 CEST	52400	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:34.007658958 CEST	52233	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:35.424621105 CEST	53	62129	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:36.874056101 CEST	50578	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:36.875190973 CEST	51963	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:39.567853928 CEST	52579	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:39.568332911 CEST	55308	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:40.851902008 CEST	52164	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:40.852376938 CEST	51283	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:41.543020010 CEST	53	56297	1.1.1.1	192.168.2.6
Apr 24, 2024 09:07:43.795583010 CEST	52508	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:07:43.795747042 CEST	63344	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:08:03.966250896 CEST	53	54465	1.1.1.1	192.168.2.6
Apr 24, 2024 09:08:04.530587912 CEST	53	64315	1.1.1.1	192.168.2.6
Apr 24, 2024 09:08:06.761718988 CEST	60253	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:08:06.762021065 CEST	49395	53	192.168.2.6	1.1.1.1
Apr 24, 2024 09:08:06.915396929 CEST	53	60253	1.1.1.1	192.168.2.6
Apr 24, 2024 09:08:06.915807962 CEST	53	49395	1.1.1.1	192.168.2.6

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 09:07:06.068720102 CEST	192.168.2.6	1.1.1.1	c26d	(Port unreachable)	Destination Unreachable
Apr 24, 2024 09:07:30.277137041 CEST	192.168.2.6	1.1.1.1	c290	(Port unreachable)	Destination Unreachable
Apr 24, 2024 09:07:34.214440107 CEST	192.168.2.6	1.1.1.1	c28f	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 24, 2024 09:07:19.248728991 CEST	173.222.162.64	443	192.168.2.6	49698	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
Apr 24, 2024 09:07:19.248728991 CEST	173.222.162.64	443	192.168.2.6	49698	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		28a2c9bd18a11de089ef85a160da29e4

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:09 UTC	633	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:09 UTC	797	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:09 GMT Content-Type: application/x-javascript Content-Length: 49609 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Mon, 01 Apr 2024 18:07:19 GMT ETag: 0x8DC527692402A16 x-ms-request-id: 22272259-a01e-006c-7cc8-9353a5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070709Z-168bb8d798bglsxr1zkq8xbzks00000005dg0000000058bc x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:09 UTC	15587	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 4c c8 05 68 70 70 e7 97 06 ba 9b 19 20 0c 81 e9 99 05 96 c7 89 15 70 77 b0 b3 b6 c3 65 20 e7 6f 3f 75 91 6c d9 71 e8 9e 7d cf 73 be 9c b9 04 5b 2a c9 52 a9 aa 54 55 2a 49 eb 3f af fc 4f e5 e7 ca da 8f ff 53 19 9c f7 ce ce 2b fd 8f 95 f3 cf 87 67 fb 95 53 78 fb b3 72 d2 3f 3f dc 3b f8 f1 7a f0 a3 f8 ff f9 9d 1f 57 c6 fe 44 54 e0 ef d0 8d 85 57 09 83 4a 18 55 fc 60 14 46 d3 30 72 13 11 57 ee e1 37 f2 dd 49 65 1c 85 f7 95 e4 4e 54 a6 51 f8 55 8c 92 b8 32 f1 e3 04 0a 0d c5 24 7c ac 54 a1 ba c8 ab 9c ba 51 f2 5c 39 3c 35 eb 50 bf 80 da fc 5b 3f 80 d2 a3 70 fa 0c cf 77 49 25 08 13 7f 24 2a 6e e0 51 6d 13 78 09 62 51 99 05 9e 88 2a 8f 77 fe e8 ae 72 ec 8f a2 30 0e c7 49 25 12 23 e1 Data Ascii: [88+wOLhpp pwe o?ulq}s[RTUI?OS+gSxr??;zWDTWJU`F0rW7IeNTQU2$\|TQ\9<5P[?pwI%$nQmxbQwr0I%#
2024-04-24 07:07:09 UTC	16384	IN	Data Raw: e8 c1 13 9e 56 01 b0 7d 30 34 bf 32 a5 e6 0e cc 14 97 06 1d d7 63 5c 57 4b 0e 5c 14 1d bc 10 11 10 01 36 45 38 e6 b3 c8 e8 a4 7a ed 64 b2 f4 5b 15 79 40 6b 25 52 5f b2 2b 46 0d 4f 35 8c 85 d2 3f b4 8f 98 2f f2 1c a8 b9 69 35 e8 ea 01 40 4b e9 7d 72 0b 87 bb 69 d7 85 45 5a 8d a1 e5 e3 cd 07 e9 2d 71 55 d3 ac a3 60 a4 8c 65 8d 08 f1 74 7e 13 2f eb 31 cd 37 70 bb 69 5a 74 b2 49 03 0f 0d c7 b3 be 2c 97 31 9e 9d 14 99 a2 0d cf 0d c7 63 4f 66 8e 8f a7 b0 90 fe 4e c7 1b f3 71 fa 7c e4 bb 35 a2 6b e6 eb 63 26 7d 36 b9 51 fd b8 47 a7 24 e6 f8 9c 06 d2 82 8e 90 b1 f8 04 a8 ec 83 9e 76 d8 66 fe ee ba 89 3a ab 6b 72 29 ae e5 21 8a 13 cb 8d 6e e9 f4 ab 18 fa a9 6e 31 3c 0a 5d b9 30 0c 82 7c 84 f7 0a 32 f6 9d c5 63 a1 10 db 6e 35 77 f0 cb 68 75 75 65 d2 4d ea 82 ce 3e Data Ascii: V}042c\WK\6E8zd[y@k%R_+FO5?/i5@K}riEZ-qU`et~/17piZtI,1cOfNq\|5kc&}6QG$vf:kr)!nn1<]0\|2cn5whuueM>
2024-04-24 07:07:09 UTC	16384	IN	Data Raw: 3b 5a 35 d2 2d 24 be c1 ba 94 ea 78 c0 e0 b6 8a 79 cb 8c a3 13 bf 75 18 d5 0f fa 52 85 d6 65 ac 67 bd 66 c1 72 ac 33 6d ea 5c 99 d3 86 6e a9 fd 34 e0 24 b4 0d 56 b1 61 56 94 05 d2 f1 9b 06 fa d6 bf d6 69 91 4c 39 d2 41 ff 70 ed 5f 9e 7b 62 8a b5 a6 25 e9 d1 0b 70 ce e7 df 62 38 15 3b ca e4 ee 9c 4a 8c 8d 75 83 64 61 21 ff 41 e2 3a ef 4a a2 2b ea 0b fe 60 b6 06 9f 3f 78 f2 e2 a9 22 5c c8 13 05 82 07 0a 0f d2 58 35 2d 9b 5d 33 49 a6 75 88 1d 4a a8 5d d0 91 c9 92 d8 75 bd 2d 40 98 0c 2c 7d 37 df ea 30 eb 07 fc 9e f3 d1 b4 2e 22 b1 05 92 34 42 d5 f3 b9 c0 0e 0f b3 4e 52 83 ba 21 dc 0e 74 4c a7 cf d4 5f 67 54 b5 88 13 b0 09 91 a9 66 7d fa b8 2f 22 96 91 2f 2c e0 87 f1 3a eb e9 9d a1 6b f8 9c 22 33 ae 7e e3 d9 9c 29 b5 9c be 2d b1 31 ab fb 27 31 02 2a a1 52 e3 Data Ascii: ;Z5-$xyuRegfr3m\n4$VaViL9Ap_{b%pb8;Juda!A:J+`?x"\X5-]3IuJ]u-@,}70."4BNR!tL_gTf}/"/,:k"3~)-1'1*R
2024-04-24 07:07:09 UTC	1254	IN	Data Raw: 44 5c 72 89 1b 13 34 2d b6 c9 f8 ec c4 eb 35 dd 6e df d6 74 e5 f0 f6 d6 8d 7a 8e f2 ee 3d 00 ef 71 5f 1c 1c a0 cd c1 e1 45 84 d1 51 5e eb 62 40 3f 44 c2 52 95 a3 0e ce a3 87 e1 6b 77 23 43 14 f4 ae 3b 33 61 81 49 89 a4 07 65 bb 55 23 f7 84 ce 9d c3 ba 2b 4f 5c c9 30 a1 9c dc 39 31 69 78 33 5e a4 45 59 71 6c d7 24 9b 78 e0 3d 63 51 c7 83 a8 dc bf ef ac 56 d9 2c 5b 25 f9 f2 fc 32 9d 9f 27 e7 97 b3 cb d9 87 ab 8b 25 b5 25 5f a5 1f 52 87 9d ed f1 12 dc 80 e8 02 f9 6d c4 71 4d 22 f6 32 af fd 1d f6 dd 51 e0 fb f6 ac 38 2f 73 e3 98 d3 70 d2 51 ee 8e ec b9 0d 57 c3 b1 a3 34 bb c6 99 c5 f6 35 72 1d b3 60 c7 70 a6 4b da 73 f0 ae ac 27 60 60 ca 72 5e b5 41 8a 45 9a 34 a2 88 cf ac 95 f7 6f 3a 8a 53 f1 e5 d4 6d b6 e2 af c6 cb 49 ef 0e f4 71 01 b0 30 7f b0 50 c9 6b 21 Data Ascii: D\r4-5ntz=q_EQ^b@?DRkw#C;3aIeU#+O\091ix3^EYql$x=cQV,[%2'%%_RmqM"2Q8/spQW45r`pKs'``r^AE4o:SmIq0Pk!

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:09 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 07:07:09 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=258970 Date: Wed, 24 Apr 2024 07:07:09 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:10 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 07:07:10 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=258921 Date: Wed, 24 Apr 2024 07:07:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 07:07:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:11 UTC	658	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:12 UTC	802	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:12 GMT Content-Type: text/css Content-Length: 20314 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT ETag: 0x8DC07082FBB8D2B x-ms-request-id: 10dd6375-401e-001a-32b3-955ba9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070712Z-168bb8d798b94t6v8q1baus7z800000000gg0000000095h7 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:12 UTC	15582	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-24 07:07:12 UTC	4732	IN	Data Raw: 75 b1 d9 44 a4 ea 22 20 d6 45 09 41 36 3d ae 63 fa 4f 4b 7f 86 e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df Data Ascii: uD" EA6=cOKa}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:12 UTC	635	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:12 UTC	798	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:12 GMT Content-Type: application/x-javascript Content-Length: 121212 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Mar 2024 20:03:18 GMT ETag: 0x8DC4E98F25B224F x-ms-request-id: 43e4bd07-001e-004a-53fb-91389a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070712Z-168bb8d798b5k7zgx3sr8ma3ag00000001hg000000004yrg x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:12 UTC	15586	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd 6d 7b e3 38 8e 00 f8 fd 7e 85 a3 99 cb d8 1d c5 25 f9 dd 4a ab b3 ae bc 54 65 3b 89 33 71 aa bb 77 53 99 3c b2 44 3b ea c8 92 57 92 f3 32 8e f7 b7 1f 00 92 12 65 cb a9 aa d9 bd bb e7 9e eb 9d ad 58 24 48 82 20 08 82 20 08 7e f8 69 e7 ff a8 fc 54 d9 ff fe ff 2a a3 9b c1 f5 4d 65 78 5a b9 f9 7c 76 7d 5c b9 82 af ff a8 5c 0e 6f ce 8e 4e be bf 1e 6c 14 ff ff e6 c1 4f 2a 13 3f 60 15 f8 3b 76 12 e6 55 a2 b0 12 c5 15 3f 74 a3 78 1e c5 4e ca 92 ca 0c fe 8d 7d 27 a8 4c e2 68 56 49 1f 58 65 1e 47 7f 32 37 4d 2a 81 9f a4 50 68 cc 82 e8 b9 52 85 ea 62 af 72 e5 c4 e9 6b e5 ec aa 56 87 fa 19 d4 e6 4f fd 10 4a bb d1 fc 15 7e 3f a4 95 30 4a 7d 97 55 9c d0 a3 da 02 f8 08 13 56 59 84 1e 8b 2b cf 0f be fb 50 b9 f0 dd 38 4a a2 49 5a 89 99 Data Ascii: m{8~%JTe;3qwS<D;W2eX$H ~iTMexZ\|v}\\oNlO?`;vU?txN}'LhVIXeG27M*PhRbrkVOJ~?0J}UVY+P8JIZ
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: b0 ef 62 55 51 a0 e9 cb 27 9f 3d a3 6d 30 b0 96 7c 26 fd 96 25 94 cd 6e 7f 53 66 e2 3e 4f 84 75 40 c2 24 a5 97 0f f8 d6 24 84 7c 74 3a 5e e5 77 0c 50 d0 e0 48 a7 e4 a8 89 96 43 e0 35 59 9f 95 56 9b 2d 34 b0 bd 86 78 37 2c c4 37 73 77 22 75 f3 e1 5f 38 2f 74 af 05 16 86 5f 43 fe 3c 3d 39 b2 67 1c 9f bc bd 49 de aa 97 df 9b a9 fe 68 8d 30 ef 14 1b 60 52 e4 74 98 9b 75 8a ef 91 f0 a7 31 48 37 d3 fe f2 df 7f b9 60 a8 33 a1 2e 75 7f 3e 82 6f 1e 4f 8c 79 f6 52 04 b2 e2 af 08 43 ce 9c 3f 54 ca 0f 32 10 12 63 4c 89 fd 03 e6 67 01 0a f2 87 0f 44 95 f2 8d d3 22 98 48 5c 6b 9a 42 5e 70 61 84 28 5c 46 29 86 d1 a3 bd 16 05 99 a2 9f 57 bf 1f 5b 26 de 65 7f c0 58 1c f8 ec 2e 8f 58 26 6d 0a 32 b0 08 46 e5 c8 43 8b 90 d6 78 01 6b ee 20 f0 9d 84 82 72 cd c6 e8 57 cf 9f 5b Data Ascii: bUQ'=m0\|&%nSf>Ou@$$\|t:^wPHC5YV-4x7,7sw"u_8/t_C<=9gIh0`Rtu1H7`3.u>oOyRC?T2cLgD"H\kB^pa(\F)W[&eX.X&m2FCxk rW[
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: 31 80 37 9e 6f 95 62 00 67 7f 3b 0e f0 ad 2d 3e 8d 03 4c e7 25 87 ea 49 53 05 7d 91 d4 77 88 1c 5b f5 7b 53 3c f7 93 52 d4 97 70 ed 39 16 a9 0f f6 14 9e ad 6e f9 ab 6b cf b7 ce a1 08 89 38 c2 07 32 dd 4e a2 51 e0 a8 5f 6f 98 2b 47 5e 43 39 3c 36 3c 3e 00 d7 be 8c 05 0a 76 15 8f 21 70 9e 2a e1 3c 42 bc af 55 85 42 84 da 64 d2 d5 39 7a 3e df d8 20 df e7 12 c9 41 d5 10 64 fb e1 44 01 fd a8 86 aa 1e 57 90 19 62 73 47 65 d4 24 b5 91 9c 7e c8 5e 41 a1 84 24 bb 94 97 d7 01 23 26 9f 51 70 06 ff e4 57 80 e6 50 90 22 e9 15 56 47 25 ff c0 82 3b 40 7a 52 f2 44 2c ef 09 85 9d 40 3c 3c 43 d9 95 76 bf 03 08 0f 24 a1 c2 43 cc 8e 5f 7b dc 2a 20 38 f0 57 7b 5d 2f 26 76 45 97 04 b9 6d 28 10 45 41 67 52 3f 62 77 69 51 86 02 01 72 64 32 d7 64 5b 5f d4 74 32 50 b3 a0 41 b9 bd Data Ascii: 17obg;->L%IS}w[{S<Rp9nk82NQ_o+G^C9<6<>v!p<BUBd9z> AdDWbsGe$~^A$#&QpWP"VG%;@zRD,@<<Cv$C_{ 8W{]/&vEm(EAgR?bwiQrd2d[_t2PA
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: 64 f0 28 03 b4 9b e4 f7 00 90 14 f2 82 3d 01 00 46 7d 9c b9 cf 35 2a 47 52 fc 3e 8d 46 71 7e bf c3 da ab b0 8f d1 e8 2e ba cf 1c 34 d6 c4 43 09 38 08 73 c8 77 c2 07 ad 32 15 b4 fd 5e 9a 22 35 0a bf f8 c8 c0 0f 46 07 83 36 d9 35 52 80 79 5a 78 ba 59 27 74 b3 e2 7e c5 1c 91 e4 bf 83 28 94 86 98 a3 be 72 87 73 d3 0f 73 fe b5 47 47 8c 7e 0e 7b 6c e3 f9 63 8f 81 d6 71 73 9f 15 4a 1d e9 1d d7 e1 72 99 57 cd c2 33 88 2f ef 5e c6 b2 8c 81 2c 3b 22 62 20 ee 9b bc 7f 13 b4 ca 31 28 43 d2 61 8f 11 21 e4 6d b8 72 30 6a 70 5e 31 e0 96 9a 85 f2 de 03 73 54 33 d4 f3 93 53 51 53 93 a0 ad 34 98 91 c5 e6 56 75 84 a9 60 69 ad 4d c6 d6 eb f8 db a3 d6 4e cc d9 10 4f 92 07 ee df 79 fe 5d f3 77 fe 90 72 90 bb f0 e1 77 1b 88 8b e6 69 f8 20 ed df ce ce 31 bc 78 d6 0f db 73 3f 53 Data Ascii: d(=F}5*GR>Fq~.4C8sw2^"5F65RyZxY't~(rssGG~{lcqsJrW3/^,;"b 1(Ca!mr0jp^1sT3SQS4Vu`iMNOy]wrwi 1xs?S
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: 57 ee db 91 a4 65 5b fb 6e 83 b4 3b 96 d2 db 35 84 0e 7c 7d 7f 2e ec 22 48 f2 75 1f d6 18 85 c9 a1 b2 1f 7f a3 8a 39 6c 2d 74 7a 4e 14 50 e5 31 6a 69 9a 2d 97 43 d5 70 c6 6c 11 21 17 76 e4 96 7a ff 42 e3 58 37 18 24 e6 cf 14 ba 51 1b ef 5d c3 1a 65 90 14 40 cd 2a 32 6f a4 54 88 c0 49 10 06 eb 03 46 9c 4e 5e 96 92 86 37 3e 0d cf dc c1 da 5a 28 89 fc 60 1a 28 48 88 cd ce e8 5e 06 98 c5 5c 19 5d 03 12 69 44 6f 7f 9f f7 71 28 41 c6 e1 c3 95 38 6c b9 ce d5 75 aa 00 2b 68 a1 6c 60 d1 a0 52 e6 e5 17 c9 1a 92 16 89 ab c6 e8 71 1b 86 d9 b1 22 fe 30 10 14 7b d4 5f 13 a1 9c ab 9f e1 17 e2 25 68 4f 4c 4c b4 0f 9d c7 ba cf de 75 70 f1 7c f2 f0 b0 e1 d1 a7 d6 2e d6 36 06 ba 87 d9 cb 60 c2 66 0f dc 88 82 c2 9b 89 50 0b 20 61 80 73 4c 1d 12 a9 d7 ae c1 07 ce 9d 75 2f 7b Data Ascii: We[n;5\|}."Hu9l-tzNP1ji-Cpl!vzBX7$Q]e@*2oTIFN^7>Z(`(H^\]iDoq(A8lu+hl`Rq"0{_%hOLLup\|.6`fP asLu/{
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: 51 e8 d8 49 1a c5 7e e0 d9 16 67 96 07 dd 24 06 a6 67 2e 3a 13 22 4e b9 73 c3 7d 82 d5 6e 0c ea d9 91 1f 4a 28 29 42 84 10 bd 29 34 59 91 49 cb 71 33 c8 8f cc 8f f8 6e 3a 4b 3c 1b aa 5e ec 0a 88 73 a8 c7 2e 70 1b 4c 50 30 61 b9 01 0b 63 77 37 eb 64 34 23 cb 0f 33 61 45 71 04 25 c5 b1 53 c9 5c 11 3b 99 6b 5b 8e c3 3d 58 06 bb e9 2c b1 21 16 dc 14 aa 44 c8 05 38 b8 25 18 83 25 e0 07 a4 b2 40 4f be d9 36 cb 6a 37 46 33 8a 63 d8 a3 2e 4c 98 48 78 31 73 1d c1 63 c9 a5 6b 65 41 40 42 72 37 f4 e4 25 16 68 34 62 69 e6 63 4d 2c 1f 82 c9 e1 2c f6 3c d2 9e 03 08 f6 dd 4c 9d d1 8c 52 1f e4 93 49 2f b2 c0 c6 dd d0 b2 bd c8 66 98 4d b0 58 61 59 ce 4e 38 b9 e3 27 8e 23 20 f3 32 32 0b 6d 2b 86 24 77 98 b0 3d 3b 82 7c 8f bc 30 0e 77 d2 8d d1 8c 62 e1 87 91 6d 05 ae 13 79 Data Ascii: QI~g$g.:"Ns}nJ()B)4YIq3n:K<^s.pLP0acw7d4#3aEq%S\;k[=X,!D8%%@O6j7F3c.LHx1sckeA@Br7%h4bicM,,<LRI/fMXaYN8'# 22m+$w=;\|0wbmy
2024-04-24 07:07:12 UTC	16384	IN	Data Raw: fa 8d 62 92 ff 9a 3b 5e 4f df 33 30 3a ba 6c ef 2b 3a 09 a6 ef 19 71 32 ea e5 2b 63 f2 57 d2 2a 7f b7 60 96 9b 2d 2a c8 61 5b 2e 04 2d e7 db e7 41 5b 04 47 33 d3 7e 65 e5 34 a3 a2 f1 6d 39 81 97 d9 3d 37 d1 47 77 c7 cf ae ac a3 7e b9 fe 73 95 9a 79 cd 32 ea 2c f1 d5 f7 5f 84 2c df 2e 8a b3 a3 b2 78 fc 41 f2 f3 c5 8a 57 68 fd f3 97 db d1 19 9b 37 35 a3 bf 7e 25 fe ff 55 a8 db 34 7e 33 ba 36 60 7f 6d 8a fe a6 f0 b3 59 b6 ba f3 64 63 5b d5 f7 3f 22 46 1c 9d 49 29 d2 f3 d3 b3 9d 8b f3 16 e6 94 a6 9b 6f 50 9e ff e1 f1 6e 87 12 f2 3f 5e ab 2d 0e d9 fc 01 6c d8 df 20 f2 e7 9b 30 53 5e e6 53 59 5e 47 da 2d a8 c2 37 e6 26 ff ed dc 97 3b 54 32 4b 9a fa 6a 5d ab 55 6e 9f 44 a2 bc 68 8d 32 0f e9 00 50 ef 6f 3d eb 4b 1c e9 3a 79 71 fe 9a b6 39 21 77 9d e0 b2 46 7e 54 Data Ascii: b;^O30:l+:q2+cW`-a[.-A[G3~e4m9=7Gw~sy2,_,.xAWh75~%U4~36`mYdc[?"FI)oPn?^-l 0S^SY^G-7&;T2Kj]UnDh2Po=K:yq9!wF~T
2024-04-24 07:07:12 UTC	7322	IN	Data Raw: 1f 07 4f 53 d4 c5 c3 63 98 d0 fe fd 26 b7 b8 5e e2 81 fb 3e 31 42 65 52 c6 b5 42 41 83 fd 4b 62 cc fd 28 d8 9f 11 23 a5 e4 6b ff 86 18 3e a7 51 fb 1f a1 7e 99 70 ed bf 03 f0 97 a9 d6 fe 29 d4 bf a6 3b f1 d0 9d cf d1 74 b5 1f 1b 21 13 9e f2 27 d9 dd 53 1c fb 65 27 ea f6 30 8e 31 9f 72 87 4d 36 ee 76 7b c0 00 e3 4e 16 1b 6e dc bd cb 57 3c 93 27 8f f3 04 ec d9 f9 0d 56 87 a0 f0 0c fb 60 81 44 01 57 00 16 8c 4c 2b 4f 31 d3 d5 57 3e ba fd 1d d3 40 89 80 66 59 20 bd f7 fc 2b 30 6a a4 3d fc e9 8b fc c7 ed 2d e9 71 60 bd 02 66 7d bd f8 91 dc dc 15 23 73 63 ee 41 c1 47 45 07 85 e3 a2 c1 6f bb e9 e7 28 f3 2f 3b fc 67 0f 6f f0 75 bf fa 6e 4a 5a 1f 7b 07 b0 0c 5c b8 dc 8f a9 90 82 e4 16 49 90 97 7c e1 15 60 83 bf 49 e2 e7 f3 c4 ff 88 31 b4 f1 59 e7 97 de e1 bb d9 e9 Data Ascii: OSc&^>1BeRBAKb(#k>Q~p);t!'Se'01rM6v{NnW<'V`DWL+O1W>@fY +0j=-q`f}#scAGEo(/;gounJZ{\I\|`I1Y

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:12 UTC	654	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:12 UTC	818	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:12 GMT Content-Type: application/x-javascript Content-Length: 15799 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 02:23:53 GMT ETag: 0x8DC4ECE1D0444D4 x-ms-request-id: ada44ced-901e-0023-117e-9309ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070712Z-168bb8d798bdckn765t6bhwrfn00000002a000000000743q x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:12 UTC	15566	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
2024-04-24 07:07:12 UTC	233	IN	Data Raw: 74 6b 2e b7 1d e8 57 07 1b 0a ae c4 62 0a fb 14 83 a4 1d 47 7a 4c d9 50 88 3d 11 31 a3 82 91 44 92 9b ac 27 fa 55 71 d0 e8 52 b2 83 36 27 fc b6 dc 23 94 e3 1e 80 37 6e 69 ad 92 7b 01 76 8e 29 d0 a4 f3 81 4e a5 61 fe e9 d7 44 09 47 be c4 aa 78 02 e5 da 24 f0 cf 03 17 6f 15 81 0e 9b 57 59 59 50 76 65 74 81 91 0e 08 e2 ca 8f 9f d0 09 e6 cc 63 f5 01 0c 1d b1 ff ac b6 da 7e a0 7c 70 78 3f 7a 67 ef 29 ac ad fb a8 08 00 af bb ab 0b 46 ef 41 74 8a 4c fb 39 f7 de 8d 28 4c 4b db fa 95 7d d4 f5 b7 b4 b4 70 4f 6e 04 ef ef ec d2 6a c8 b3 29 ad 7d 6c 5b d9 81 ae 31 dc 64 9c fb e5 ea ce 71 1a 0d 53 9d 56 9f d3 e9 b7 17 a3 2e 37 aa 7e fa f4 f3 9e c3 b9 43 4b 93 49 e3 0f e5 d7 ff 0f de d8 74 96 1f d7 00 00 Data Ascii: tk.WbGzLP=1D'UqR6'#7ni{v)NaDGx$oWYYPvetc~\|px?zg)FAtL9(LK}pOnj)}l[1dqSV.7~CKIt

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:14 UTC	618	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:14 UTC	797	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:14 GMT Content-Type: application/x-javascript Content-Length: 54325 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Feb 2024 19:13:15 GMT ETag: 0x8DC2E5A2998EB1D x-ms-request-id: 2098fa3f-401e-004e-3662-939492000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070714Z-168bb8d798br6ffjy1urgskzmg00000007ug00000000xvp1 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:14 UTC	15587	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 85 67 46 06 4c 90 22 a9 8b 65 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc c9 03 81 a0 84 98 02 b8 b8 d8 d6 88 dc df 7e aa aa ef 40 83 92 af c9 66 3c bb b1 88 46 a3 2f d5 dd d5 75 af bd fb 3b ff d1 b9 df e9 dd fd 7f 9d 97 af 1e bd 78 d5 79 f6 43 e7 d5 ff 79 fa e2 bb ce 73 78 fa af ce cf cf 5e 3d 7d f2 fd dd db c1 4e f1 bf 57 97 49 d1 59 24 cb b8 03 7f cf c3 22 9e 77 b2 b4 93 e5 9d 24 8d b2 7c 95 e5 61 19 17 9d 2b f8 37 4f c2 65 67 91 67 57 9d f2 32 ee ac f2 ec b7 38 2a 8b ce 32 29 4a f8 e8 3c 5e 66 ef 3a 2e 34 97 cf 3b cf c3 bc bc ee 3c 7d ee f5 a1 fd 18 5a 4b 2e 92 14 be 8e b2 d5 35 fc be 2c 3b 69 56 26 51 dc 09 d3 39 b5 b6 84 87 b4 88 3b 55 3a 8f f3 ce bb cb 24 ba ec fc 94 44 79 56 64 Data Ascii: k{F0}gFL"eRvyOg~@f<F/u;xyCysx^=}NWIY$"w$\|a+7OeggW28*2)J<^f:.4;<}ZK.5,;iV&Q9;U:$DyVd
2024-04-24 07:07:14 UTC	16384	IN	Data Raw: af 2c 68 22 6c ec af 0f f1 58 23 9c 57 4f 85 29 04 a2 a6 af 99 30 b3 14 9a 61 1d 83 94 a6 41 a5 e1 ba 40 8e 69 4d 84 c0 0c 7a ee 60 3d 99 b6 58 4f 32 bb c9 b1 51 33 f7 d0 cc 59 d4 64 3d a8 ea f4 ac 64 83 78 6e c2 77 d6 2c 2b 64 ba 9c e8 88 be 66 c5 8c df 66 99 b1 37 5b 0c 65 ed c6 b0 84 1d b8 27 9d b1 78 9f d1 85 0e f7 b3 61 34 de 22 6c a6 2f 35 ab 02 8b c7 89 b8 f8 6d be 19 44 1a 30 db e7 98 94 60 dc 01 03 75 61 53 a0 c6 87 a8 0e 1b 7a e3 5c 73 c0 60 ee 51 be 50 27 6e f4 b1 3e be 6e 52 fc db 7d 60 b6 9b e9 5b 3d 60 f2 fa ac ed ce 08 79 ab 13 40 ae a4 cc 80 81 49 2c 6b 50 9f d5 16 d2 7d b4 9d 74 bf 2b 55 8b fe 30 c4 64 10 31 bb 9d c9 e0 96 d3 e6 5e 6f 10 6f 75 1b 48 73 4a c9 96 29 ed 37 a6 64 1c 6a 49 ac e4 0d 41 ab af c5 fa 1e 4e 52 0c de 9d f6 7a ba 5f Data Ascii: ,h"lX#WO)0aA@iMz`=XO2Q3Yd=dxnw,+dff7[e'xa4"l/5mD0`uaSz\s`QP'n>nR}`[=`y@I,kP}t+U0d1^oouHsJ)7djIANRz_
2024-04-24 07:07:14 UTC	16384	IN	Data Raw: 0e 6a ee 80 44 c4 66 f1 6a 1b d6 a5 51 f4 e0 d1 11 ad 3c 3a ae a2 1c fd f7 9b 24 c3 f6 61 2e 2f 03 95 db 1a db 11 47 1c 6c 89 73 db 4d aa 52 da b0 57 db 32 bf 29 5f 14 77 2f 6b 5d 29 40 84 dd b9 1c e4 35 e5 58 be 7e cb 47 b9 bb 2a af 2e 8c 24 e3 da 82 16 69 69 c9 e0 a5 e4 f7 2e 25 75 e6 0a b6 d4 ed 8d c5 7c aa 50 dc 9c bf f5 32 fa f9 9a a1 fb 5b 8c 97 74 e1 59 21 ca 81 0c 11 73 4a 13 f3 55 f6 45 f9 3a bc a4 72 e9 69 3b 21 8d ae e3 f7 5e 42 e7 ce 71 21 e7 6f 59 7c ee e8 9b 5f a1 85 a7 01 59 7a 29 5e da 20 4b 2f c5 13 5d da b4 de 7b e9 8b e3 e6 74 04 65 da 5b 0f ca e4 1a c9 19 bf b1 7f 1f 64 ff df c5 f6 ba 6e 26 a0 b8 dd de 5a 6b db e4 cb ad 6d bf c0 ce 96 da d2 60 6a ab 5a e3 58 dc 52 e6 5f 6e 74 eb f6 74 f9 a7 8d fa af 6c a3 8e ae 2b bf a6 8d 7a b4 de 46 Data Ascii: jDfjQ<:$a./GlsMRW2)_w/k])@5X~G*.$ii.%u\|P2[tY!sJUE:ri;!^Bq!oY\|_Yz)^ K/]{te[dn&Zkm`jZXR_nttl+zF
2024-04-24 07:07:14 UTC	5970	IN	Data Raw: de 98 b0 b0 3e 49 0e 7e 63 40 3c 29 b8 d4 80 14 aa 30 32 c0 a4 8e 42 d4 35 3d 5f 18 b8 a3 11 36 4f 9a 57 c3 d9 74 ef a4 b8 f7 97 0d 0d bb 85 3e 8b 58 ca db be e7 c3 1b 78 bd b3 c3 96 68 64 69 85 5f 70 17 50 83 d8 fd 33 ab 3f bf a4 b3 1d 87 c9 32 e6 91 0b 6c 50 5a 4a f6 5c 2d 1d b3 22 79 95 55 3b 8d 66 e7 4b 13 fe f9 05 af ed 06 6b ab 90 17 34 34 0c 28 2d 2a bd f3 be c0 75 de d3 f6 02 7a 2f e0 69 a9 24 cb 5c ef 0f ef 5e 3c cd 2e 67 59 4a b6 fe 6a 52 34 68 93 b4 86 af 7e e1 84 3e d1 43 fe ac 88 cb 70 5e 4e 3a fd c3 de 59 54 c4 07 f7 85 be 29 16 8b 95 25 ab 59 35 e6 6f a8 db f0 2e 3e 7f fe 69 46 a2 81 57 38 17 aa 49 22 ed a7 b4 13 d1 92 8d eb 69 f9 16 09 1b 5c 25 e9 38 bb da 86 23 f6 4c d9 de 66 66 42 57 34 c8 1b fc 24 86 6d 5f d0 4a a9 01 18 3a 11 3d 65 48 Data Ascii: >I~c@<)02B5=_6OWt>Xxhdi_pP3?2lPZJ\-"yU;fKk44(-*uz/i$\^<.gYJjR4h~>Cp^N:YT)%Y5o.>iFW8I"i\%8#LffBW4$m_J:=eH

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:14 UTC	649	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:15 UTC	744	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:15 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: eeaebd13-a01e-007c-430e-96e387000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070715Z-168bb8d798bb9jsgq25rvu9gk800000000eg000000007u1h x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:15 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-24 07:07:15 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:16 UTC	662	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:16 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:16 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: bb27248d-401e-0026-49fa-938ea1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070716Z-168bb8d798b94t6v8q1baus7z800000000dg000000008web x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:16 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:16 UTC	663	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:16 UTC	779	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:16 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: 0ee7be6a-c01e-002e-4864-93d6b0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070716Z-168bb8d798bwftzb2az14uh0u0000000059000000000rgtv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:16 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:16 UTC	663	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:16 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:16 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: 4c04cd43-501e-006b-1603-9282ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070716Z-168bb8d798b8tmp8e5xfx6y0r400000007tg00000000snwa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:16 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:16 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:17 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:17 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: bb27248d-401e-0026-49fa-938ea1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070717Z-168bb8d798bxw8g2q846ctnvy0000000059000000000t63s x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:17 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:26 UTC	620	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3c78f555810791db83a9.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:27 UTC	811	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:27 GMT Content-Type: application/x-javascript Content-Length: 1664 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 15 Feb 2024 19:13:16 GMT ETag: 0x8DC2E5A2A09A4B0 x-ms-request-id: 1f37a9b8-201e-0064-6fdd-950bb4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070727Z-168bb8d798bd55d833k1uh49dc000000056g000000012zme x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:27 UTC	1664	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 57 ed 73 da 36 18 ff de bf 42 f1 3e 00 8d 6d de 42 02 b4 ec ae 4d d2 25 5d d3 70 81 75 b7 0b 39 4e d8 02 2b b1 25 9f 24 43 58 c2 ff be 47 c2 06 4c 48 97 b6 b7 bb ed 96 bb 60 90 9e 97 df f3 f2 7b 24 97 5f ef bd 42 af 91 f3 f2 3f d4 eb bf bb ea a3 cb 0f a8 7f 76 7e 75 82 ba f0 eb 0f f4 f9 b2 7f 7e 7c fa 72 3b da a9 fe ef 07 54 a2 31 0d 09 82 e7 08 4b e2 23 ce 10 17 88 32 8f 8b 98 0b ac 88 44 11 7c 0a 8a 43 34 16 3c 42 2a 20 28 16 fc 96 78 4a a2 90 4a 05 4a 23 12 f2 19 2a 82 39 e1 a3 2e 16 6a 8e ce bb 25 17 ec 13 b0 46 27 94 81 b6 c7 e3 39 7c 0f 14 62 5c 51 8f 20 cc 7c 63 2d 84 1f 4c 12 94 30 9f 08 34 0b a8 17 a0 0b ea 09 2e f9 58 21 41 3c 42 a7 e0 44 26 b0 9e 77 61 23 2c 08 92 44 a1 31 17 2a 58 e2 70 51 4f 4b a6 56 a5 71 b3 Data Ascii: Ws6B>mBM%]pu9N+%$CXGLH`{$_B?v~u~\|r;T1K#2D\|C4<B* (xJJJ#9.j%F'9\|b\Q \|c-L04.X!A<BD&wa#,D1XpQOKVq

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:26 UTC	668	OUT	GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:27 UTC	740	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:27 GMT Content-Type: image/gif Content-Length: 2672 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:47 GMT ETag: 0x8DB5C3F48EC4154 x-ms-request-id: e6184bfb-801e-002a-7afc-957ab8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070727Z-168bb8d798b65l7kpwt4cck5w8000000017g0000000088c1 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:27 UTC	2672	IN	Data Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21 Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL&!,0<[\K8jtrg!,3^;\UK]\%Vc!,7`lo[a*Rw~i!

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:27 UTC	667	OUT	GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:28 UTC	799	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:28 GMT Content-Type: image/svg+xml Content-Length: 628 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4963155C x-ms-request-id: 0628ed46-101e-002b-3eeb-9551ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070728Z-168bb8d798b4bst68753kwrwcg00000001qg000000002uks x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:28 UTC	628	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 94 4d 6f db 30 0c 86 ff 8a e1 5d 25 46 d4 97 a5 36 09 90 9d 72 58 af 3b f4 e6 26 69 1d c0 5d 8b 26 48 5a 0c fd ef 23 25 ba cb d6 42 f1 e3 98 34 c5 57 24 93 f9 e1 f4 d0 bc 3e 8e bf 0e 8b 76 38 1e 9f af 66 b3 f3 f9 0c 67 07 4f 2f 0f 33 6b 8c 99 d1 1b 6d 73 de 6f 8f c3 a2 f5 a9 6d 86 dd fe 61 38 d6 ef a7 fd ee fc fd e9 75 d1 9a c6 34 3e d1 a7 5d ce b7 bb fb c3 72 7e 38 be 8d bb 25 f4 bf ef f7 e3 78 f5 6d 17 79 5d bf c3 9d 18 bc e1 75 fd 3e 9f d5 37 e7 b3 1a b7 d9 bf 6c c6 5d b3 19 fb 03 69 ea db 66 43 db 5b 4f f7 b7 7a 7f 29 b7 d9 72 fe dc 1f 87 e9 bd bb b6 d9 2e da 1b 67 21 28 f4 2b 04 9f ad aa 34 b4 50 39 af 30 40 f8 e9 12 84 e2 f6 aa 52 dc 1c e8 cd a0 b1 fb c2 8b 5e 71 dc 49 5b f7 95 37 94 a4 83 87 d4 b9 51 3b 1d 07 0b 36 Data Ascii: mMo0]%F6rX;&i]&HZ#%B4W$>v8fgO/3kmsoma8u4>]r~8%xmy]u>7l]ifC[Oz)r.g!(+4P90@R^qI[7Q;6

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:28 UTC	422	OUT	GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:29 UTC	785	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:29 GMT Content-Type: image/svg+xml Content-Length: 628 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4963155C x-ms-request-id: 73413e7b-c01e-002e-5a16-96d6b0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070728Z-168bb8d798b5v6l944pfnrufyw00000000w00000000176qu x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 07:07:29 UTC	628	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 94 4d 6f db 30 0c 86 ff 8a e1 5d 25 46 d4 97 a5 36 09 90 9d 72 58 af 3b f4 e6 26 69 1d c0 5d 8b 26 48 5a 0c fd ef 23 25 ba cb d6 42 f1 e3 98 34 c5 57 24 93 f9 e1 f4 d0 bc 3e 8e bf 0e 8b 76 38 1e 9f af 66 b3 f3 f9 0c 67 07 4f 2f 0f 33 6b 8c 99 d1 1b 6d 73 de 6f 8f c3 a2 f5 a9 6d 86 dd fe 61 38 d6 ef a7 fd ee fc fd e9 75 d1 9a c6 34 3e d1 a7 5d ce b7 bb fb c3 72 7e 38 be 8d bb 25 f4 bf ef f7 e3 78 f5 6d 17 79 5d bf c3 9d 18 bc e1 75 fd 3e 9f d5 37 e7 b3 1a b7 d9 bf 6c c6 5d b3 19 fb 03 69 ea db 66 43 db 5b 4f f7 b7 7a 7f 29 b7 d9 72 fe dc 1f 87 e9 bd bb b6 d9 2e da 1b 67 21 28 f4 2b 04 9f ad aa 34 b4 50 39 af 30 40 f8 e9 12 84 e2 f6 aa 52 dc 1c e8 cd a0 b1 fb c2 8b 5e 71 dc 49 5b f7 95 37 94 a4 83 87 d4 b9 51 3b 1d 07 0b 36 Data Ascii: mMo0]%F6rX;&i]&HZ#%B4W$>v8fgO/3kmsoma8u4>]r~8%xmy]u>7l]ifC[Oz)r.g!(+4P90@R^qI[7Q;6

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:32 UTC	617	OUT	GET /shared/5/js/reset-password-signinname_en_G9nzWSnqBfHRIaMd4FEm5g2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:32 UTC	813	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:32 GMT Content-Type: application/x-javascript Content-Length: 162243 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 18 Apr 2024 00:21:46 GMT ETag: 0x8DC5F3D8838D362 x-ms-request-id: e022a182-101e-006f-4a15-962ea3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070732Z-168bb8d798bbqgrcawqpfu2sb8000000058g000000014whk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:32 UTC	15571	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6d 77 d3 48 b3 28 fa fd fe 8a c4 97 95 25 ed 74 8c 9d f0 2a a3 f1 01 92 0c cc 00 61 08 cc 0c 93 27 27 4b b1 db 89 c0 96 8c 24 27 84 c4 ff fd d6 4b bf 4a 72 80 67 9f 7d ce be 87 b5 88 5b ad 56 77 75 75 75 77 55 75 55 f5 dd ff 58 5f db cf 8b b5 69 3a 92 59 29 d7 d2 6c 92 17 b3 a4 4a f3 6c 6d 3e 95 09 64 95 52 ae 15 b2 94 d5 d6 3c 29 cb cb bc 18 6f 95 e9 59 96 66 59 32 93 27 32 eb 7e 2a bb af 5e 3e df 7b 73 b8 d7 ad be 56 6b ff 71 f7 ff 59 9f 2c b2 11 d6 11 84 d7 17 49 b1 26 45 25 32 51 88 3c be 7e fc 70 bb f7 20 32 ef e9 4d 78 dd 59 60 43 55 91 8e aa ce 00 bf 28 e2 2c 78 bc f3 e8 5e 88 df 8c ce d3 e9 f8 79 9e 55 f2 6b f5 fe 6a 2e cb 68 bd 27 46 f6 b9 f6 48 af c7 72 92 2c a6 d5 db 22 9f f3 73 5a ce a7 c9 d5 1b 80 19 1f cf Data Ascii: mwH(%ta''K$'KJrg}[VwuuuwUuUX_i:Y)lJlm>dR<)oYfY2'2~^>{sVkqY,I&E%2Q<~p 2MxY`CU(,x^yUkj.h'FHr,"sZ
2024-04-24 07:07:32 UTC	16384	IN	Data Raw: 47 25 0d 24 1f 72 fb d0 18 3c 40 25 4f a7 98 0b df bf c5 68 4f 1d b1 dd 8b 30 08 57 c9 90 6c 3f b4 48 db d9 26 74 ed ec 60 d9 33 b4 bd 17 3b f7 38 cd 68 d8 b9 8f 2d 02 33 b6 03 ed bd c8 67 f8 cd 43 0f b3 3b 8f 1c cc ee 3c f6 d1 7a af e7 21 f5 1e d4 f6 32 2b 25 da 5a dc 7b 60 f1 db c7 3e ee f7 31 01 90 ec 6f 63 02 c0 d8 df c1 04 7c b3 7f 0f 13 f0 c1 fe 7d 4c 00 00 fb 0f 30 01 4d ef 3f c4 04 34 bb ff 08 51 05 ed ed 3f c6 44 1f 2b ec 61 8a aa c6 ba b7 b1 ee 3e 56 7e 0f 2a 7f b3 98 31 3e fa 08 95 3b 54 db db f0 1a 55 84 30 2c 89 37 13 80 ba eb 5a 1c 22 79 4d ff 79 7e 44 cf e8 c9 82 bf c4 f1 79 03 ed dd f5 a2 96 09 7b 48 69 95 38 1c 61 55 c6 34 bb c2 a1 1a f5 a8 ed 38 51 d6 8e d4 b5 3e d7 ea f6 b9 ca 54 01 87 1f 1d d3 1d f2 0e 5c 51 07 3a ab 5d 28 ff 7d 7d 60 Data Ascii: G%$r<@%OhO0Wl?H&t`3;8h-3gC;<z!2+%Z{`>1oc\|}L0M?4Q?D+a>V~*1>;TU0,7Z"yMy~Dy{Hi8aU48Q>T\Q:](}}`
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: 9c 09 94 6a 5d ba 5e 70 13 11 cd 3b b2 8f ac f2 9e 30 b8 28 62 e3 4d ae ea b5 c5 64 19 ac bc 9d e3 48 39 7a 58 77 cd 9f 66 de 95 6a a7 56 94 83 d5 35 6c c6 73 73 bb 9a 3f 35 5a fd 21 bf 3a 9d ea c7 3c 6f 59 a9 18 01 d0 90 27 08 e0 da 50 61 e5 5d ea 6d 3d 63 e6 fa 56 56 ac 29 64 a3 c2 b9 9a 35 7e 5c 9a b1 74 a5 d1 fb 87 70 6d 63 a4 d7 fa 20 59 d9 c3 b6 45 0a 1b 75 30 6e 2d 4d 40 25 a1 be fc c0 0b 77 45 42 25 6f 54 9a 28 e9 d8 e8 8c 6c 91 a2 03 0c 4e da 63 67 55 bf 92 ea 58 ce 04 46 83 13 8a 8a 04 7b 46 7f 25 52 d7 bd 4e 07 21 25 4f 53 5c a5 48 d7 66 59 d5 8c 63 a8 66 24 fb 7b 32 2f 29 28 95 10 57 75 bc 7b 46 45 eb ff 0d 36 1b b6 4a d3 d9 13 b9 d1 61 3f 53 4f 0e df b6 a5 05 19 cb 9f 37 69 50 47 a2 ad 75 b3 a9 e1 2a d3 5a d0 f3 a9 e7 7a 2f 1a e2 ed 8e f2 27 Data Ascii: j]^p;0(bMdH9zXwfjV5lss?5Z!:<oY'Pa]m=cVV)d5~\tpmc YEu0n-M@%wEB%oT(lNcgUXF{F%RN!%OS\HfYcf${2/)(Wu{FE6Ja?SO7iPGu*Zz/'
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: 11 56 0c c1 28 72 5d a6 61 44 10 3e d0 3b 7b 9c 0b 23 7b cf a8 49 a9 16 5b 71 0a 88 ab 50 60 d6 ab 88 85 29 71 2b 33 ee f7 8c 71 83 7c 55 89 0f e6 7c 04 57 3e 06 19 71 12 30 27 5d 09 63 ad 0f 9e c1 47 d6 4d 7a 28 21 fc 6b 1c 62 cd 5d 44 82 0e 50 02 79 79 20 4b c0 d4 bb 49 dd 67 03 8a 33 e9 89 18 94 1e ff 23 7e f1 67 fd cd 55 21 27 bc ba 38 0f 3c 19 0b eb 38 61 9b 4d 8e 6d 36 39 b2 79 86 f8 25 a7 00 8d 09 fe dc 42 6d 01 fc dd 41 6d 01 fc 7d 86 da 47 72 5a 61 e7 42 b9 7a 27 9c 09 af f1 f9 2e ca f8 f0 77 0f 05 fc dc dd dd f2 50 c4 67 c7 70 8d 05 72 ce f0 2f 7c ea 08 ff 42 df 1f f0 2f 7c eb 9b 50 ba be c2 df f0 ad 03 fc 0b df fa 84 7d f7 e0 c5 af 40 07 78 74 ba c3 f6 83 03 54 dd 1e 7f fa f8 f9 d5 a7 0f 1f d9 21 fc fe 78 f0 f3 c1 ab 4f 87 1f de 9f 1d fc 76 f0 Data Ascii: V(r]aD>;{#{I[qP`)q+3q\|U\|W>q0']cGMz(!kb]DPyy KIg3#~gU!'8<8aMm69y%BmAm}GrZaBz'.wPgpr/\|B/\|P}@xtT!xOv
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: ef 3a fb ed b5 f8 2f 8f 6f b6 7a 2c d0 15 2d b4 da 22 d0 15 75 77 58 dd dd 0d 11 d1 e6 8d f1 4a da bc 6c 47 74 b6 29 32 b6 f8 b3 62 93 27 b4 45 42 53 ec 86 46 36 fe 67 2a c6 81 c5 2e 96 fa 39 c2 ca 05 94 41 2b 7e a0 a8 cf 3d 50 4b d0 2e 50 d1 cf cf 6a 2a e0 75 98 82 83 b4 d6 b4 7f 4b cd 4d 72 ca d9 f7 ab 2d a7 d3 e0 c1 a6 e3 5b aa 8c d2 a7 54 3c bf 6f 99 b0 62 70 de ad d5 d5 dd f4 51 bb bd 65 bd cc 0c 33 b1 79 7b dc ba bb 83 c0 6e 6a 3d 6e a3 42 08 4a 1c 65 d2 3e 0a 22 dc aa d5 60 75 61 f9 d5 d5 15 c8 ff a8 b3 71 77 b7 9b 3e 6e 36 5a f4 db 5d a7 46 7a 5d fa 5a 6f d0 d7 e6 ba b5 25 db a3 a5 84 eb ac 6a 42 be d5 d5 76 cb a5 de b1 10 d6 ac 0e e3 b7 6c 18 d4 69 8b 2f b0 dd 94 af 30 df 91 cb b5 30 ad ed 0e b3 27 df de 64 bf bf d1 08 b7 4e 62 df 3b df 12 73 de Data Ascii: :/oz,-"uwXJlGt)2b'EBSF6g.9A+~=PK.PjuKMr-[T<obpQe3y{nj=nBJe>"`uaqw>n6Z]Fz]Zo%jBvli/00'dNb;s
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: 21 9d 46 d7 c4 97 de 9a d7 71 46 fd 84 6a 36 98 ee 9f ce 33 4e f5 a4 4f 08 ab 75 e9 48 99 e4 3d 05 01 51 bb 6f ad 05 75 e9 c3 8b 9c dd 91 64 0c b4 15 d0 57 06 4e 94 79 3b 49 13 d6 03 57 05 93 bb 6e 0d 3a 81 0b ec 71 7e 53 30 5d 90 66 e7 15 39 20 22 5b ec b5 7e 8b d1 d2 b6 06 dd dc 0d 29 3f 04 9b f2 dd 25 3d af 0b b6 78 d1 9d aa 7c 12 46 9d 9f fa 24 0c 1f e6 24 8c 3a 93 9c 84 ce 23 9f 84 72 ab 1e f3 24 74 9e e0 24 ec b3 93 30 0c 51 83 03 d3 1c 16 1c 48 cc 90 56 3c 1f 50 ed 5c 94 43 86 98 c9 f5 3d 76 ce 40 af b8 96 83 df bb c8 86 39 3a 63 52 e5 7a a2 e8 a0 e1 26 70 d4 58 13 ea c2 28 b4 1b b4 1f 8e 8e d4 6a 9e 5d 8b 42 86 51 d8 f5 dd d6 da 27 62 e1 70 84 44 19 4d 65 6a e2 65 5f ad 8b 4f b2 60 f9 56 37 d9 0f f4 48 62 d7 ad 18 49 1d a9 21 4e 22 fb 97 7f 2c 2c Data Ascii: !FqFj63NOuH=QoudWNy;IWn:q~S0]f9 "[~)?%=x\|F$$:#r$t$0QHV<P\C=v@9:cRz&pX(j]BQ'bpDMeje_O`V7HbI!N",,
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: e6 c1 d7 1f 86 07 5f 9d 88 07 3f 7a 64 1e 7c f5 89 78 f0 a3 47 e6 c1 71 aa be f6 6c 1d 13 0d 24 2f 63 ed 9d be 52 61 5e 43 ab 82 54 c1 e2 58 27 04 2c a0 74 2d f5 5c d9 3a 1a 62 38 43 47 ce 6e 25 f4 69 4b ef 1b 5e 4f 12 d3 f4 c3 61 df 4f 96 82 da a5 fc ad c4 25 0d c2 68 e0 f4 a5 42 80 bf 97 fc e2 02 e3 40 cc e1 97 35 e6 f0 67 dd aa 59 cb bb f8 67 81 ba 88 11 7c de 55 27 39 82 b4 7e 77 d1 5d 7f c6 49 6d 68 7b 45 1e 4c 7d fb 6b 8f ec 29 f2 8a 25 c9 bd 6f 71 6c 18 21 d9 d7 a7 05 23 73 f1 35 db 22 13 0e 36 82 88 e6 1e 50 7b 0e 6b 8f c2 35 27 16 7b d4 a0 be 7c 31 32 e5 1b 96 ef ca c0 69 9f 42 e5 77 22 64 bc 5a 37 99 9c 20 61 45 fd 6a 7a 4b 6c 19 26 4c 85 f4 6e 62 e9 1e 6d 61 bd 90 eb c5 38 dd e4 12 05 0a dd fa b3 b3 4b fc b8 de 73 6a f9 fc 15 0d 6c 66 e0 c4 93 Data Ascii: _?zd\|xGql$/cRa^CTX',t-\:b8CGn%iK^OaO%hB@5gYg\|U'9~w]Imh{EL}k)%oql!#s5"6P{k5'{\|12iBw"dZ7 aEjzKl&Lnbma8Ksjlf
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: 5f 84 69 5d b6 8a 0e ee 5a d6 a2 b2 9e 96 1f 4e 2d 76 db c3 0b 8b d8 9a b0 09 20 71 50 c8 ee c5 5b cb a1 d7 d0 b7 70 71 4b b0 5a 2c 4d 70 d5 bb e2 57 dd ca df d7 c1 11 f5 52 57 6b 36 e7 cf f2 60 5f 94 77 69 fb f6 be 39 ab 31 2b 78 24 30 cf 4d 0c 26 41 d2 6a dd 80 a8 a4 4a d7 af c2 f8 fa 81 3e 3d e8 71 98 06 fd 76 a2 db 45 5d eb 82 ef f4 05 3b 9b 57 71 f7 67 be da e3 88 c5 0f cb fd 92 6d 63 a6 62 27 1a fd dd c0 d4 f1 2d 4e bd e8 4b e9 6a ae ef d1 ab b9 7c 8d 08 33 01 e8 b2 53 f8 c5 29 45 a7 30 2e c9 9b e4 6e 6b 99 b0 54 5c 77 05 71 a9 ac c6 9f e4 3a 8f 7a 36 84 bc 10 ea c1 d4 e3 5d 49 9b 05 0b 76 35 af a7 3d f5 95 78 32 57 a4 9b f0 9c 2f 1e e9 dc 72 1f e8 64 c1 8d 6a ff b0 f4 42 93 60 4d dd f5 bd f4 ab b0 60 57 e5 86 e8 32 30 57 e1 24 63 e7 6b 77 1d c3 37 Data Ascii: _i]ZN-v qP[pqKZ,MpWRWk6`_wi91+x$0M&AjJ>=qvE];Wqgmcb'-NKj\|3S)E0.nkT\wq:z6]Iv5=x2W/rdjB`M`W20W$ckw7
2024-04-24 07:07:33 UTC	16384	IN	Data Raw: 72 ac 64 01 a5 c4 c4 7f 95 d7 a3 8f ef f0 e1 57 e9 59 d2 88 cb a9 b6 72 ea 9d 84 db ff 82 76 f3 b3 93 10 ad 2c 9c 81 8b 89 87 b6 88 20 75 13 72 1a 22 1c f9 0c 92 2c a4 18 68 79 8d e3 28 a7 6d 18 a3 11 e4 01 95 a2 e3 f1 27 60 39 4c bc 2d 8c f4 a0 a5 52 93 ad 53 cb 51 93 11 cd a2 f9 7c e6 18 41 4e e2 25 60 b8 6f d8 bf 74 38 ab bd ef aa e5 35 98 57 d8 40 6b 7c ff 04 40 08 75 74 5a ea ce 42 6e 58 cb 1e 70 37 9b ba 96 35 ce 6b 3f cd 40 cc 2b af b9 df 85 db d9 0d f7 a9 0d fb d4 a5 7d fa 2a bd 75 6c d8 6e b1 d4 34 56 60 94 1f aa c8 10 eb b1 ed a2 06 7a 1f b8 3b 10 49 69 6b a2 89 13 f1 c9 81 54 3a da 9f 18 31 cc 80 3e 13 90 ca d8 8e 63 01 c7 0c e5 41 b2 33 11 21 d1 1b 64 81 d7 47 9a 37 68 45 9b 16 d7 fc 7f 95 57 56 4c fc e7 95 f7 c1 b8 42 01 e3 b5 6e 6a ce 6b dd Data Ascii: rdWYrv, ur",hy(m'`9L-RSQ\|AN%`ot85W@k\|@utZBnXp75k?@+}*uln4V`z;IikT:1>cA3!dG7hEWVLBnjk
2024-04-24 07:07:33 UTC	15600	IN	Data Raw: 70 4f 07 8e 8f 67 b0 cf 59 12 15 d6 5f 59 f1 4b dc 79 0e 1e 17 34 43 b0 5f f9 02 89 6b 17 9d 23 f9 a5 d6 c7 d9 b0 4b 8f c5 30 0e b8 95 ec 86 12 e3 db 8a e2 80 0f 75 2b a3 1b 0a ec 50 86 5e 1f 66 75 46 7b d4 65 4d 37 4b 1a bc 91 95 dc 80 94 61 4d 5c 9b 4e 80 b5 b1 7a 21 38 2d 3c a5 1b e8 f6 67 da e3 ca ca 93 52 aa fb 48 f2 7d b4 02 fa 78 16 47 d2 a9 37 0a 0f 79 11 69 3e 79 f0 eb 71 a8 18 c6 18 0a e7 80 24 43 a9 22 c1 54 e8 69 e0 e4 b5 3b 27 7e 17 a7 97 54 4b 36 2d 42 57 61 99 c5 44 1c 0e 8e fa e9 03 25 59 0e 2d 75 2e 8e f8 a9 2c b0 3d 3c a5 f5 78 76 7c a3 1d df 72 f8 b1 04 c5 94 b4 4d 46 16 b1 e7 74 60 41 a6 be a4 60 ca 3e 81 05 db 92 a5 a4 4a 55 06 53 4f 81 24 07 ce d9 1b 31 6a fe a1 2b 19 31 f0 9b c9 d0 16 a0 2a 57 a5 8b 9c 24 2c c8 30 2a b0 64 ca 74 99 Data Ascii: pOgY_YKy4C_k#K0u+P^fuF{eM7KaM\Nz!8-<gRH}xG7yi>yq$C"Ti;'~TK6-BWaD%Y-u.,=<xv\|rMFt`A`>JUSO$1j+1W$,0dt

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 73

Windows Analysis Report
https://security.microsoft.com/quarantine?id=97a71014-954b-4feb-794d-08dc6372e303%5C98d07de9-cb26-b9f0-ba1e-09ca04ceb516&recipientAddress=%40ENC%40D9yt9c5hG3%2F4wJDKGc%2FbR3AuhdsaTWJ0Bg22uw1BWgTyTC%2BWm%2FZe7jBqtCP%2FpiaYXc1LB9Cngaxkq7SO1S5t4A%3D%3D

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:33 UTC	611	OUT	GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:34 UTC	819	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:34 GMT Content-Type: application/x-javascript Content-Length: 32821 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Sat, 30 Mar 2024 01:22:56 GMT ETag: 0x8DC5057EDD0C741 x-ms-request-id: 60c30d7d-801e-0006-6db8-951f92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070734Z-168bb8d798bmmxfd6g2ey15u1400000007vg000000009wwp x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:34 UTC	15565	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 69 77 db 38 b3 3f f8 7e 3e 85 c4 e9 f1 25 db b0 22 39 4b 77 a4 30 3a 89 e3 74 9c cd ee d8 59 ba dd be 3e b4 04 d9 6c cb a4 42 52 5e 62 e9 bb 4f fd 0a 0b 41 8a 4e f2 9c ff 9d 79 71 fb 74 2c 62 21 08 14 0a 85 aa 42 55 e1 de af ed d6 cb 34 6b 4d e3 91 4c 72 d9 8a 93 49 9a 5d 44 45 9c 26 ad d9 54 46 94 95 4b d9 4a 13 39 ce 37 a2 24 9a de 14 f1 28 df f8 37 3f 7e f8 e0 a4 f7 db e6 83 68 d2 3b e9 3e 94 9b 27 d1 fd f1 c9 b1 4c 3a ff e6 9d b7 3b 5b db ef f7 b7 3b c5 75 d1 fa f5 de ff e5 cd d1 4a 91 c5 a3 c2 1b f8 b9 9c 4e 3a 57 f2 64 16 8d ce b7 ce e6 c9 f9 f1 45 1e 8f 65 52 c4 c5 cd 71 1e e7 73 4a 47 e1 4f d5 5a 2c 0e 8f 82 ce 6c 9e 9f f9 87 87 9b 0f 7b 47 e2 f6 41 ef d1 e3 47 fd c9 3c 19 61 08 7e 22 a4 28 82 db a2 93 f9 32 10 Data Ascii: iw8?~>%"9Kw0:tY>lBR^bOANyqt,b!BU4kMLrI]DE&TFKJ97$(7?~h;>'L:;[;uJN:WdEeRqsJGOZ,l{GAG<a~"(2
2024-04-24 07:07:34 UTC	16384	IN	Data Raw: a2 f4 b5 4b 71 c3 bd 9a cf ff a0 97 d4 c3 ff 5f fb 97 38 c7 e0 1a bc c6 7d 7c b5 77 72 dd d3 bd 33 7d 33 7b d2 f0 ef f8 10 27 9e 47 f6 a1 8f bf 95 e6 a9 63 ae bb 8a 8d 23 42 03 78 ba d1 1b d2 6f df c9 3d d6 b9 c7 9e 3a 29 60 36 23 0d 6b 5c 14 6d 03 e9 6c 3e 25 02 be 3b 83 d9 2d 11 cd fd 9b 9c e4 87 9d 64 92 1a 38 f3 86 57 84 26 9c 3e 73 a0 36 2a 0a 4c dd 9c 84 e7 c1 fc b4 cc 41 c0 d2 4a 15 95 a1 ae cf c8 0c f7 e3 f6 aa 7a a9 9a 4c dd 4b d5 cc 2c c2 19 95 27 ad c3 0c ac 02 34 25 6c a8 8d a2 93 aa bb 9b 3b 79 79 35 89 06 0d e5 55 ea b9 33 9a 55 79 2d 12 23 95 ab 71 4a 72 de 25 62 ed a5 b4 e9 a6 10 8e 13 de ea d5 2f 9a 4f 55 8c 92 b8 43 b8 55 e0 0e 4d 8e 1b ab de 76 32 49 62 8c 88 30 da ab e9 9c fb e8 ca b3 7b 75 5a 4d fc 90 b2 ac 4d 7f cc 9d 74 ef e0 4c b4 Data Ascii: Kq_8}\|wr3}3{'Gc#Bxo=:)`6#k\ml>%;-d8W&>s6*LAJzLK,'4%l;yy5U3Uy-#qJr%b/OUCUMv2Ib0{uZMMtL
2024-04-24 07:07:34 UTC	872	IN	Data Raw: 1b 59 16 3e ca 36 2d cf 1e 40 28 00 0d ee c5 6b b7 ad 8b 69 8d bf c2 f7 ec 36 3a 49 d3 dd 34 b9 92 6d be 29 74 42 8f a0 cd 01 10 b1 97 47 61 82 f0 9e 6f 4a 94 57 7c c0 da 4b 55 1b 7d 62 5b 69 d2 2b ea ce a0 40 8d 76 4d bf 74 c5 37 97 09 0e 26 81 b8 2c 3a 01 94 7d 00 4b 28 57 1a fa 4e 71 e5 8f 38 1f 02 6d cd 49 85 56 9a ce be 5b 39 84 d5 d4 56 8a 3b b4 a1 35 26 78 ed 18 de 60 03 5a 9a d3 6c 64 66 63 c3 12 e7 fc a2 91 90 5c b1 0e 0c 7c 1d 34 53 48 68 85 d6 67 67 60 c6 59 b3 4e 2b e7 24 59 b5 6e 90 03 e2 dd e0 48 72 d5 d7 f0 4a e1 d7 9d e4 32 3d 48 4e e9 57 0c e3 d0 92 70 82 5d 73 6c e4 2a ad 85 ed a3 61 d5 d1 32 1c 27 f1 78 0c f7 b6 9f c5 63 20 44 c2 01 4e 65 9a 01 02 b5 e7 3a 2b 22 42 b7 d2 e2 ab 11 09 47 1b 31 7a 5d f3 e5 f3 eb be d5 7d 8b 7d 96 29 90 b2 Data Ascii: Y>6-@(ki6:I4m)tBGaoJW\|KU}b[i+@vMt7&,:}K(WNq8mIV[9V;5&x`Zldfc\\|4SHhgg`YN+$YnHrJ2=HNWp]sl*a2'xc DNe:+"BG1z]}})

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:33 UTC	634	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:34 UTC	807	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:34 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 392d1932-401e-001a-0205-965ba9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070734Z-168bb8d798b94t6v8q1baus7z800000000b000000000904h x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:34 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:33 UTC	621	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:34 UTC	799	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:34 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: e218eb6f-201e-0048-08bf-956e9e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070734Z-168bb8d798bhmqqnyvwtxs9zf400000000gg00000000c4k5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:34 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:34 UTC	398	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:35 UTC	807	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:35 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 392d1932-401e-001a-0205-965ba9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070735Z-168bb8d798b968vptsayvcbkpg00000005eg0000000127pm x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:35 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:35 UTC	600	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:35 UTC	764	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:35 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Tue, 23 Apr 2024 15:36:46 GMT ETag: 0x8DC63AB2F502080 x-ms-request-id: 3995e90d-501e-0022-32b0-95b18c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070735Z-168bb8d798b8nl86frq151a46000000005e0000000003mbd x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:35 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-24 07:07:35 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:36 UTC	364	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:36 UTC	764	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:36 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Tue, 23 Apr 2024 15:36:46 GMT ETag: 0x8DC63AB2F502080 x-ms-request-id: 3995e90d-501e-0022-32b0-95b18c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070736Z-168bb8d798b4bst68753kwrwcg00000001p0000000007dxm x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 07:07:36 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-24 07:07:36 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:37 UTC	608	OUT	GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:37 UTC	794	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:37 GMT Content-Type: text/css Content-Length: 17755 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Tue, 23 Apr 2024 21:56:43 GMT ETag: 0x8DC63E043B557AB x-ms-request-id: 46443792-001e-00d3-34df-953fdb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070737Z-168bb8d798bxxkq2crnw691fcg00000005500000000180bz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:37 UTC	15590	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 69 73 db 46 d2 f0 77 ff 0a ac 5c ae 58 59 12 e1 2d 4a aa a4 d6 87 12 eb 59 1f 2a 4b d9 ec 56 de 94 0b 22 21 11 6b 10 60 01 a0 65 85 0f ff fb db 73 5f 3d 00 28 c9 89 9f aa 44 b1 44 ce f4 f4 5c 3d 3d 3d 33 7d 7c f7 ed df 82 17 f9 ea b6 48 ae 17 55 f0 f4 c5 7e f0 26 99 15 79 99 5f 55 90 5e ac f2 22 aa 92 3c 0b 83 67 69 1a 50 a0 32 28 e2 32 2e 3e c5 f3 30 f8 f6 bb ef be fd db a3 6e fb ff 82 f3 8b 67 ef 2f 82 77 3f 06 17 af 4e df bf 0c ce e0 db 7f 82 b7 ef 2e 4e 5f 9c 04 ad b1 3c 7a 74 b1 48 ca e0 2a 49 e3 00 fe 5e 46 65 3c 0f f2 2c c8 8b 20 c9 66 bc d5 71 19 2c e1 77 91 44 69 70 55 e4 cb a0 5a c4 c1 aa c8 ff 1b cf a0 0f 69 52 56 50 e8 32 4e f3 9b e0 29 a0 2b e6 c1 59 54 54 b7 c1 e9 d9 7e 18 5c 00 6c 0e dd 4d 32 28 3d 93 e3 Data Ascii: }isFw\XY-JYKV"!k`es_=(DD\===3}\|HU~&y_U^"<giP2(2.>0ng/w?N.N_<ztHI^Fe<, fq,wDipUZiRVP2N)+YTT~\lM2(=
2024-04-24 07:07:37 UTC	2165	IN	Data Raw: 73 56 f4 9f 8b 25 ec 53 f4 e3 c5 3a bb 26 a8 5f 47 3c ef 7d 14 7d 22 58 4f cb 8f 39 f0 de e0 2c af 58 7e b5 a0 7f 63 e0 31 37 d1 3c 26 2d 94 77 df c1 7f a2 57 71 c2 10 a8 c4 ff 59 c4 d9 b5 4a 8f d2 eb 75 16 fc 94 57 8b 64 46 7a 55 92 a9 ba 8e d3 3c 38 81 cd a4 8c 8c b2 af 12 d2 d3 5b 33 f1 6d 7c 13 5c 44 49 f0 7a 6d d6 7e b6 88 ae cb 33 13 96 c2 59 8d 4c 82 e7 11 f0 26 92 98 67 d7 c0 58 a3 4c a5 fc 2b 78 0e 29 e4 d3 6d 94 c1 3c 06 24 26 22 7c 7d 11 2d 61 fc a3 e0 0d 8c c0 9e 4e 35 4c f0 fb 7d d1 9d 65 fb 1d 2c bd ba d9 df 7c 25 b3 ff d7 8c df 7d c6 c9 cb 22 dd 12 dd b3 b3 be fe f5 ef 62 fd 87 03 e7 71 93 27 69 0f a0 23 4c a9 45 67 39 43 60 39 86 fe 58 78 40 71 d8 86 d9 e1 70 32 d4 6f 6a 69 ab 44 e2 5f 2c ee 2f 82 6f 45 f0 75 77 3d 3d 8d 70 c2 c3 21 23 43 Data Ascii: sV%S:&_G<}}"XO9,X~c17<&-wWqYJuWdFzU<8[3m\|\DIzm~3YL&gXL+x)m<$&"\|}-aN5L}e,\|%}"bq'i#LEg9C`9Xx@qp2ojiD_,/oEuw==p!#C

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:37 UTC	588	OUT	GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:37 UTC	807	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:37 GMT Content-Type: application/javascript Content-Length: 5564 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Tue, 23 Apr 2024 21:56:55 GMT ETag: 0x8DC63E04ACD0364 x-ms-request-id: 83482232-d01e-00d6-72df-95b8d1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070737Z-168bb8d798b4bst68753kwrwcg00000001h0000000012m9s x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:07:37 UTC	5564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cd 3c 6b 8f db 38 92 df fd 2b da c2 c2 90 10 c5 70 67 80 fb 60 b5 62 64 33 b3 97 e0 66 a6 f7 36 99 bd 3b 18 46 a0 b6 e9 b6 26 32 e9 a5 e8 ee 34 da fa ef 57 c5 87 44 52 92 fb e5 bb 64 06 88 5b 14 45 56 15 eb cd 22 d7 7b ba 14 39 a3 67 5f b2 d5 ea 97 1b 42 c5 af 79 29 08 25 3c 24 b1 88 69 74 4f 46 23 32 f6 5f ce da 4d 21 f6 9e 62 ef b3 9c 96 22 a3 4b c2 d6 67 1f 3e ff f6 eb 2f 05 d9 42 47 39 8e 10 d9 72 23 bf f3 1e c3 80 d1 e0 15 8e 51 ad 6b 98 ae 89 b8 e4 9f 88 f8 3b 67 bb f2 92 ea 81 4a 05 5a cc a3 fb 7c 0d df 5d fd 49 96 22 48 53 71 b7 c3 29 45 74 ff 65 cd f8 2f 30 f2 7f 90 3b 00 cb 8c 17 02 36 f0 22 bc c9 f8 59 99 4e e2 3c 25 63 02 43 96 49 79 91 8f 0b 42 af c5 26 29 5f bd 8a ee b1 07 4b f3 79 b9 48 f8 8c cd f9 62 4e 17 a9 Data Ascii: <k8+pg`bd3f6;F&24WDRd[EV"{9g_By)%<$itOF#2_M!b"Kg>/BG9r#Qk;gJZ\|]I"HSq)Ete/0;6"YN<%cCIyB&)_KyHbN

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:37 UTC	592	OUT	GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:38 UTC	795	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:37 GMT Content-Type: application/javascript Content-Length: 28582 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:31 GMT ETag: 0x8DC641C4E7B0928 x-ms-request-id: fafe6bd1-601e-00e9-1916-9610df000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070737Z-168bb8d798b968vptsayvcbkpg00000005n000000000229u x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 07:07:38 UTC	15589	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc bd 69 73 db 48 96 36 fa dd 11 fe 0f 20 5e 87 0c 94 52 90 54 d5 33 d3 0d 1a e6 95 25 d9 56 95 2c b9 25 b9 aa ab 69 b5 03 1b 17 13 5c 44 90 5a 2c f2 bf df f3 9c cc 04 12 20 e4 aa 9e 77 e6 c6 75 57 8b 40 22 f7 e5 e4 d9 cf ee 0f ad 9d 3f ff cf ba bc 3a b8 b8 b2 ce df 5a 57 ef 4f 2e 8e ac 8f f4 f6 bb 75 76 7e 75 72 78 6c fd e9 5a 9e 3f 7b fe ec 6a 30 cc ad de 30 4b 2d fa 8d c2 3c 4d ac e9 c4 9a ce ad e1 24 9e ce 67 d3 79 b8 48 73 6b 4c 7f e7 c3 30 b3 7a f3 e9 d8 5a 0c 52 6b 36 9f 7e 4d e3 45 6e 65 c3 7c 41 85 a2 34 9b de 59 0e 55 37 4f ac 8f e1 7c f1 60 9d 7c 74 3d eb 8a f2 4e e7 c3 fe 70 42 a5 e3 e9 ec 81 9e 07 0b 6b 32 5d 0c e3 d4 0a 27 09 d7 96 d1 cb 24 4f ad e5 24 49 e7 d6 dd 60 18 0f ac 0f c3 78 3e cd a7 bd 85 35 4f e3 74 Data Ascii: isH6 ^RT3%V,%i\DZ, wuW@"?:ZWO.uv~urxlZ?{j00K-<M$gyHskL0zZRk6~MEne\|A4YU7O\|`\|t=NpBk2]'$O$I`x>5Ot
2024-04-24 07:07:38 UTC	12993	IN	Data Raw: a7 fa 0d ba b8 5c e4 b6 29 ef ad ce a4 2d a5 61 80 2b 6b 88 a6 f7 f0 64 c3 41 86 05 21 ca f3 30 19 4e 8b 14 46 27 56 ab 4c 73 eb 54 08 3f 39 d4 3a 75 43 f3 d8 e7 55 9a 09 3a ad ab 55 1f 56 67 ad 88 21 1a ca 25 84 16 0f 6f 96 29 8e 15 2b 32 38 95 e0 15 a5 1f 53 06 a5 69 45 01 04 ad 62 ab d8 50 da 19 d9 22 55 f0 b6 82 5b b2 16 ed c0 fb b5 58 81 96 ba 38 8c a9 0a 9e 3f 6b 3e b6 91 11 c5 59 a1 94 5a 63 99 6a c8 f3 3f 79 da 55 78 29 1c 9b cd 68 da 9d 3f 04 03 78 38 09 b5 eb 03 f6 22 a5 55 4f a5 a6 65 91 41 9b 7e 53 d7 78 60 d8 ca 1b 89 41 2c 8c 1a 69 f7 4a 1f ab 44 46 b2 ea c0 9f 1d 53 0c f0 43 17 28 ca 24 0d 90 c5 d6 df c0 0b 01 68 d1 ef ec 91 5e bf 30 af 5f 36 af 92 9e 68 bf ec a0 d2 71 69 dc 28 c6 42 15 a3 ba 6d c0 0e a4 52 eb f3 67 6c 65 a7 1c 24 3b 26 54 Data Ascii: \)-a+kdA!0NF'VLsT?9:uCU:UVg!%o)+28SiEbP"U[X8?k>YZcj?yUx)h?x8"UOeA~Sx`A,iJDFSC($h^0_6hqi(BmRgle$;&T

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:07:37 UTC	615	OUT	GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:07:37 UTC	787	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:07:37 GMT Content-Type: application/javascript Content-Length: 7203 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:36 GMT ETag: 0x8DC641C50FD100D x-ms-request-id: fc9e80ac-c01e-00cf-1d16-967be0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070737Z-168bb8d798bj2crg3us8a5psdg000000034g00000000scqz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 07:07:37 UTC	7203	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 5c cd 72 e3 48 72 be fb 29 b0 b4 23 d4 e3 e8 51 f3 ff a7 b7 a5 b5 44 49 14 5b 24 c5 11 29 f5 cf ee c6 44 11 2c 91 18 81 28 4e 01 10 87 dd 31 11 be f8 21 7c f6 c1 b1 07 df fc 06 fd 26 7e 12 67 16 40 22 13 12 a0 c1 c4 ee a5 9b 02 b2 aa b2 be fc fb b2 00 f2 0f f7 a1 67 07 8e f2 5e 7d f7 55 cb 85 e3 07 52 8f c4 4a fa 6b 61 cb 57 a5 7f e9 2a ef de 59 94 be 7b 1d 7f 3a f4 97 42 cb f9 24 d0 8e b7 f0 8f be 96 a4 d6 4a fb a5 b7 5f 4b 5a fe 1c 3a 70 af f4 b6 34 5d 3a be e5 78 f7 4a af 04 4e 6e c1 9f bb db 87 a5 d7 25 b9 12 8e 7b 93 c8 9f 78 96 b9 64 89 f9 5c 4b df a7 f2 20 be 5e 2a 4f 52 71 cb 5c b1 bc 70 35 93 3a 2d 2c 7c 7f a3 f4 9c cb c7 17 53 b2 8e f7 28 5c 67 7e 8e 6b 5f 18 65 41 fa dc 03 0c ac 60 29 d3 3a 79 e6 62 b4 29 cb 57 Data Ascii: \rHr)#QDI[$)D,(N1!\|&~g@"g^}URJkaWY{:B$J_KZ:p4]:xJNn%{xd\K ^ORq\p5:-,\|S(\g~k_eA`):yb)W