Edit tour

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0

Overview

General Information

Sample URL:	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3
Analysis ID:	1431290
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Submit button contains javascript call

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,4352217613125422035,14921878551457243964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Iframe src: https://fpt.live.com/?session_id=421db01fa45d4b55a2c012f4ab17225f&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Iframe src: https://fpt.live.com/?session_id=421db01fa45d4b55a2c012f4ab17225f&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Title: Create account does not match URL
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: Title: Create account does not match URL

Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://fpt.live.com/?session_id=421db01fa45d4b55a2c012f4ab17225f&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US

HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmyapps.microsoft.com%2F&client-request-id=421db01f-a45d-4b55-a2c0-12f4ab17225f&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.37.1&client_info=1&code_challenge=U-7XMGdIVCRCeuWrA_C3qhJuDNGmhEyBw5zuyXEgvJI&code_challenge_method=S256&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3d7DEE5A5D1B83C921%26opidt%3d1713980349%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3d096C34F011F368CB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d2793995e-0a7d-40d7-bd35-6968ba142197%26mkt%3dEN-US%26opid%3dAA8E59DEFCB20667%26opidt%3d1713980366%26uaid%3d421db01fa45d4b55a2c012f4ab17225f%26contextid%3dA9DDC1974D22D3A3%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&uaid=421db01fa45d4b55a2c012f4ab17225f&suc=2793995e-0a7d-40d7-bd35-6968ba142197&lic=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49728 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49728 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.49.37
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.49.37
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_MwksSuxFBgQ4Y619ES0DZQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_9itStK--DdHYjkMJSN7X3A2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713980295912&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_124.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_124.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_120.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_120.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE
Source: chromecache_122.2.dr, chromecache_111.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_135.2.dr, chromecache_170.2.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: chromecache_135.2.dr, chromecache_170.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/discovery/v2.0/keys
Source: chromecache_135.2.dr, chromecache_170.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: chromecache_132.2.dr, chromecache_155.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Source: chromecache_122.2.dr, chromecache_111.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.5:49718 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@22/123@22/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,4352217613125422035,14921878551457243964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,4352217613125422035,14921878551457243964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_162.2.dr	Binary or memory string: ",ConnectVirtualMachine:"
Source: chromecache_162.2.dr	Binary or memory string: ",DisconnectVirtualMachine:"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
part-0041.t-0009.t-msedge.net	13.107.246.69	true	false	unknown
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	unknown
www.google.com	142.250.141.105	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
signup.live.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	high
fpt.live.com	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fpt.live.com/?session_id=421db01fa45d4b55a2c012f4ab17225f&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US	false		high
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com/	chromecache_135.2.dr, chromecache_170.2.dr	false	high
https://login.microsoftonline.com	chromecache_122.2.dr, chromecache_111.2.dr	false	high
http://www.opensource.org/licenses/mit-license.php)	chromecache_124.2.dr	false	high
https://github.com/zloirock/core-js	chromecache_120.2.dr	false	high
http://knockoutjs.com/	chromecache_124.2.dr	false	high
https://github.com/douglascrockford/JSON-js	chromecache_124.2.dr	false	high
https://login.windows-ppe.net	chromecache_122.2.dr, chromecache_111.2.dr	false	high
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration	chromecache_132.2.dr, chromecache_155.2.dr	false	high
https://login.microsoftonline.com/common/discovery/v2.0/keys	chromecache_135.2.dr, chromecache_170.2.dr	false	high
https://login.microsoftonline.com/common/oauth2/v2.0/token	chromecache_135.2.dr, chromecache_170.2.dr	false	high
https://github.com/zloirock/core-js/blob/v3.31.1/LICENSE	chromecache_120.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.69	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.141.105	www.google.com	United States	15169	GOOGLEUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431290
Start date and time:	2024-04-24 19:37:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean3.win@22/123@22/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.live.com/oauth20_authorize.srf?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fmyapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3d&response_mode=fragment&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&code_challenge=87H1yHvbOCJlwHxkuBSM9PwsCjIj27SCxNxYCJUN9v8&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.37.1&uaid=421db01fa45d4b55a2c012f4ab17225f&msproxy=1&issuer=mso&tenant=common&ui_locales=en-US&client_info=1&signup=1&lw=1&fl=easi2&epct=PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd81q33hWn4YWjQnlyeJBNL7MoWhNqQ6AUUdA9Zo6mqEaJUDvFiMdy7Np5xj4pcCGyki2thEub6wresLwbDeLRAcT-O8nw_Zr_xbMeyEtGgO2mhWMV2jfPOQXQtWG0XztrJ9SdTNFdSM6FUGXY514L4hpneIJGAXWl-FGKAI1NAahWWMXNAhjt9olEuki0Iz7zJn2vNDDwofU06oTl77HtzxCAA&jshs=0 Browse: https://login.live.com/oauth20_authorize.srf?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fmyapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjQyMTRmMGRkLWYxNDMtNDFhZi04ZTM3LTBjYWI0ZGQzZGUyYiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3d&response_mode=fragment&nonce=a254f06a-f3b0-4454-aedb-8ce35049f3eb&code_challenge=87H1yHvbOCJlwHxkuBSM9PwsCjIj27SCxNxYCJUN9v8&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.37.1&uaid=421db01fa45d4b55a2c012f4ab17225f&msproxy=1&issuer=mso&tenant=common&ui_locales=en-US&client_info=1&signup=1&lw=1&fl=easi2&epct=PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd81q33hWn4YWjQnlyeJBNL7MoWhNqQ6AUUdA9Zo6mqEaJUDvFiMdy7Np5xj4pcCGyki2thEub6wresLwbDeLRAcT-O8nw_Zr_xbMeyEtGgO2mhWMV2jfPOQXQtWG0XztrJ9SdTNFdSM6FUGXY514L4hpneIJGAXWl-FGKAI1NAahWWMXNAhjt9olEuki0Iz7zJn2vNDDwofU06oTl77HtzxCAA&jshs=0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.138, 142.251.2.100, 142.251.2.101, 142.251.2.139, 142.251.2.102, 142.251.2.113, 142.251.2.84, 34.104.35.123, 20.190.190.196, 20.190.190.129, 20.190.190.195, 40.126.62.132, 20.190.190.193, 20.190.190.194, 40.126.62.131, 20.190.190.130, 40.126.26.18, 40.126.26.17, 20.190.154.140, 20.190.154.141, 40.126.26.130, 40.126.26.19, 40.126.26.131, 40.127.169.103, 192.229.211.108, 199.232.214.172, 13.85.23.206, 20.50.73.10, 23.199.47.148, 23.199.47.143, 20.190.151.9, 20.190.151.6, 20.190.151.8, 20.190.151.7, 20.190.151.131, 20.190.151.67, 20.190.151.68, 20.190.151.132, 142.250.101.95, 142.251.2.95, 20.44.10.122, 13.107.42.22, 142.250.141.95, 74.125.137.95, 20.72.243.62, 20.189.173.15, 142.250.101.94, 23.72.90.76, 23.72.90.85
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:38:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9775806927887696
Encrypted:	false
SSDEEP:	48:8Od1Td97H/eidAKZdA19ehwiZUklqehQy+3:8kHgvy
MD5:	74E6766F7418351371DEC678FC4B60ED
SHA1:	31F9A068B871BF8A0974A386C16D60C4F26EA02D
SHA-256:	37A1B8D80145C50A1ACCF2A265AC4A13B8959A6EDCCD27690B0E7D7357D0C524
SHA-512:	486AEBC5DCBB2F79AAA40836130480A913BD8B34A567ED4696004BDFF7D2190DB491DAC80ABA0AF70C9F8D754264AC88328B4EFF26C043A15A4049BD41971AC6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....2-;n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Y.J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 19:38:32.458920002 CEST	53	61895	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:32.474004030 CEST	53	53468	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:33.426723003 CEST	53	62189	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:33.532223940 CEST	60089	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:33.532383919 CEST	52383	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:35.420691013 CEST	61768	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:35.420947075 CEST	52673	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:35.574376106 CEST	53	61768	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:35.575330973 CEST	53	52673	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:48.103764057 CEST	59283	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:48.103902102 CEST	49690	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:49.315452099 CEST	56790	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:49.315975904 CEST	51597	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:50.452552080 CEST	53	58880	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:50.972081900 CEST	55321	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:50.972625971 CEST	54314	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:51.125994921 CEST	53	55321	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:51.126661062 CEST	53	54314	1.1.1.1	192.168.2.5
Apr 24, 2024 19:38:53.185436964 CEST	55960	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:38:53.186089993 CEST	50354	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:00.880208015 CEST	53	55308	1.1.1.1	192.168.2.5
Apr 24, 2024 19:39:09.340725899 CEST	53	51210	1.1.1.1	192.168.2.5
Apr 24, 2024 19:39:09.853384972 CEST	52361	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:09.853797913 CEST	54623	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:12.948627949 CEST	61693	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:12.948776960 CEST	51178	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:14.613115072 CEST	53	59376	1.1.1.1	192.168.2.5
Apr 24, 2024 19:39:15.127417088 CEST	63394	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:15.127654076 CEST	58923	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:16.161622047 CEST	58850	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:16.161796093 CEST	54681	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:18.611577034 CEST	56936	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:18.611740112 CEST	59872	53	192.168.2.5	1.1.1.1
Apr 24, 2024 19:39:31.736571074 CEST	53	51709	1.1.1.1	192.168.2.5
Apr 24, 2024 19:39:31.828862906 CEST	53	50235	1.1.1.1	192.168.2.5

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 19:38:33.686117887 CEST	1.1.1.1	192.168.2.5	0x1426	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:33.686146975 CEST	1.1.1.1	192.168.2.5	0x5293	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.574376106 CEST	1.1.1.1	192.168.2.5	0x2daf	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:35.575330973 CEST	1.1.1.1	192.168.2.5	0xd23a	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 19:38:46.768961906 CEST	1.1.1.1	192.168.2.5	0xf20d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:46.768961906 CEST	1.1.1.1	192.168.2.5	0xf20d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:47.445491076 CEST	1.1.1.1	192.168.2.5	0xa6cc	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:47.445491076 CEST	1.1.1.1	192.168.2.5	0xa6cc	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:48.258271933 CEST	1.1.1.1	192.168.2.5	0x9f0f	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:48.258593082 CEST	1.1.1.1	192.168.2.5	0xd783	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:49.470273972 CEST	1.1.1.1	192.168.2.5	0x3a41	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:49.470494032 CEST	1.1.1.1	192.168.2.5	0x6834	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:51.125994921 CEST	1.1.1.1	192.168.2.5	0x9ee6	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:51.125994921 CEST	1.1.1.1	192.168.2.5	0x9ee6	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:51.126661062 CEST	1.1.1.1	192.168.2.5	0xa086	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:53.333959103 CEST	1.1.1.1	192.168.2.5	0xb565	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:53.333959103 CEST	1.1.1.1	192.168.2.5	0xb565	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:53.333959103 CEST	1.1.1.1	192.168.2.5	0xb565	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:53.339407921 CEST	1.1.1.1	192.168.2.5	0x6cae	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:53.339730978 CEST	1.1.1.1	192.168.2.5	0x731e	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:57.002434969 CEST	1.1.1.1	192.168.2.5	0xb255	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:38:57.002434969 CEST	1.1.1.1	192.168.2.5	0xb255	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:38:57.002434969 CEST	1.1.1.1	192.168.2.5	0xb255	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:00.733319998 CEST	1.1.1.1	192.168.2.5	0x3d55	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:00.733319998 CEST	1.1.1.1	192.168.2.5	0x3d55	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:10.007256031 CEST	1.1.1.1	192.168.2.5	0x568f	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:10.062510967 CEST	1.1.1.1	192.168.2.5	0x7df9	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:12.943476915 CEST	1.1.1.1	192.168.2.5	0x9318	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:12.943476915 CEST	1.1.1.1	192.168.2.5	0x9318	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:12.943476915 CEST	1.1.1.1	192.168.2.5	0x9318	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:13.100018978 CEST	1.1.1.1	192.168.2.5	0xf97e	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.100078106 CEST	1.1.1.1	192.168.2.5	0x5fed	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.100078106 CEST	1.1.1.1	192.168.2.5	0x5fed	No error (0)	sni1gl.wpc.alphacdn.net		152.195.19.97	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102400064 CEST	1.1.1.1	192.168.2.5	0x51e1	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102400064 CEST	1.1.1.1	192.168.2.5	0x51e1	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102400064 CEST	1.1.1.1	192.168.2.5	0x51e1	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102566957 CEST	1.1.1.1	192.168.2.5	0x444	No error (0)	acctcdn.msftauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102642059 CEST	1.1.1.1	192.168.2.5	0x1f04	No error (0)	acctcdn.msftauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102642059 CEST	1.1.1.1	192.168.2.5	0x1f04	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102642059 CEST	1.1.1.1	192.168.2.5	0x1f04	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:13.102642059 CEST	1.1.1.1	192.168.2.5	0x1f04	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:15.025203943 CEST	1.1.1.1	192.168.2.5	0x5597	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:15.025203943 CEST	1.1.1.1	192.168.2.5	0x5597	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:15.025203943 CEST	1.1.1.1	192.168.2.5	0x5597	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:15.328567028 CEST	1.1.1.1	192.168.2.5	0x225d	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:15.328649998 CEST	1.1.1.1	192.168.2.5	0x32f5	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:16.315943956 CEST	1.1.1.1	192.168.2.5	0xc6c2	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:16.315999031 CEST	1.1.1.1	192.168.2.5	0x1cea	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:18.766252041 CEST	1.1.1.1	192.168.2.5	0x14a5	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:18.766283989 CEST	1.1.1.1	192.168.2.5	0x177e	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:24.433713913 CEST	1.1.1.1	192.168.2.5	0xb9fe	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:24.433713913 CEST	1.1.1.1	192.168.2.5	0xb9fe	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:31.733437061 CEST	1.1.1.1	192.168.2.5	0xe3ef	No error (0)	csp-afd-prod.azurefd.net	azurefd-t-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:31.733437061 CEST	1.1.1.1	192.168.2.5	0xe3ef	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 19:39:31.733437061 CEST	1.1.1.1	192.168.2.5	0xe3ef	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:31.733437061 CEST	1.1.1.1	192.168.2.5	0xe3ef	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 19:39:31.734311104 CEST	1.1.1.1	192.168.2.5	0x88a2	No error (0)	csp-afd-prod.azurefd.net	azurefd-t-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:38 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 17:38:39 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=221080 Date: Wed, 24 Apr 2024 17:38:39 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:39 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 17:38:40 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=221032 Date: Wed, 24 Apr 2024 17:38:39 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 17:38:40 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:47 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713980295912&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-24 17:38:47 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-24 17:38:47 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-24 17:38:47 UTC	479	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 497AE4C7FA724B75BAA2BFBD3F5142CE Ref B: LAX311000109017 Ref C: 2024-04-24T17:38:47Z Date: Wed, 24 Apr 2024 17:38:47 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1713980327.4f138c1

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:52 UTC	635	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:52 UTC	770	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2278134 Cache-Control: public, max-age=31536000 Content-MD5: 2vlVvyES905PeLIYeo1r7w== Content-Type: application/x-javascript Date: Wed, 24 Apr 2024 17:38:52 GMT Etag: 0x8DC4DBF5E20DC85 Last-Modified: Tue, 26 Mar 2024 18:05:49 GMT Server: ECAcc (laa/7B41) Vary: Accept-Encoding X-Cache: HIT X-EC-BBR-Enable: 1 x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: e3c3061c-c01e-00ff-63b6-81766c000000 x-ms-version: 2009-09-19 Content-Length: 141339 Connection: close
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-04-24 17:38:52 UTC	1	IN	Data Raw: 75 Data Ascii: u
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3a 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3a 7b 7d 7d 2c 68 69 73 74 6f 72 79 3a 7b 70 75 73 68 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 5f 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 64 2e 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 65 2c 6e 29 7d 2c 72 65 70 6c 61 63 65 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 5f 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 64 2e 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 65 2c 6e 29 7d 7d 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 72 29 7b 65 2e 61 64 64 Data Ascii: tedStyle(e,null):e.currentStyle?e.currentStyle:{}},history:{pushState:function(e,n){_.isHistorySupported()&&d.history.pushState(e,n)},replaceState:function(e,n){_.isHistorySupported()&&d.history.replaceState(e,n)}},addEventListener:function(e,n,t,r){e.add
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 53 4d 53 3a 22 38 30 30 34 33 34 45 31 22 2c 50 50 5f 45 5f 49 4e 4c 49 4e 45 4c 4f 47 49 4e 5f 49 4e 56 41 4c 49 44 5f 41 4c 54 3a 22 38 30 30 34 33 34 45 32 22 2c 50 50 5f 45 5f 50 52 45 56 49 4f 55 53 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 31 30 31 33 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 57 52 4f 4e 47 3a 22 38 30 30 34 35 35 30 35 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 46 41 54 41 4c 3a 22 38 30 30 34 35 35 33 37 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 55 4e 41 55 54 48 45 4e 54 49 43 41 54 45 44 3a 22 38 30 30 34 35 35 33 38 22 2c 50 50 5f 45 5f 48 49 50 5f 56 41 4c 49 44 41 54 49 4f 4e 5f 45 52 52 4f 52 5f 4f 54 48 45 52 3a 22 Data Ascii: SMS:"800434E1",PP_E_INLINELOGIN_INVALID_ALT:"800434E2",PP_E_PREVIOUS_PASSWORD:"80041013",PP_E_HIP_VALIDATION_WRONG:"80045505",PP_E_HIP_VALIDATION_ERROR_FATAL:"80045537",PP_E_HIP_VALIDATION_ERROR_UNAUTHENTICATED:"80045538",PP_E_HIP_VALIDATION_ERROR_OTHER:"
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 5b 5d 3b 69 66 28 65 29 66 6f 72 28 76 61 72 20 6f 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 6f 3c 69 3b 6f 2b 2b 29 72 2e 70 75 73 68 28 6e 2e 63 61 6c 6c 28 74 2c 65 5b 6f 5d 2c 6f 29 29 3b 72 65 74 75 72 6e 20 72 7d 2c 6a 62 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 72 3d 5b 5d 3b 69 66 28 65 29 66 6f 72 28 76 61 72 20 6f 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 6f 3c 69 3b 6f 2b 2b 29 6e 2e 63 61 6c 6c 28 74 2c 65 5b 6f 5d 2c 6f 29 26 26 72 2e 70 75 73 68 28 65 5b 6f 5d 29 3b 72 65 74 75 72 6e 20 72 7d 2c 4e 62 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 65 2e 70 75 73 68 2e 61 70 70 6c 79 28 65 2c 6e 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 74 3d 30 2c 72 3d Data Ascii: [];if(e)for(var o=0,i=e.length;o<i;o++)r.push(n.call(t,e[o],o));return r},jb:function(e,n,t){var r=[];if(e)for(var o=0,i=e.length;o<i;o++)n.call(t,e[o],o)&&r.push(e[o]);return r},Nb:function(e,n){if(n instanceof Array)e.push.apply(e,n);else for(var t=0,r=
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 72 65 74 75 72 6e 21 21 65 7d 2c 53 2e 5a 61 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 65 5b 54 5d 3d 3d 3d 50 5b 54 5d 7c 7c 65 5b 54 5d 3d 3d 3d 53 2e 6f 2e 66 6e 5b 54 5d 26 26 65 2e 4e 63 29 7d 2c 53 2e 62 28 22 6f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 74 61 29 2c 53 2e 62 28 22 69 73 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 4f 29 2c 53 2e 62 28 22 69 73 57 72 69 74 65 61 62 6c 65 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 5a 61 29 2c 53 2e 62 28 22 69 73 57 72 69 74 61 62 6c 65 4f 62 73 65 72 76 61 62 6c 65 22 2c 53 2e 5a 61 29 2c 53 2e 62 28 22 6f 62 73 65 72 76 61 62 6c 65 2e 66 6e 22 2c 50 29 2c 53 2e 4c 28 50 2c 22 70 65 65 6b 22 2c 50 2e 76 29 2c 53 2e 4c 28 50 Data Ascii: return!!e},S.Za=function(e){return"function"==typeof e&&(e[T]===P[T]\|\|e[T]===S.o.fn[T]&&e.Nc)},S.b("observable",S.ta),S.b("isObservable",S.O),S.b("isWriteableObservable",S.Za),S.b("isWritableObservable",S.Za),S.b("observable.fn",P),S.L(P,"peek",P.v),S.L(P
2024-04-24 17:38:52 UTC	4	IN	Data Raw: 75 6c 6c 2c Data Ascii: ull,
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 65 29 2e 62 69 6e 64 69 6e 67 43 6f 6e 74 65 78 74 46 6f 72 44 65 73 63 65 6e 64 61 6e 74 73 29 2c 74 26 26 21 62 5b 53 2e 61 2e 52 28 6e 29 5d 26 26 64 28 74 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 6e 2c 74 29 7b 76 61 72 20 6f 2c 69 3d 53 2e 61 2e 67 2e 55 62 28 65 2c 45 2c 7b 7d 29 2c 73 3d 69 2e 68 64 3b 69 66 28 21 6e 29 7b 69 66 28 73 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 59 6f 75 20 63 61 6e 6e 6f 74 20 61 70 70 6c 79 20 62 69 6e 64 69 6e 67 73 20 6d 75 6c 74 69 70 6c 65 20 74 69 6d 65 73 20 74 6f 20 74 68 65 20 73 61 6d 65 20 65 6c 65 6d 65 6e 74 2e 22 29 3b 69 2e 68 64 3d 21 30 7d 69 66 28 73 7c 7c 28 69 2e 63 6f 6e 74 65 78 74 3d 74 29 2c 69 2e 5a 62 7c 7c 28 69 2e 5a 62 3d 7b 7d 29 2c 6e 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d Data Ascii: e).bindingContextForDescendants),t&&!b[S.a.R(n)]&&d(t,n)}function p(e,n,t){var o,i=S.a.g.Ub(e,E,{}),s=i.hd;if(!n){if(s)throw Error("You cannot apply bindings multiple times to the same element.");i.hd=!0}if(s\|\|(i.context=t),i.Zb\|\|(i.Zb={}),n&&"function"!=
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 65 2c 22 63 68 61 6e 67 65 22 5d 29 2c 28 6c 7c 7c 53 2e 53 2e 59 61 28 29 29 26 26 53 2e 69 2e 6d 61 28 65 2c 53 2e 69 2e 48 29 2c 53 2e 61 2e 77 64 28 65 29 2c 75 26 26 32 30 3c 4d 61 74 68 2e 61 62 73 28 75 2d 65 2e 73 63 72 6f 6c 6c 54 6f 70 29 26 26 28 65 2e 73 63 72 6f 6c 6c 54 6f 70 3d 75 29 7d 7d 2c 53 2e 63 2e 6f 70 74 69 6f 6e 73 2e 24 62 3d 53 2e 61 2e 67 2e 5a 28 29 2c 53 2e 63 2e 73 65 6c 65 63 74 65 64 4f 70 74 69 6f 6e 73 3d 7b 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 76 61 72 20 72 3d 6e 28 29 2c 6f 3d 5b 5d 3b 53 2e 61 2e 44 28 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6f 70 74 69 6f 6e 22 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 73 65 6c Data Ascii: e,"change"]),(l\|\|S.S.Ya())&&S.i.ma(e,S.i.H),S.a.wd(e),u&&20<Math.abs(u-e.scrollTop)&&(e.scrollTop=u)}},S.c.options.$b=S.a.g.Z(),S.c.selectedOptions={init:function(e,n,t){function r(){var r=n(),o=[];S.a.D(e.getElementsByTagName("option"),(function(e){e.sel
2024-04-24 17:38:52 UTC	16383	IN	Data Raw: 3d 6f 2e 4b 65 79 43 6f 64 65 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 29 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 3f 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3a 65 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 21 31 7d 6e 2e 61 70 70 6c 79 45 78 74 65 6e 73 69 6f 6e 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 3d 31 2c 6f 3d 7b 7d 3b 65 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 6c 6f 61 64 65 72 73 2e 75 6e 73 68 69 66 74 28 7b 6c 6f 61 64 43 6f 6d 70 6f 6e 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 72 29 7b 65 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 64 65 66 61 75 6c 74 4c 6f 61 64 65 72 2e 6c 6f 61 64 43 6f 6d 70 6f 6e 65 6e 74 28 6e 2c 74 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 69 3b 74 2e 65 6e 61 62 6c 65 Data Ascii: =o.KeyCode;function f(e){e.preventDefault?e.preventDefault():e.returnValue=!1}n.applyExtensions=function(e){var n,t=1,o={};e.components.loaders.unshift({loadComponent:function(n,t,r){e.components.defaultLoader.loadComponent(n,t,(function(n){var i;t.enable

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:53 UTC	658	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:54 UTC	781	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:54 GMT Content-Type: text/css Content-Length: 20314 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT ETag: 0x8DC07082FBB8D2B x-ms-request-id: 10dd6375-401e-001a-32b3-955ba9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173854Z-168bb8d798bwc2l6wa2qw69esw000000010g000000003793 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:54 UTC	15603	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-24 17:38:54 UTC	4711	IN	Data Raw: e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 Data Ascii: a}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:53 UTC	635	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:54 UTC	798	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:54 GMT Content-Type: application/x-javascript Content-Length: 121259 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 05 Apr 2024 02:22:39 GMT ETag: 0x8DC55174443A770 x-ms-request-id: c8436b01-a01e-0040-45b4-95368f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173854Z-168bb8d798bwftzb2az14uh0u000000005xg000000010wed x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:54 UTC	15586	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd fb 7b e3 38 8e 00 f8 fb fd 15 8e 66 2e 63 77 14 97 e5 57 6c a5 d5 59 e7 55 95 ed 24 ce c4 49 77 ef a6 32 f9 64 89 76 d4 91 25 af 24 e7 31 8e f7 6f 3f 00 24 25 4a 96 53 55 b3 7b 77 df 7d d7 bb 53 b1 48 f0 05 82 20 00 82 e0 a7 9f b6 fe 8f ca 4f 95 dd ef ff af 32 ba 19 5c df 54 86 a7 95 9b 2f 67 d7 c7 95 2b f8 fa 8f ca e5 f0 e6 ec e8 e4 fb eb c1 46 f1 7f 37 8f 5e 5c 99 78 3e ab c0 df b1 1d 33 b7 12 06 95 30 aa 78 81 13 46 f3 30 b2 13 16 57 66 f0 6f e4 d9 7e 65 12 85 b3 4a f2 c8 2a f3 28 fc 93 39 49 5c f1 bd 38 81 42 63 e6 87 2f 95 2a 54 17 b9 95 2b 3b 4a de 2a 67 57 b5 3a d4 cf a0 36 6f ea 05 50 da 09 e7 6f f0 fb 31 a9 04 61 e2 39 ac 62 07 2e d5 e6 c3 47 10 b3 ca 22 70 59 54 79 79 f4 9c c7 ca 85 e7 44 61 1c 4e 92 4a c4 1c Data Ascii: {8f.cwWlYU$Iw2dv%$1o?$%JSU{w}SH O2\T/g+F7^\x>30xF0Wfo~eJ(9I\8Bc/T+;J*gW:6oPo1a9b.G"pYTyyDaNJ
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: 7c f6 d8 0b da 06 7d 73 c9 57 d2 6f 69 42 d9 ea f6 d6 79 26 ea 79 22 68 03 22 26 2e bd 7c c0 55 93 00 f2 d1 e9 78 95 dd 31 40 46 83 33 9d 90 a3 26 5a 0e 81 d6 64 7d 66 52 6d b5 fb 35 1d 3d d3 1f a3 30 c0 17 71 b7 42 55 f9 f0 2e ec 57 ba d7 02 1b c3 af 01 7f 7c 9e 1c d9 53 8a 8f df df 25 6d d5 cb ef cd 54 7f b4 46 58 77 8a 0d 30 ce 53 3a ac cd 3a 45 ef 88 f9 c3 17 24 9b 69 7f f9 ef bf 5c 30 94 99 50 96 7a 38 1f c1 37 8f 16 c6 5c 6b 29 c2 54 f1 37 82 21 67 ce 9f 21 e5 07 19 08 89 11 a4 84 fe 80 f9 69 f8 81 ec 59 03 51 a5 7c c1 34 0f 26 12 0b 4d 53 40 0b ce 8c b0 0b 97 61 82 41 f2 48 d7 a2 10 52 f4 f3 ea f7 63 d3 c0 bb ec 8f 18 69 03 1f d5 e5 f1 c8 a4 4d 41 86 0d c1 98 1b 59 e0 10 92 1a 2f 60 cf 1d f8 9e 1d 53 c8 ad d9 18 fd ea f9 63 0a f2 f9 dc d2 64 51 cb Data Ascii: \|}sWoiBy&y"h"&.\|Ux1@F3&Zd}fRm5=0qBU.W\|S%mTFXw0S::E$i\0Pz87\k)T7!g!iYQ\|4&MS@aAHRciMAY/`ScdQ
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: 0e 30 9d 95 1c aa 27 81 0a fa 22 a9 ef 10 39 b6 ea f7 ba 78 e9 27 a5 a8 2f e1 ca 4b 2c 52 1f ec 29 3c 5b de f0 97 57 5e 6e 9c 43 11 12 71 84 0f 64 ba 9d 44 a3 b6 a3 7e ed 32 57 8e bc 86 72 78 6c 78 7c 00 ae 7d 19 0b 14 ec 2a 1e 43 db 79 ae 84 f3 04 f1 be 52 15 0a 11 6a 93 49 57 e7 e8 f9 7c 6d 6d 0d 7d 9f 4b 24 07 55 43 90 ed 87 13 05 f4 a3 1a aa 7a 5c 41 66 88 cd 1d 95 51 93 d4 46 72 fa 21 7b 05 85 12 92 ec 52 5e 5e 07 8c 98 7c 46 c1 19 fc 93 5f 01 9a 43 41 8a a4 57 58 1d 95 fc 03 0b ee 00 e9 49 c9 13 b1 bc 27 14 76 02 f1 f0 0c 65 57 da fd 0e 20 3c 90 84 0a 0f 31 3b 7e ed 71 ab 80 e0 c0 5f ed 75 bd 98 d8 15 5d 12 e4 b6 a1 40 14 05 9d 49 fd 88 dd 85 79 19 0a 04 c8 91 c9 5c 93 6d 7d 51 d3 c9 40 cd 82 06 e5 f6 82 c2 de 58 2e e6 05 35 77 81 65 2e a4 c9 36 a3 Data Ascii: 0'"9x'/K,R)<[W^nCqdD~2Wrxlx\|}*CyRjIW\|mm}K$UCz\AfQFr!{R^^\|F_CAWXI'veW <1;~q_u]@Iy\m}Q@X.5we.6
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: 00 92 42 5e b0 27 00 c0 a8 8f 33 f3 b9 46 e5 48 8a df a7 d1 28 ce ef b7 59 7b 15 f6 31 1a dd 45 f7 99 83 c6 9a 78 28 01 07 61 0e f9 76 f8 a0 55 a6 da 2d bf 97 a6 48 8d c2 2f 3e 32 f0 83 d1 c1 76 8b ec 1a 29 c0 3c 2d 3c dd ac 13 ba 59 71 bf 62 8e 48 f2 df 41 14 4a 43 cc 51 5f b9 c3 b9 e9 87 39 ff da a3 23 46 3f 87 3d b6 f1 fc b1 c7 40 eb 38 d8 67 85 52 47 7a c7 75 b8 5c e6 55 b3 f0 0c e2 cb bb 97 b1 2c 63 20 cb 8e 88 18 88 fb 26 ef df 04 ad 72 0c ca 90 74 d8 63 44 08 79 1b ae 1c 8c 1a 9c 57 0c b8 a9 66 a1 bc f7 c0 1c d5 0c f5 fc e4 54 d4 d4 24 68 2b 0d 66 64 b1 b9 55 1d 61 2a 58 5a 6b 93 b1 f5 3a fe f6 a8 b5 13 73 36 c4 93 e4 81 fb 77 9e 7f 17 fc ce 1f 52 0e 72 17 3e fc 6e 03 71 11 9c 86 0f d2 fe ed ec 1c c3 8b 67 fd b0 35 f3 33 75 f8 e6 28 c3 92 84 26 0f Data Ascii: B^'3FH(Y{1Ex(avU-H/>2v)<-<YqbHAJCQ_9#F?=@8gRGzu\U,c &rtcDyWfT$h+fdUa*XZk:s6wRr>nqg53u(&
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: 48 bb 63 29 bd 5d 43 e8 c0 d7 f7 e7 c2 2e 82 24 5f f7 61 8d 51 98 1c 2a fb f1 37 aa 98 c3 d6 42 a7 e7 44 01 55 1e a3 96 a6 d9 72 39 54 0d 67 cc 16 11 72 61 47 6e a9 f7 2f 34 8e 75 83 41 62 fe 4c a1 1b b5 f1 de 35 ac 51 06 49 01 d4 ac 22 f3 46 4a 85 08 9c 04 61 b0 3e 60 c4 e9 e4 65 29 69 78 e3 d3 f0 cc 1d ac ad 85 92 c8 0f a6 81 82 84 d8 ec 8c ee 65 80 59 cc 95 d1 35 20 91 46 f4 f6 f7 79 1f 87 12 64 1c 3e 5c 89 c3 96 eb 5c 5d a7 0a b0 82 16 ca 06 16 0d 2a 65 5e 7e 91 ac 21 69 91 b8 6a 8c 1e b7 61 98 1d 2b e2 0f 03 41 b1 47 fd 35 11 ca b9 fa 19 7e 21 5e 82 f6 c4 c4 44 fb d0 79 ac fb ec 5d 07 17 cf 27 0f 0f 1b 1e 7d 6a ed 62 6d 63 a0 7b 98 bd 0c 26 6c f6 c0 8d 28 28 bc 99 08 b5 00 12 06 38 c7 d4 21 91 7a ed 1a 7c e0 dc 59 f7 b2 e7 1b 74 06 bd 0c c6 83 9c de Data Ascii: Hc)]C.$_aQ7BDUr9TgraGn/4uAbL5QI"FJa>`e)ixeY5 Fyd>\\]e^~!ija+AG5~!^Dy]'}jbmc{&l((8!z\|Yt
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: b5 17 51 e8 d8 49 1a c5 7e e0 d9 16 67 96 07 dd 24 06 a6 67 2e 3a 13 22 4e b9 73 cb 7d 82 d5 6e 0c ea d9 91 1f 4a 28 29 42 84 10 bd 29 34 59 91 49 cb 71 33 c8 8f cc 8f f8 7e 3a 4b 3c 1b aa 5e ec 0a 88 73 a8 c7 2e 70 1b 4c 50 30 61 b9 01 0b 63 77 3f eb 64 34 23 cb 0f 33 61 45 71 04 25 c5 b1 53 c9 5c 11 3b 99 6b 5b 8e c3 3d 58 06 fb e9 2c b1 21 16 dc 14 aa 44 c8 05 38 b8 25 18 83 25 e0 07 a4 b2 40 4f be dd 36 cb 6a 37 46 33 8a 63 d8 a3 2e 4c 98 48 78 31 73 1d c1 63 c9 a5 6b 65 41 40 42 72 3f f4 e4 25 16 68 34 62 69 e6 63 4d 2c 1f 82 c9 e1 2c f6 3c d2 9e 03 08 f6 fd 4c 9d d1 8c 52 1f e4 93 49 2f b2 c0 c6 dd d0 b2 bd c8 66 98 4d b0 58 61 59 ce 5e 38 b9 e3 27 8e 23 20 f3 32 32 0b 6d 2b 86 24 77 98 b0 3d 3b 82 7c 8f bc 30 0e f7 d2 8d d1 8c 62 e1 87 91 6d 05 ae Data Ascii: QI~g$g.:"Ns}nJ()B)4YIq3~:K<^s.pLP0acw?d4#3aEq%S\;k[=X,!D8%%@O6j7F3c.LHx1sckeA@Br?%h4bicM,,<LRI/fMXaY^8'# 22m+$w=;\|0bm
2024-04-24 17:38:54 UTC	16384	IN	Data Raw: ca 4b 76 9e e6 a7 97 6d 74 b9 be 6d 45 8d 1c 88 56 2b 7f 92 3d 82 69 c1 d7 75 71 f3 72 a3 b1 f4 1b c5 24 ff 7b ee 78 7d f7 9e 81 d1 d1 65 7b 5f d0 49 30 7d cf 88 93 51 2f 5f 18 93 bf 90 56 f9 bb 05 b3 dc 6e 51 41 0e bb 72 21 68 39 5f 3f 0f da 21 38 9a 99 f6 2b 2b a7 19 15 8d 6f cb 09 dc 66 f7 dc 46 1f dd 1f 3f bb b6 8e fa f9 fa 2f 54 6a e6 35 cb a8 b3 c4 17 df 7f 11 b2 7c bb 28 2e 4e ca e2 e9 af 92 5f 2e 56 bc 42 eb 9f 3f df 8e ce d8 bc a9 19 fd f5 0b f1 ff 2f 42 dd a6 f1 db d1 b5 01 fb 4b 53 f4 57 85 9f cd b2 d5 9d 27 1b db aa be ff 11 31 e2 e4 42 4a 91 5e 9e 5f ec 5d 9c b7 30 a7 34 dd 7c 85 f2 fc 0f 8f 77 7b 94 90 ff f1 5a ed 70 c8 e6 0f 60 c3 fe 06 91 3f 5f 85 99 f2 2a 9f ca f2 26 d2 6e 41 15 be 32 37 f9 6f e7 be dc a3 92 59 d2 d4 57 eb 5a ad 72 fb 24 Data Ascii: KvmtmEV+=iuqr${x}e{_I0}Q/_VnQAr!h9_?!8++ofF?/Tj5\|(.N_.VB?/BKSW'1BJ^_]04\|w{Zp`?_*&nA27oYWZr$
2024-04-24 17:38:54 UTC	7369	IN	Data Raw: fe e1 e0 88 7d 4b 51 0e 9b 95 b7 d0 3b 2d 42 59 54 73 07 dc 89 88 c3 c1 d3 14 f5 f1 f0 18 06 b4 7f bf c1 2d ae 97 78 e0 be 4f b4 b0 34 28 ed ba c4 41 83 fd 4b a2 cd fd 28 d8 9f 11 2d a5 ec 6b ff 86 68 3e e7 51 fb 1f a1 7e 95 71 ed bf 03 f4 57 b9 d6 fe 29 d4 bf a6 2b f1 d0 9d cf d1 74 b5 1f 6b 21 13 9e f2 27 d9 dd 53 84 fd b2 17 f5 07 18 c7 98 0f b9 c7 06 1b f7 fb 03 d8 00 e3 5e 16 6b 6e dc bf cb 67 3c 93 07 8f e3 04 ea d9 f9 0d 66 87 a0 f0 0c eb 60 81 4c 01 67 00 26 8c 4c 6b 4f 31 d3 d5 57 0e dd fe 8e ae a1 44 40 b3 2c 90 c1 7b fe 15 36 6a e4 3d fc e9 8b fc c7 ed 2d 19 70 64 bd 82 cd fa 7a f1 77 72 73 57 40 e6 c6 dc 83 82 43 45 81 42 b8 68 f0 db 7e fa 39 ca fc cb 1e ff 39 c0 1b 7c fd af be 9b 92 ce c7 c1 01 4c 03 17 2e f7 63 2a a4 20 bb 45 16 e4 25 5f 78 Data Ascii: }KQ;-BYTs-xO4(AK(-kh>Q~qW)+tk!'S^kng<f`Lg&LkO1WD@,{6j=-pdzwrsW@CEBh~99\|L.c* E%_x

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:53 UTC	654	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:54 UTC	797	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:54 GMT Content-Type: application/x-javascript Content-Length: 15776 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 02 Apr 2024 21:29:16 GMT ETag: 0x8DC535BF32A6F5D x-ms-request-id: 16eab48a-801e-0016-75f1-94afb0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173854Z-168bb8d798bknb96pk7637z8n400000000fg000000011ztm x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:54 UTC	15587	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
2024-04-24 17:38:54 UTC	189	IN	Data Raw: 68 eb c1 2f c7 3d 42 39 4a 78 bc 4f 4b 2b 91 9c 07 b0 2f 4c 81 26 9d 0f 74 e6 0c f3 4f bf 26 4a f4 f1 15 55 c5 13 28 b5 26 81 7f 1e b8 78 67 08 34 d4 bc ca ca 3e b2 2b a3 83 8b 34 3c 10 46 7e fc 84 4e 30 23 1e 2b 07 60 c6 88 fd 67 b5 d5 d6 01 65 7b c3 db cf 3b 7b 4f 61 6d dd 36 45 00 78 99 5d 5d 1f 7a 0f 82 51 64 da cf b9 f7 6e 44 41 58 da 92 af ec a3 26 bf a5 a5 85 7b 72 df 77 7f 67 97 56 43 9e 4d 69 cb 63 db ca 0e 74 8d e1 26 e3 dc 2f 57 77 8e d3 68 98 ea b4 fa 9c 4e bf bd 18 75 b9 51 f5 d3 a7 9f f7 1c ce 0c 5a 9a 4c 1a 7f 28 bf fe 7f 60 2d 23 9e fd d6 00 00 Data Ascii: h/=B9JxOK+/L&tO&JU(&xg4>+4<F~N0#+`ge{;{Oam6Ex]]zQdnDAX&{rwgVCMict&/WwhNuQZL(`-#

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:55 UTC	577	OUT	GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:55 UTC	818	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:55 GMT Content-Type: application/x-javascript Content-Length: 61052 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 25 May 2023 17:22:47 GMT ETag: 0x8DB5D44A8CEE4F4 x-ms-request-id: 49affbb3-001e-0076-31b3-95ed92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173855Z-168bb8d798b5k7zgx3sr8ma3ag000000025g00000000tden x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:38:55 UTC	15566	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc bd 69 77 db 46 b2 30 fc fd fe 0a 0a 27 57 03 8c da 34 29 2f 71 48 23 bc b2 44 db 4c b4 45 4b 9c 8c ac d1 81 c8 96 04 9b 04 18 00 94 ac 91 f8 df 9f aa ea 1d 04 28 29 c9 7d ef 7b 12 8b 40 a3 7a af ae ae ae ae c5 bf 89 93 51 7a d3 2c f8 98 4f 78 91 dd 9e dd f0 f3 69 34 fc fa 53 9e 26 d3 70 e9 d7 fb fb 93 d3 a0 39 9d e5 57 fe c9 c9 fa 29 3b 61 8c 5d cc 92 61 11 a7 89 cf 59 c1 92 e0 ce 9b e5 bc 91 17 59 3c 2c bc 6e d2 cc fc 22 60 49 73 e4 17 cc fb 35 1a cf f8 cf 50 81 c7 7c 9d 2d b8 cb 78 31 cb 92 46 d6 e4 f3 40 c3 f6 af 79 52 6c 47 05 4f 86 b7 35 e0 51 19 7c 9f 67 79 9c 63 16 5e 93 e5 dc ca 72 94 45 43 be cd af f9 b8 06 78 64 01 6f 4c a7 83 24 8f 2f af 8a 7c 33 cd aa 8b 8f 9d 16 bd 8b 72 5e 0b 6a 17 7d d6 ff 06 4d 1e f1 d1 20 Data Ascii: iwF0'W4)/qH#DLEK()}{@zQz,Oxi4S&p9W);a]aYY<,n"`Is5P\|-x1F@yRlGO5Q\|gyc^rECxdoL$/\|3r^j}M
2024-04-24 17:38:55 UTC	16384	IN	Data Raw: 50 d9 d3 c8 92 f2 c0 bf 2d 5f 47 89 51 d4 c5 e2 ee 4a 5e 8f 74 11 ba 78 22 35 03 45 5f ae b8 15 0a 6b 9f 0b 6f 06 46 14 14 a0 01 d4 75 81 77 09 f9 14 b6 80 d5 55 f7 1d da c5 86 b6 4e 3c e4 1f ba 37 9b b7 b5 c3 23 d4 c8 84 ec 45 b0 c9 37 15 f4 52 19 68 52 db 84 ba 3a 93 b3 c0 d0 32 cd 34 96 c5 e1 77 a8 86 82 5b a0 e4 0c 44 e8 9f fe b7 62 f3 e2 12 ef cd f4 45 86 1d 76 a9 ca dd 36 79 da 4e 84 b4 06 0b 02 f6 93 7c 32 6b 9e 1f 01 48 1d b9 b0 1d 0e 45 73 ff 0a 48 49 e1 df 50 90 3f 40 e9 4f 5c e1 0c 8a 9e 20 e1 3d f7 f7 d8 4d ad e8 59 f6 8d fc 90 12 fc 6f ee 36 ee 97 d9 84 b2 55 80 c3 3d dc ed cb 9b 20 58 b6 fb e2 12 a8 93 cc bb ce 09 d9 17 b7 1b 9e c3 3b 01 49 81 06 e2 8a cd c8 00 2b 23 63 ac 8c 91 a8 99 6f 92 81 56 7b 8e f7 8d b2 42 9c 4a 97 0c 0b bf 45 f5 d2 Data Ascii: P-_GQJ^tx"5E_koFuwUN<7#E7RhR:24w[DbEv6yN\|2kHEsHIP?@O\ =MYo6U= X;I+#coV{BJE
2024-04-24 17:38:55 UTC	16384	IN	Data Raw: 1d 33 33 40 42 0c db 7c 4f c0 28 e6 7a 08 96 01 95 5d ed bb d4 15 db ec c7 f1 16 6d 6f 68 90 c6 f2 9e eb 33 2a c7 18 89 31 56 eb 59 ec bb 71 89 7f aa 93 e3 73 84 51 29 6d 4a 14 bb 22 63 6f 55 2c 47 e7 05 5d 5b 13 bf a6 ac 26 93 2d 98 72 a5 b7 e5 5a dc 5a c8 41 d4 fd e4 3e 1d 71 da 8f 3c 15 aa a8 02 27 5f eb 0a 69 e7 9e 8a 73 ab 65 64 09 18 b0 07 f0 47 1a e5 af 1f a1 b3 aa 6f 4a be 45 d8 0b 7b 11 7c 72 79 14 0f bd 57 cd 6e 76 d1 ec b5 e1 b3 8d 9d 95 66 c2 ca 10 cd 0f a3 7c 90 c5 ac c9 5a ae fa 7f c2 e6 88 97 22 c9 e1 52 b2 22 5d 8a f0 0f 96 12 40 d3 a5 e8 7c be 94 98 1b 2d 25 d5 4c 26 46 3d 61 3a 5c 4a 00 f5 97 a2 e2 77 4b d1 f9 c9 52 72 ef 6a 29 b9 77 6c 21 fc db 40 f8 5d c6 fc 1b 37 be c9 6d fc 7a 4e 9b e8 e0 a1 68 5f 34 7d d6 b3 76 7a fe 9b e8 2e 1e 44 Data Ascii: 33@B\|O(z]moh3*1VYqsQ)mJ"coU,G][&-rZZA>q<'_isedGoJE{\|ryWnvf\|Z"R"]@\|-%L&F=a:\JwKRrj)wl!@]7mzNh_4}vz.D
2024-04-24 17:38:55 UTC	12718	IN	Data Raw: 6b 6b 9b ec 2f dd e2 10 e0 f3 4d ea f3 dd c5 16 fd bd 12 9b ed 3a 78 d7 71 cb 0f 05 12 73 65 5f 43 ee b5 a6 0a 6e 83 08 03 ba f6 3a d7 c1 f5 6c 76 ab 4e 60 47 68 19 58 60 f5 1f 5e bb c3 54 de 2e 80 82 4f c9 76 ef a4 d4 b5 72 0a ee 68 55 55 91 83 40 67 5f dc f5 4a 1c f6 94 3e 3d 7d 79 a0 3e 39 55 07 e7 28 38 b8 38 65 d6 f5 5b 91 70 12 1c 69 47 2b 47 a6 a3 95 0e 6d 81 13 58 fc 26 42 bf 8e 1d ad 38 fe 3e ed 53 99 91 95 ee 68 64 66 52 9b 89 03 08 8d 1b 82 51 74 a5 1c f1 3a ed 15 45 74 3b 29 5e 35 bb d6 fb fa 7a db 7a 27 1a 93 ee 23 3d 44 bf 15 6d ad 43 c0 d2 64 91 ac 81 29 f3 92 ec 05 5f 59 d7 da da 65 be a6 3f da b7 38 0a be 24 da e8 8d 01 b8 41 ae b4 0b ff d2 ba a5 24 85 d5 3e 9e 97 b0 f2 d1 73 cf a0 45 b4 57 a1 27 69 f7 9e 79 d0 2d 71 2f 29 4f 51 86 ce 20 Data Ascii: kk/M:xqse_Cn:lvN`GhX`^T.OvrhUU@g_J>=}y>9U(88e[piG+GmX&B8>ShdfRQt:Et;)^5zz'#=DmCd)_Ye?8$A$>sEW'iy-q/)OQ

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:56 UTC	649	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:56 UTC	738	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:56 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: 32c56aa9-701e-0069-4159-93d4af000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173856Z-168bb8d798bbqgrcawqpfu2sb800000005vg00000001g3cu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:56 UTC	15646	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-24 17:38:56 UTC	1528	IN	Data Raw: 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:56 UTC	618	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:56 UTC	818	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:56 GMT Content-Type: application/x-javascript Content-Length: 54318 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 21:22:21 GMT ETag: 0x8DC4F6D2782F92A x-ms-request-id: 2241fcc5-801e-0042-6e57-96608b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173856Z-168bb8d798bglsxr1zkq8xbzks0000000600000000011y4v x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:38:56 UTC	15566	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 85 67 46 06 4c 90 22 a9 8b 65 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc c9 03 81 a0 84 98 02 b8 b8 d8 d6 88 dc df 7e aa aa ef 40 83 92 af c9 66 3c bb b1 88 46 a3 2f d5 dd d5 75 af bd fb 3b ff d1 b9 df e9 dd fd 7f 9d 97 af 1e bd 78 d5 79 f6 43 e7 d5 ff 79 fa e2 bb ce 73 78 fa af ce cf cf 5e 3d 7d f2 fd dd db c1 4e f1 bf 57 97 49 d1 59 24 cb b8 03 7f cf c3 22 9e 77 b2 b4 93 e5 9d 24 8d b2 7c 95 e5 61 19 17 9d 2b f8 37 4f c2 65 67 91 67 57 9d f2 32 ee ac f2 ec b7 38 2a 8b ce 32 29 4a f8 e8 3c 5e 66 ef 3a 2e 34 97 cf 3b cf c3 bc bc ee 3c 7d ee f5 a1 fd 18 5a 4b 2e 92 14 be 8e b2 d5 35 fc be 2c 3b 69 56 26 51 dc 09 d3 39 b5 b6 84 87 b4 88 3b 55 3a 8f f3 ce bb cb 24 ba ec fc 94 44 79 56 64 Data Ascii: k{F0}gFL"eRvyOg~@f<F/u;xyCysx^=}NWIY$"w$\|a+7OeggW28*2)J<^f:.4;<}ZK.5,;iV&Q9;U:$DyVd
2024-04-24 17:38:56 UTC	16384	IN	Data Raw: 84 be 9c 55 3e dd ee f1 db af d2 5f 8f f5 77 de dc 88 1f e4 95 05 4d 84 8d fd f5 21 1e 6b 84 f3 ea a9 30 85 40 d4 f4 35 13 66 96 42 33 ac 63 90 d2 34 a8 34 5c 17 c8 31 ad 89 10 98 41 cf 1d ac 27 d3 16 eb 49 66 37 39 36 6a e6 1e 9a 39 8b 9a ac 07 55 9d 9e 95 6c 10 cf 4d f8 ce 9a 65 85 4c 97 13 1d d1 d7 ac 98 f1 db 2c 33 f6 66 8b a1 ac dd 18 96 b0 03 f7 a4 33 16 ef 33 ba d0 e1 7e 36 8c c6 5b 84 cd f4 a5 66 55 60 f1 38 11 17 bf cd 37 83 48 03 66 fb 1c 93 12 8c 3b 60 a0 2e 6c 0a d4 f8 10 d5 61 43 6f 9c 6b 0e 18 cc 3d ca 17 ea c4 8d 3e d6 c7 d7 4d 8a 7f bb 0f cc 76 33 7d ab 07 4c 5e 9f b5 dd 19 21 6f 75 02 c8 95 94 19 30 30 89 65 0d ea b3 da 42 ba ef 6f 27 dd ef 4a d5 a2 3f 0c 31 19 44 cc 6e 67 32 b8 e5 b4 b9 d7 1b c4 5b dd 06 d2 9c 52 b2 65 4a 07 8d 29 19 87 Data Ascii: U>_wM!k0@5fB3c44\1A'If796j9UlMeL,3f33~6[fU`87Hf;`.laCok=>Mv3}L^!ou00eBo'J?1Dng2[ReJ)
2024-04-24 17:38:57 UTC	16384	IN	Data Raw: 6d 1c 7e 0b 1d ee f4 05 45 5a 39 a3 01 4a aa 9d cc 68 1a 14 38 a8 b9 03 12 11 9b c5 ab 6d 58 97 46 d1 83 47 47 b4 f2 e8 b8 8e 72 f4 df 6f 92 0c db 87 b9 bc 0c 54 6e 6b 6c 47 1c 71 b0 25 2e 6c 37 a9 4a 69 c3 5e 6d cb fc a6 7c 51 dc bf ac 75 a5 00 11 76 ef 72 90 d7 94 63 f9 fa 1d 1f e5 ee aa bc ba 30 92 8c 6b 0b 5a a4 a5 25 83 97 92 df fb 94 d4 99 2b d8 52 77 37 16 f3 a9 42 71 73 fe d6 ab e8 e7 1b 86 ee 6f 31 5e d2 a5 67 85 28 07 32 44 cc 29 4d cc 57 d9 17 e5 eb f0 92 ca a5 a7 ed 84 34 ba 8e df 7b 05 9d bb c0 85 9c bf 63 f1 b9 a3 6f 7e 8d 16 9e 06 64 e9 95 78 65 83 2c bd 12 4f 75 69 d3 7a ef 95 2f 4e 9a d3 11 94 69 7f 3d 28 93 6b 24 67 fc c6 fe 7d 90 fd 7f 17 db eb ba 99 80 e2 76 7b 6b ad 6d 93 2f b7 b6 fd 02 3b 5b 6a 4b 83 a9 ad 6a 8d 63 71 4b 99 7f b9 d1 Data Ascii: m~EZ9Jh8mXFGGroTnklGq%.l7Ji^m\|Quvrc0kZ%+Rw7Bqso1^g(2D)MW4{co~dxe,Ouiz/Ni=(k$g}v{km/;[jKjcqK
2024-04-24 17:38:57 UTC	5984	IN	Data Raw: 16 35 5f 5e 03 de eb 7e 57 6f 5d 03 e4 bb fe bd 31 61 61 7d 92 1c fc c6 80 78 52 70 a9 01 29 54 61 64 80 49 1d 85 a8 6b 7a be 30 70 47 23 6c 9e 34 af 86 b3 e9 c1 69 f1 e0 2f 1b 1a 76 0b 7d 16 b1 94 b7 fd c0 87 37 f0 7a 67 87 2d d1 c8 d2 0a bf e0 2e a0 06 b1 fb 67 56 7f 71 45 67 3b 0e 93 65 cc 23 17 d8 a0 b4 94 ec b9 5a 3a 66 45 f2 2a ab 76 1a cd ce 97 26 fc f3 4b 5e db 0d d6 56 21 2f 68 68 18 50 5a 54 7a e7 a7 02 d7 79 4f db 0b e8 bd 80 a7 a5 92 2c 73 bd 3f bc 7f f9 2c bb 9a 65 29 d9 fa ab 49 d1 a0 4d d2 1a be fa 85 53 fa 44 0f f9 b3 22 2e c3 79 39 e9 f4 8f 7a e7 51 11 1f 1e 08 7d 53 2c 16 2b 4b 56 b3 6a cc df 50 b7 e1 7d 7c f1 e2 d3 8c 44 03 af 71 2e 54 93 44 da 4f 69 27 a2 25 1b d7 d3 f2 2d 12 36 b8 4e d2 71 76 bd 0d 47 ec b9 b2 bd cd cc 84 ae 68 90 37 Data Ascii: 5_^~Wo]1aa}xRp)TadIkz0pG#l4i/v}7zg-.gVqEg;e#Z:fE*v&K^V!/hhPZTzyO,s?,e)IMSD".y9zQ}S,+KVjP}\|Dq.TDOi'%-6NqvGh7

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:57 UTC	668	OUT	GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:57 UTC	740	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:57 GMT Content-Type: image/gif Content-Length: 2672 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:47 GMT ETag: 0x8DB5C3F48EC4154 x-ms-request-id: e6184bfb-801e-002a-7afc-957ab8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173857Z-168bb8d798bhmqqnyvwtxs9zf400000000v000000001khyu x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:57 UTC	2672	IN	Data Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21 Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL&!,0<[\K8jtrg!,3^;\UK]\%Vc!,7`lo[a*Rw~i!

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:58 UTC	662	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:58 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:58 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: ec209f06-201e-0074-2452-96bb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173858Z-168bb8d798bmxk7nra7sytwtr400000000g000000001p432 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:38:58 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:58 UTC	663	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:58 UTC	779	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:58 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: 0ee7be6a-c01e-002e-4864-93d6b0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173858Z-168bb8d798b8nl86frq151a460000000062g0000000023ev x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:58 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:38:58 UTC	423	OUT	GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:38:59 UTC	740	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:38:58 GMT Content-Type: image/gif Content-Length: 2672 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:47 GMT ETag: 0x8DB5C3F48EC4154 x-ms-request-id: e6184bfb-801e-002a-7afc-957ab8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173858Z-168bb8d798bj2crg3us8a5psdg00000003x000000000druq x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:38:59 UTC	2672	IN	Data Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21 Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL&!,0<[\K8jtrg!,3^;\UK]\%Vc!,7`lo[a*Rw~i!

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:00 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:01 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:01 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: ec209f06-201e-0074-2452-96bb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173901Z-168bb8d798bbqgrcawqpfu2sb8000000060g00000000x8ha x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:01 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:01 UTC	663	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:01 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:01 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: 4c04cd43-501e-006b-1603-9282ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173901Z-168bb8d798bwftzb2az14uh0u0000000060000000000mbc8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:39:01 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:04 UTC	418	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:04 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:04 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49ED96E0 x-ms-request-id: 4c04cd43-501e-006b-1603-9282ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173904Z-168bb8d798bglsxr1zkq8xbzks00000005z00000000164z3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:39:04 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:13 UTC	608	OUT	GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:13 UTC	801	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:13 GMT Content-Type: text/css Content-Length: 17755 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:07 GMT ETag: 0x8DC641C3FF75CE2 x-ms-request-id: 7af920f5-f01e-0050-3c6d-961588000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173913Z-168bb8d798b2894rcakkmhb4cn00000003y0000000004k1p x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:13 UTC	15583	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 69 73 db 46 d2 f0 77 ff 0a ac 5c ae 58 59 12 e1 2d 4a aa a4 d6 87 12 eb 59 1f 2a 4b d9 ec 56 de 94 0b 22 21 11 6b 10 60 01 a0 65 85 0f ff fb db 73 5f 3d 00 28 c9 89 9f aa 44 b1 44 ce f4 f4 5c 3d 3d 3d 33 7d 7c f7 ed df 82 17 f9 ea b6 48 ae 17 55 f0 f4 c5 7e f0 26 99 15 79 99 5f 55 90 5e ac f2 22 aa 92 3c 0b 83 67 69 1a 50 a0 32 28 e2 32 2e 3e c5 f3 30 f8 f6 bb ef be fd db a3 6e fb ff 82 f3 8b 67 ef 2f 82 77 3f 06 17 af 4e df bf 0c ce e0 db 7f 82 b7 ef 2e 4e 5f 9c 04 ad b1 3c 7a 74 b1 48 ca e0 2a 49 e3 00 fe 5e 46 65 3c 0f f2 2c c8 8b 20 c9 66 bc d5 71 19 2c e1 77 91 44 69 70 55 e4 cb a0 5a c4 c1 aa c8 ff 1b cf a0 0f 69 52 56 50 e8 32 4e f3 9b e0 29 a0 2b e6 c1 59 54 54 b7 c1 e9 d9 7e 18 5c 00 6c 0e dd 4d 32 28 3d 93 e3 Data Ascii: }isFw\XY-JYKV"!k`es_=(DD\===3}\|HU~&y_U^"<giP2(2.>0ng/w?N.N_<ztHI^Fe<, fq,wDipUZiRVP2N)+YTT~\lM2(=
2024-04-24 17:39:13 UTC	2172	IN	Data Raw: 4f 55 ca 9b 38 29 6e 73 56 f4 9f 8b 25 ec 53 f4 e3 c5 3a bb 26 a8 5f 47 3c ef 7d 14 7d 22 58 4f cb 8f 39 f0 de e0 2c af 58 7e b5 a0 7f 63 e0 31 37 d1 3c 26 2d 94 77 df c1 7f a2 57 71 c2 10 a8 c4 ff 59 c4 d9 b5 4a 8f d2 eb 75 16 fc 94 57 8b 64 46 7a 55 92 a9 ba 8e d3 3c 38 81 cd a4 8c 8c b2 af 12 d2 d3 5b 33 f1 6d 7c 13 5c 44 49 f0 7a 6d d6 7e b6 88 ae cb 33 13 96 c2 59 8d 4c 82 e7 11 f0 26 92 98 67 d7 c0 58 a3 4c a5 fc 2b 78 0e 29 e4 d3 6d 94 c1 3c 06 24 26 22 7c 7d 11 2d 61 fc a3 e0 0d 8c c0 9e 4e 35 4c f0 fb 7d d1 9d 65 fb 1d 2c bd ba d9 df 7c 25 b3 ff d7 8c df 7d c6 c9 cb 22 dd 12 dd b3 b3 be fe f5 ef 62 fd 87 03 e7 71 93 27 69 0f a0 23 4c a9 45 67 39 43 60 39 86 fe 58 78 40 71 d8 86 d9 e1 70 32 d4 6f 6a 69 ab 44 e2 5f 2c ee 2f 82 6f 45 f0 75 77 3d 3d Data Ascii: OU8)nsV%S:&_G<}}"XO9,X~c17<&-wWqYJuWdFzU<8[3m\|\DIzm~3YL&gXL+x)m<$&"\|}-aN5L}e,\|%}"bq'i#LEg9C`9Xx@qp2ojiD_,/oEuw==

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d705d07a3-2eea-4f3b-ab59-65ca29abeb26%26user%3d65e63eb1-1758-4031-ada6-0507ebc55fae%26ticket%3d5IrBN9Vj0IX0gWiHjpV3vCx4QF2OX6a3rZOiFx%25252fkEFs%25253d%26ver%3d2.0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:13 UTC	588	OUT	GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:13 UTC	807	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:13 GMT Content-Type: application/javascript Content-Length: 5564 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:31 GMT ETag: 0x8DC641C4E8B817F x-ms-request-id: aeafc348-201e-0105-1d6d-96ae6d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173913Z-168bb8d798bwftzb2az14uh0u000000005wg000000013cbf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:13 UTC	5564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cd 3c 6b 8f db 38 92 df fd 2b da c2 c2 90 10 c5 70 67 80 fb 60 b5 62 64 33 b3 97 e0 66 a6 f7 36 99 bd 3b 18 46 a0 b6 e9 b6 26 32 e9 a5 e8 ee 34 da fa ef 57 c5 87 44 52 92 fb e5 bb 64 06 88 5b 14 45 56 15 eb cd 22 d7 7b ba 14 39 a3 67 5f b2 d5 ea 97 1b 42 c5 af 79 29 08 25 3c 24 b1 88 69 74 4f 46 23 32 f6 5f ce da 4d 21 f6 9e 62 ef b3 9c 96 22 a3 4b c2 d6 67 1f 3e ff f6 eb 2f 05 d9 42 47 39 8e 10 d9 72 23 bf f3 1e c3 80 d1 e0 15 8e 51 ad 6b 98 ae 89 b8 e4 9f 88 f8 3b 67 bb f2 92 ea 81 4a 05 5a cc a3 fb 7c 0d df 5d fd 49 96 22 48 53 71 b7 c3 29 45 74 ff 65 cd f8 2f 30 f2 7f 90 3b 00 cb 8c 17 02 36 f0 22 bc c9 f8 59 99 4e e2 3c 25 63 02 43 96 49 79 91 8f 0b 42 af c5 26 29 5f bd 8a ee b1 07 4b f3 79 b9 48 f8 8c cd f9 62 4e 17 a9 Data Ascii: <k8+pg`bd3f6;F&24WDRd[EV"{9g_By)%<$itOF#2_M!b"Kg>/BG9r#Qk;gJZ\|]I"HSq)Ete/0;6"YN<%cCIyB&)_KyHbN

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:13 UTC	592	OUT	GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:14 UTC	815	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:13 GMT Content-Type: application/javascript Content-Length: 28582 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:31 GMT ETag: 0x8DC641C4E7B0928 x-ms-request-id: 955612c5-f01e-0038-216d-960fbb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173913Z-168bb8d798bmmxfd6g2ey15u1400000008dg00000001aux3 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:14 UTC	15569	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc bd 69 73 db 48 96 36 fa dd 11 fe 0f 20 5e 87 0c 94 52 90 54 d5 33 d3 0d 1a e6 95 25 d9 56 95 2c b9 25 b9 aa ab 69 b5 03 1b 17 13 5c 44 90 5a 2c f2 bf df f3 9c cc 04 12 20 e4 aa 9e 77 e6 c6 75 57 8b 40 22 f7 e5 e4 d9 cf ee 0f ad 9d 3f ff cf ba bc 3a b8 b8 b2 ce df 5a 57 ef 4f 2e 8e ac 8f f4 f6 bb 75 76 7e 75 72 78 6c fd e9 5a 9e 3f 7b fe ec 6a 30 cc ad de 30 4b 2d fa 8d c2 3c 4d ac e9 c4 9a ce ad e1 24 9e ce 67 d3 79 b8 48 73 6b 4c 7f e7 c3 30 b3 7a f3 e9 d8 5a 0c 52 6b 36 9f 7e 4d e3 45 6e 65 c3 7c 41 85 a2 34 9b de 59 0e 55 37 4f ac 8f e1 7c f1 60 9d 7c 74 3d eb 8a f2 4e e7 c3 fe 70 42 a5 e3 e9 ec 81 9e 07 0b 6b 32 5d 0c e3 d4 0a 27 09 d7 96 d1 cb 24 4f ad e5 24 49 e7 d6 dd 60 18 0f ac 0f c3 78 3e cd a7 bd 85 35 4f e3 74 Data Ascii: isH6 ^RT3%V,%i\DZ, wuW@"?:ZWO.uv~urxlZ?{j00K-<M$gyHskL0zZRk6~MEne\|A4YU7O\|`\|t=NpBk2]'$O$I`x>5Ot
2024-04-24 17:39:14 UTC	13013	IN	Data Raw: 3a c5 59 d4 c0 49 88 71 43 38 ba 65 69 4a ea 76 64 2b ca e6 a7 fa 0d ba b8 5c e4 b6 29 ef ad ce a4 2d a5 61 80 2b 6b 88 a6 f7 f0 64 c3 41 86 05 21 ca f3 30 19 4e 8b 14 46 27 56 ab 4c 73 eb 54 08 3f 39 d4 3a 75 43 f3 d8 e7 55 9a 09 3a ad ab 55 1f 56 67 ad 88 21 1a ca 25 84 16 0f 6f 96 29 8e 15 2b 32 38 95 e0 15 a5 1f 53 06 a5 69 45 01 04 ad 62 ab d8 50 da 19 d9 22 55 f0 b6 82 5b b2 16 ed c0 fb b5 58 81 96 ba 38 8c a9 0a 9e 3f 6b 3e b6 91 11 c5 59 a1 94 5a 63 99 6a c8 f3 3f 79 da 55 78 29 1c 9b cd 68 da 9d 3f 04 03 78 38 09 b5 eb 03 f6 22 a5 55 4f a5 a6 65 91 41 9b 7e 53 d7 78 60 d8 ca 1b 89 41 2c 8c 1a 69 f7 4a 1f ab 44 46 b2 ea c0 9f 1d 53 0c f0 43 17 28 ca 24 0d 90 c5 d6 df c0 0b 01 68 d1 ef ec 91 5e bf 30 af 5f 36 af 92 9e 68 bf ec a0 d2 71 69 dc 28 c6 Data Ascii: :YIqC8eiJvd+\)-a+kdA!0NF'VLsT?9:uCU:UVg!%o)+28SiEbP"U[X8?k>YZcj?yUx)h?x8"UOeA~Sx`A,iJDFSC($h^0_6hqi(

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:13 UTC	615	OUT	GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:14 UTC	807	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:13 GMT Content-Type: application/javascript Content-Length: 7203 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:36 GMT ETag: 0x8DC641C50FD100D x-ms-request-id: fc9e80ac-c01e-00cf-1d16-967be0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173913Z-168bb8d798b22pnzt0dbur5w6s00000001qg00000000knb1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:39:14 UTC	7203	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 5c cd 72 e3 48 72 be fb 29 b0 b4 23 d4 e3 e8 51 f3 ff a7 b7 a5 b5 44 49 14 5b 24 c5 11 29 f5 cf ee c6 44 11 2c 91 18 81 28 4e 01 10 87 dd 31 11 be f8 21 7c f6 c1 b1 07 df fc 06 fd 26 7e 12 67 16 40 22 13 12 a0 c1 c4 ee a5 9b 02 b2 aa b2 be fc fb b2 00 f2 0f f7 a1 67 07 8e f2 5e 7d f7 55 cb 85 e3 07 52 8f c4 4a fa 6b 61 cb 57 a5 7f e9 2a ef de 59 94 be 7b 1d 7f 3a f4 97 42 cb f9 24 d0 8e b7 f0 8f be 96 a4 d6 4a fb a5 b7 5f 4b 5a fe 1c 3a 70 af f4 b6 34 5d 3a be e5 78 f7 4a af 04 4e 6e c1 9f bb db 87 a5 d7 25 b9 12 8e 7b 93 c8 9f 78 96 b9 64 89 f9 5c 4b df a7 f2 20 be 5e 2a 4f 52 71 cb 5c b1 bc 70 35 93 3a 2d 2c 7c 7f a3 f4 9c cb c7 17 53 b2 8e f7 28 5c 67 7e 8e 6b 5f 18 65 41 fa dc 03 0c ac 60 29 d3 3a 79 e6 62 b4 29 cb 57 Data Ascii: \rHr)#QDI[$)D,(N1!\|&~g@"g^}URJkaWY{:B$J_KZ:p4]:xJNn%{xd\K ^ORq\p5:-,\|S(\g~k_eA`):yb)W

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:13 UTC	602	OUT	GET /lightweightsignuppackage_MwksSuxFBgQ4Y619ES0DZQ2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:14 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:13 GMT Content-Type: application/javascript Content-Length: 53469 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 10 Apr 2024 04:56:12 GMT ETag: 0x8DC591A8BBDE083 x-ms-request-id: c6d92504-601e-0039-195b-9624b9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173913Z-168bb8d798bv7ktxp4za6841ng000000011g0000000030kh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:39:14 UTC	15576	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 7d 79 7f db b6 b2 e8 ff fe 14 32 eb a3 92 15 a4 48 f2 92 44 0a ad eb 25 69 dc 6c 6e 9c 34 6d 5d 35 8f 16 29 89 35 45 aa 24 e5 a5 96 ee 67 7f 33 03 80 04 37 d9 c9 69 ef b9 ef f7 7b 3d 27 16 09 80 58 06 83 d9 30 18 8c 17 fe 28 76 03 bf f6 dc 1f 85 b7 f3 58 77 58 cc 7c 66 19 77 57 56 58 0b cc f3 61 3f ba 76 e3 d1 54 f7 5b 71 f0 3a b8 76 c2 23 2b 72 74 c3 b8 1b c1 af 36 9a 4e a2 3f 23 4b eb b9 63 dd 5f 78 9e 69 3a cb 25 7f 88 8d bb d0 89 17 a1 5f c3 f7 55 60 9e 5a a3 4b 6b e2 9c 1d 1c 5b b1 85 0d 19 fd 8b d0 b1 2e fb b2 a6 f9 b5 5d 56 91 55 51 d1 5b e7 fa c0 b7 df 79 f6 e9 b5 0d d5 59 99 ea 72 75 55 54 01 5f be f3 bd 5b dd c9 7e eb fa 0f f9 d6 f5 cb be 0d 83 60 ac 7e 5d af af 07 c7 eb 60 e2 fa 27 7e 4c 40 c1 ac 4d d3 19 38 bd Data Ascii: }y2HD%iln4m]5)5E$g37i{='X0(vXwX\|fwWVXa?vT[q:v#+rt6N?#Kc_xi:%_U`ZKk[.]VUQ[yYruUT_[~`~]`'~L@M8
2024-04-24 17:39:14 UTC	16384	IN	Data Raw: 0d 3a 6d b9 3c 4c b4 fd 33 77 79 e3 dd 12 7e 50 0e af 08 54 dc ce 76 7b 0f 15 dc 3b 8d d2 5e b8 8e 67 bf 17 d7 cc 03 dd e3 35 74 da 9d 27 40 f0 e8 e5 39 c6 be 15 26 b1 17 74 0d b1 52 6c 7b 37 53 ec 39 5a aa a3 34 bf fb e4 b1 b6 5a ab 0d 45 a4 07 a7 30 45 9d 77 2e 9f 41 7d 9e 0b 78 a2 06 2d 28 19 79 c2 59 12 96 a8 37 db 1c 92 a4 54 2b 70 24 2f 97 04 8a b8 3b 65 27 30 ec 5d fd bd 6a 58 56 ca ca a9 60 d2 e1 ad bf f9 e5 49 d9 60 b9 49 68 60 ad ef f2 63 37 b3 f9 22 46 c7 5a 10 e8 d2 40 72 28 13 19 b8 3f 70 4f 91 56 7a 13 e3 11 5e c4 48 47 8b be f8 ab 5c 24 5d 79 b2 53 8d 44 5b 03 34 99 a0 ff 35 c8 71 5c ec 05 f1 2f 9c 5c e8 6d 06 ff 33 30 d2 02 5a c1 bf 69 d3 7f ea 2b 3d c3 2a a6 d2 dd dd 5d 26 fe a5 df 8c e9 3f f5 95 7f 13 f2 6f b6 bb 8c fe 9f 7e d0 6d e3 ff Data Ascii: :m<L3wy~PTv{;^g5t'@9&tRl{7S9Z4ZE0Ew.A}x-(yY7T+p$/;e'0]jXV`I`Ih`c7"FZ@r(?pOVz^HG\$]ySD[45q\/\m30Zi+=*]&?o~m
2024-04-24 17:39:14 UTC	16384	IN	Data Raw: 5d 66 dd ba fe 78 f9 e1 83 93 84 49 67 f8 43 0c 42 5a ee e1 93 4d 17 fa 8d a0 0a a0 bf 1c c3 05 a6 7c c1 74 7c 16 5c 55 42 f1 46 67 dc 38 00 63 f3 8f 09 f4 37 19 fd a7 bb fe cb e5 2a 46 40 85 75 aa c3 09 35 0e 83 2f 04 f6 06 33 2f 74 6e 80 a3 ce c1 5e d6 b3 4e cf bf a6 28 ff 54 ac a9 e2 98 d8 99 a2 c5 85 3d ee 14 e6 b0 bd d6 1c 7e 19 c4 45 2e a8 d5 12 b8 d6 14 76 c5 c6 92 03 67 86 5e e5 dc be 26 f4 5b 9f 50 47 d1 10 fa 6f 36 bf 29 40 4b cc 99 71 5b cd 9e 64 15 63 da e9 12 57 ad ff 7d e1 be fa 7d f7 d5 af 97 56 79 6b bf 99 27 18 3f 3c 4e 3f fa e9 e4 d8 c3 b1 d7 9b 37 4e ba cd 00 55 5b 70 f0 83 e8 8c ec 59 30 2e fc be 0b 05 70 a8 a8 88 dd 6a 1d 2f 16 85 69 3f 68 a3 9f 09 9f 5c 38 0b 51 91 d0 66 55 64 2d 95 3a f9 b5 2c 4f 7a 78 a9 e3 87 23 ef c1 d9 ee d1 e7 Data Ascii: ]fxIgCBZM\|t\|\UBFg8c7*F@u5/3/tn^N(T=~E.vg^&[PGo6)@Kq[dcW}}Vyk'?<N?7NU[pY0.pj/i?h\8QfUd-:,Ozx#
2024-04-24 17:39:14 UTC	5125	IN	Data Raw: 7d 78 2e d3 86 6f ac 5a 35 35 81 2a ef a3 00 d3 d2 ef 28 e1 28 87 9c be ba 15 27 93 df 29 c6 df c4 93 c9 58 1b 8d 30 d4 8e 59 b9 ad a3 2f f8 32 d7 14 36 5e f8 af 36 0d 1c 0a 78 e1 43 d5 79 d5 29 3a b3 da a3 2a 8b 84 c5 c2 f8 88 f0 8c 87 7d 1f 24 d0 37 8a c3 44 f3 24 9a 3a 75 38 cc 44 2b b5 ac b6 01 26 77 ef ec 97 b9 55 33 ab 7b 71 09 b5 5f eb 3c 33 6d 57 f4 10 32 14 8b 16 c2 80 01 cd 49 e5 2c cd 0b 45 fc 40 c0 28 c1 6a de 64 a4 94 78 6b 5f 30 14 a0 ab 7a a5 8c 5b 7f 5c eb 85 e4 f5 b5 e1 77 4e d5 c4 6c 14 05 cb c5 a4 93 c8 ef 66 0f f9 39 87 8e cf ea 6f 66 5c 20 72 00 9c eb ee 78 94 a2 73 ce 74 73 15 81 7a dc f5 03 57 50 64 dd 93 fa 61 51 4a 0a 61 db 00 e7 7b 01 25 b0 9c 9c 2e 6c 03 81 a8 c6 99 fe 9d 01 a6 bb 1a 98 66 79 b0 ef 12 64 ca b3 67 80 8f db 97 5c Data Ascii: }x.oZ55((')X0Y/26^6xCy):}$7D$:u8D+&wU3{q_<3mW2I,E@(jdxk_0z[\wNlf9of\ rxstszWPdaQJa{%.lfydg\

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:14 UTC	626	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:14 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:14 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:22 GMT ETag: 0x8DC641C48DCCDDB x-ms-request-id: 90c2db80-401e-00bf-1d6d-9689e0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173914Z-168bb8d798bwftzb2az14uh0u000000005wg000000013ce3 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:14 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:15 UTC	613	OUT	GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:15 UTC	784	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:15 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:08 GMT ETag: 0x8DC641C407EEF8A x-ms-request-id: 64e9540a-b01e-00b8-286e-9658ee000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173915Z-168bb8d798b94t6v8q1baus7z800000000vg00000001b1gr x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 17:39:15 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:15 UTC	599	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:16 UTC	744	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:15 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Wed, 24 Apr 2024 05:06:20 GMT ETag: 0x8DC641C47F0BBC7 x-ms-request-id: dddad17d-601e-0101-626e-960265000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173915Z-168bb8d798bdckn765t6bhwrfn000000030000000000q3p5 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 17:39:16 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-24 17:39:16 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:15 UTC	592	OUT	GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:15 UTC	814	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:15 GMT Content-Type: application/javascript Content-Length: 3505 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:07 GMT ETag: 0x8DC641C401FED88 x-ms-request-id: fdad7262-001e-00ab-726d-9695ca000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173915Z-168bb8d798bmmxfd6g2ey15u1400000008hg000000006nbm x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 17:39:15 UTC	3505	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ad 59 5b 73 db 36 16 7e cf af a0 51 8f 4c 8e 60 46 49 db dd ae 18 44 e3 da 71 e2 dc 63 2b cd 83 e3 e9 d0 24 24 31 a6 49 96 04 2d 2b 92 fe fb 7e 07 e0 4d 96 d2 d9 9d dd 4e 1d 13 07 07 07 e7 7e 81 f7 26 65 12 a8 28 4d 6c 67 59 7f 5a d2 96 9d 95 a2 55 2e 55 99 63 a7 d7 93 6e a1 7c 25 85 88 7b 3d 5b ba 59 2e ef 9a 0f 37 91 f7 4a 48 fd cb e1 e6 b7 de a4 0f 8d 21 0c a2 c3 4f 84 00 31 fb a4 c1 de 37 80 fd 06 a3 be a8 e4 b2 3e aa c9 27 65 1c f3 c5 e1 21 30 d6 0d 93 3e 31 19 4d ec 2e 83 a5 b3 bc f3 73 2b 17 fb 5e 3e b2 f3 8a b9 9a 5a ee 0c 71 39 ae 95 cd 4d 20 db ef af 5b a2 13 28 65 ef af 5e 6f ef ba d7 5b f4 7a f7 cf e7 60 f0 5a cc a3 24 4c e7 6e 21 d5 38 ba 95 69 a9 ec 29 2f 1c a7 3d 77 47 cc 98 ab ed 44 ce ad 13 10 77 dc a9 c1 b7 Data Ascii: Y[s6~QL`FIDqc+$$1I-+~MN~&e(MlgYZU.Ucn\|%{=[Y.7JH!O17>'e!0>1M.s+^>Zq9M [(e^o[z`Z$Ln!8i)/=wGDw

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:15 UTC	553	OUT	GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:16 UTC	809	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:15 GMT Content-Type: application/javascript Content-Length: 105716 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:39 GMT ETag: 0x8DC641C53023112 x-ms-request-id: bf0dee1f-d01e-006e-0563-969684000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173915Z-168bb8d798bxw8g2q846ctnvy000000005w0000000018w03 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 17:39:16 UTC	15575	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc bd 69 73 db 48 b2 2e fc 7d 22 e6 3f 90 b8 0e 1d a0 59 a2 49 6d dd 06 5d c3 90 b5 d8 b2 ad c5 5a 6c 77 73 74 14 10 59 92 60 51 00 8d 45 8b 2d 9e df 7e f3 c9 2a 00 05 92 9e 99 7b ef 1b ef 4c 5b 44 ed 5b 56 56 66 56 66 d6 cb df 9a 7f ff 5b e3 b7 46 77 fb a4 f1 fe a4 71 b2 fd a1 b1 15 27 4a 34 56 db 2b ed 0d 4e da 8a 27 4f 49 78 7d 93 35 dc a1 d7 d8 0f 87 49 9c c6 57 59 23 88 46 8d 61 1c 65 49 78 99 67 71 92 b6 1b 9b e3 71 83 73 a6 8d 44 a5 2a b9 57 a3 36 57 e1 56 a5 f6 a2 4c 25 51 30 6e 1c 46 e3 27 0f a9 2f ff fe b7 fb 20 69 44 32 bb 09 53 a1 e4 55 1e 0d b3 30 8e dc c8 fb e9 e4 a9 6a a4 d4 c4 30 73 7a c8 75 24 9d 22 dd 11 b9 74 e2 cb 6f 8a d2 a8 98 93 47 23 75 15 46 6a e4 88 54 3a 93 24 ce e2 ec 69 a2 1c b1 23 9d 9b 20 3d 7c Data Ascii: isH.}"?YIm]ZlwstY`QE-~{L[D[VVfVf[Fwq'J4V+N'OIx}5IWY#FaeIxgqqsDW6WVL%Q0nF'/ iD2SU0j0szu$"toG#uFjT:$i# =\|
2024-04-24 17:39:16 UTC	16384	IN	Data Raw: 6f 74 3b dd 6a 14 4c 24 44 19 52 29 61 c5 a0 02 02 96 cd a1 6e 9f 71 48 b7 53 6d 45 7d dc 6c e5 b4 8d ef b6 b5 7b 31 33 70 43 70 50 ee 35 dd a3 7d 3a 3d 93 27 a7 3e d5 dd 0e e3 20 9c fb b4 9f 95 19 27 e2 69 61 60 21 a0 a9 07 46 65 99 df 11 47 61 78 b1 4d 6c 01 35 9a 87 e9 8d 1a 31 cb da e5 f8 b7 e0 15 c2 21 8e 07 e2 d4 11 b3 77 f4 79 8d 7a 98 d0 12 fa ab 26 e6 7e a3 88 59 e3 98 7d 1a c7 49 ce 7b d7 5f e7 18 f6 ae 75 90 df 5d aa c4 df e0 18 3a 94 08 b1 ea 97 cb 7f e7 98 93 70 52 54 f3 87 8e b8 cb ca 98 57 ba 29 56 ea c8 9e fc ae ee f6 59 12 fa 5d dd d3 dd ef a3 c8 ef ce f5 f1 23 ed ee 21 e5 5f 15 7a 42 55 62 16 a4 18 9a 09 fa f0 0c 00 aa 4c 4f 0d d1 15 63 9a 82 ad 38 cd b6 81 60 e8 54 a3 f1 13 3d 34 06 97 40 03 df bb bb 53 a3 10 ca 15 6b a0 24 73 f3 3a 6e Data Ascii: ot;jL$DR)anqHSmE}l{13pCpP5}:='> 'ia`!FeGaxMl51!wyz&~Y}I{_u]:pRTW)VY]#!_zBUbLOc8`T=4@Sk$s:n
2024-04-24 17:39:16 UTC	16384	IN	Data Raw: 9e fa 44 7a a7 84 db 12 0c 13 5b 6b 95 c7 3f 22 31 aa 47 51 e1 d5 c3 fc 06 6f a7 80 ed 11 3f d2 4e 94 70 67 3e 21 0f 1c 02 09 b1 70 14 e0 bb f8 98 f2 23 7a 39 bc 4b 06 7e a1 4c 98 0a 3f 53 b0 a3 85 79 a9 9f f2 a3 04 bc f3 e3 d9 4c 9d 83 bd 41 49 0b a3 d1 50 4a 48 1c 3a ae 63 b8 26 6b 9a 5e 5b 38 6e 58 e3 e1 97 9e 56 0e a3 4c f8 1b 99 5f fb 82 53 93 86 94 6e e4 83 b1 c6 fb 5c b0 ea 2f 9a d6 6c 11 ae 74 d1 2c 47 6e 04 fd ac da d3 03 8c ba 28 03 72 a8 30 98 74 1f 3d 8c 36 fd cd 27 8f 1f 3c 7c fc 98 a0 a0 4e d8 88 1e 01 d0 a9 11 03 bb 12 a9 96 01 9e 05 b0 ce 10 4b 39 ec ea bb 2d da a8 3f ab d1 52 e7 04 b2 e6 9e f6 bd c6 66 1b c1 39 47 ac 41 b7 d0 4f aa 8c 26 08 d0 0d 75 f3 5b c1 40 3e 70 1d 0c 2d 60 1c 6e 99 e3 d5 b8 fe fb cf b0 32 05 01 dd 3f 13 98 de 35 e8 Data Ascii: Dz[k?"1GQo?Npg>!p#z9K~L?SyLAIPJH:c&k^[8nXVL_Sn\/lt,Gn(r0t=6'<\|NK9-?Rf9GAO&u[@>p-`n2?5
2024-04-24 17:39:16 UTC	16384	IN	Data Raw: 98 fe 3d a1 7f 21 fd 3b 85 c9 2e fd 63 5d 26 fa 77 e6 c0 0e 61 ac c0 a3 8d b7 1e 74 e2 46 c3 23 bc 82 ae fd 87 d8 ef 60 03 7b 7d ba 21 a3 3f fe 78 b0 d6 7e a8 1f 1f 57 8f ed 0d eb f9 51 f5 bc d1 b2 9e ad aa 1b 5c b7 63 2e d4 c7 0d 77 73 8d bf 32 6d 95 8c 98 a4 b7 67 66 5b 1e 9f a8 07 34 8d 0f 1c fd da de 54 9b 5e 23 33 6f 8f f0 a6 9f 9f 60 4d 18 8e 65 21 d1 9b ff f0 9f a3 c2 25 a5 2c 09 58 1a ce 1d 4d 4d cb 89 0c 22 12 d7 9c d0 dd 00 04 bd ff 57 ef cf 61 b8 7e d6 27 c4 cf d6 28 09 2d a4 91 1b dc dc 50 99 2d 39 9f 2c 94 a0 31 85 a1 8c 23 0f 19 4b 1d 8b df 2a 4b b0 3d b2 6b e5 a1 46 a2 e0 79 08 0c 10 88 41 ed dd 76 16 ba 75 6c 46 e9 d8 3d e2 8d 9d 30 c6 e7 44 08 76 42 8d db a4 41 d8 bb 83 68 12 1a e6 ae 16 4f de 44 e0 22 bd 84 12 bd 16 54 52 0a c4 62 2e d2 Data Ascii: =!;.c]&watF#`{}!?x~WQ\c.ws2mgf[4T^#3o`Me!%,XMM"Wa~'(-P-9,1#K*K=kFyAvulF=0DvBAhOD"TRb.
2024-04-24 17:39:16 UTC	16384	IN	Data Raw: 2d f6 9e 3a 4d 29 c0 6f f0 92 c6 01 a5 b2 5d 7c f8 33 25 f8 4c 07 00 cf 26 39 03 da 93 13 b6 a3 ee a8 77 0b 0b 6d 26 f9 87 dd 5f 9a e6 33 50 7d f8 c4 2b f6 13 d0 26 0e 2b 20 21 13 24 8a 32 ac db 1b ea e4 b1 a5 5c 63 85 25 62 25 3f a2 a6 cc 6c 63 c8 d3 ff 7b 41 b1 a5 1a 46 df 60 98 a2 d7 46 62 93 f2 3d 09 28 f1 7f f3 b6 96 b1 e4 3f ce 10 f8 56 0e eb 39 d2 68 97 1d 8d a3 25 87 d7 bd d1 62 a9 45 c0 1c 35 64 85 35 4c f1 45 61 3d 28 96 28 c5 83 0a 01 16 79 67 ed 33 06 9c 6a d6 f5 50 05 48 53 0d d8 d8 0b 53 ee 02 12 db b3 ba fe 67 52 3f a5 78 34 c1 de 27 5f 13 3e d3 b1 d4 f5 51 f5 d8 23 33 b0 89 4f db 78 91 55 65 b3 d8 01 a2 f3 fa 9b 38 35 d6 ea d3 cd b2 48 99 22 72 08 30 8e f7 35 e8 79 15 8d e8 33 8f f5 e4 69 67 02 dd ea f8 3f 53 d9 9d c1 0e 7b 96 4a 5b 07 81 Data Ascii: -:M)o]\|3%L&9wm&_3P}+&+ !$2\c%b%?lc{AF`Fb=(?V9h%bE5d5LEa=((yg3jPHSSgR?x4'_>Q#3OxUe85H"r05y3ig?S{J[
2024-04-24 17:39:16 UTC	16384	IN	Data Raw: d8 62 4b c7 16 d5 0a bb e6 7b b7 fc 1a 76 a5 f6 d5 ba 5a 55 c7 aa 0b 02 f8 6e 47 29 6b f3 f3 6b 85 d0 9d bc af 7f 49 5d b9 32 5a 86 10 3f 40 c0 d0 e3 b7 dc 2d ba 07 8c 35 87 69 33 88 83 3b 1e 75 d7 e4 51 d7 2e 6d f1 a3 ee a9 b8 5d af a8 e9 b2 7b aa 7c 2b ab d8 64 f5 8c a2 30 51 fe 81 a9 b4 af 96 99 59 08 9b 5d cf 70 6b 33 09 45 e2 56 9b e7 aa 79 94 85 5c ae 63 7c d6 b2 c1 78 4a d0 4f 9c 31 bb ce b1 6c c3 0e 6b 7c 15 11 4e 63 09 ba e5 b9 9c f5 4e 96 41 9a cd 81 50 d2 07 66 2b 19 a0 c9 b9 88 3d 6a 98 bb 60 c5 be 79 e1 9c c4 b2 de 6a 3d 68 3a 2b 62 c8 3e a6 96 30 2d 96 35 56 ab 54 83 c6 f9 06 1d 64 4d 85 87 c7 d1 c3 01 3b 49 b0 6c b1 56 1e 53 65 34 6f 87 ca 56 a7 79 ab 8b e4 e2 4c a7 e8 2e 5c b9 94 9f e1 39 63 9d c4 b2 e6 77 bb c3 3d 76 e6 71 68 19 16 fc 40 Data Ascii: bK{vZUnG)kkI]2Z?@-5i3;uQ.m]{\|+d0QY]pk3EVy\c\|xJO1lk\|NcNAPf+=j`yj=h:+b>0-5VTdM;IlVSe4oVyL.\9cw=vqh@
2024-04-24 17:39:16 UTC	8221	IN	Data Raw: c7 b9 28 72 57 3f c7 80 ea b2 a2 7f 77 29 d3 a4 75 f7 72 65 cb 0e b4 a6 64 07 3c d5 2a 75 a5 6f 6f 41 f7 c3 60 17 93 75 ba 2b 78 70 b7 8a 94 48 fc 0d a4 a6 3d 3d 28 c8 1c c0 6c cb 59 44 00 a1 3a 30 a1 26 f8 98 a3 9f a5 1a c7 a1 6e 37 47 bb d6 d5 e8 93 7d 09 7c c0 92 6b 10 7c cf 72 96 c4 04 4b 69 51 d6 f4 6f ba 84 15 ec 77 11 be 5c 3d 65 42 f6 1d ae 67 a7 41 b6 3b c1 05 24 a5 08 84 11 08 31 40 70 31 4c 6d 4d 9a 1c 22 ea 01 3b b9 33 c2 3b c0 de 6c 5d 10 fe b4 e4 6d 33 e4 07 94 b0 53 9f 7f 76 33 1c 8b 9a 40 dc 3b 06 37 0a 97 fd d2 89 0d 58 55 67 48 2e c4 78 53 17 3a d3 04 dc f5 45 89 00 8f f6 5d df a6 4b d7 f5 51 1c 7e cb a7 2e 1c 20 cf 8a 4b 34 f5 23 94 46 c5 c2 a3 bc bb 26 4c 9d 0b 8c 77 f7 ab 62 09 62 36 39 6e 22 85 b1 4a 13 4a 6a b4 d8 41 7a 92 79 36 ea Data Ascii: (rW?w)ured<*uooA`u+xpH==(lYD:0&n7G}\|k\|rKiQow\=eBgA;$1@p1LmM";3;l]m3Sv3@;7XUgH.xS:E]KQ~. K4#F&Lwbb69n"JJjAzy6

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:39:15 UTC	626	OUT	GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:39:16 UTC	777	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 17:39:16 GMT Content-Type: image/svg+xml Content-Length: 179 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Wed, 24 Apr 2024 05:06:20 GMT ETag: 0x8DC641C47C322CE x-ms-request-id: 3392ca3b-101e-010e-726e-968b7a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T173916Z-168bb8d798bglsxr1zkq8xbzks00000005wg00000001g4ub x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 17:39:16 UTC	179	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8e 3b 0e 83 30 10 44 af 62 6d 8d 3f 7c 02 26 b2 29 52 27 17 48 87 82 83 2d 39 80 f0 0a 73 fc e0 50 47 5a 8d 76 f4 5e 31 2a 6c 23 d9 3f 7e 0a 1a 2c e2 72 e5 3c c6 c8 62 c9 e6 75 e4 85 10 82 1f 06 90 e8 06 b4 1a ca 1a 88 35 6e b4 78 fe 9b 33 f1 36 ef 1a 04 11 a4 ac 8f 83 4e a1 43 6f ba 3e 04 83 41 f1 b3 a9 a5 47 4b 06 0d 8f 5c 66 45 c1 2a 59 79 2a a9 cc 58 5b b7 f4 08 79 4f 40 b0 4b d5 f8 86 89 32 a7 bf 4c 38 d1 c3 94 4f e0 9d 5a cd 0b ff ad 79 3b ef 35 4c f3 64 92 99 86 77 5f c6 19 f7 fb e0 00 00 00 Data Ascii: u;0Dbm?\|&)R'H-9sPGZv^1l#?~,r<bu5nx36NCo>AGK\fEYy*X[yO@K2L8OZy;5Ldw_