Edit tour

Windows Analysis Report
https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f

Overview

General Information

Sample URL:	https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f
Analysis ID:	1355287
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6660 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,2778689426244649836,16934547055681853078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1988 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true	HTTP Parser: Title: Redirecting does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true	HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/silentsigninhandler	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638375379656158659.YzI2YWFmOWMtZjdmYS00MzJiLWI4N2YtYWY2YWIyYzVkYjQ1MTVkZWRkY2EtMjFiOS00YTk1LWFiNjgtNTI4MWIwYzdlNzBh&prompt=none&nopa=2&state=CfDJ8F8PsHU2gDRJgFWCeQukOeyafjO0RPXJXfXFTc_ScbLQKlHgRO-mim4zzmY0H6zIN0auMmFB8WAusUgSAnlV8bzYd20pwJXLuRo0kTzXPqRPbmiCZpUw1q4ekJ_IwInIl9246st1Primrr2dirEWtcp0thVpxML38UvjEvRohQonh2l-gZgvBz8Ah-bYjbYihi80FymkyWeTlMcAca7_BgmOblsDP_JPQKG453iSPVXhqNvNNCK_AAvsesxoeybIDs-4svFtFChI7Ly1UOnmIFxM_lMKeyBDv4v_ceMTEWmguZWjtIwFDoYZXbMwqWWGE2DhJYUuXKROE21JPSg2l7xUYanrNqbJgjOB3Jf6uRns&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49780 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.9:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.9:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.9:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.9:49850 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49780 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ak_bmsc=4F179208ADD5CC1EFA95CA23F6B49E1E~000000000000000000000000000000~YAAQKNXdFwoknjWMAQAAc/+YQxb0N+YMmxpMj+9ov60HlsniAL0scDwzooW8ue/Etw3tOOMUr4AaSP6Y93MaREQ7hE/BPDnsAMgWDNwbszQh2r7tUOMQntQlY7uhzdTd6e/fDUdKLTd6zXF9skEyvTkCLNydm8TofDTkDAP/NLqGcrRpj5cs7vKBuVX+QBrnvXoABgWA4e3K6FhHHHPDV4Gp0UHWvhGSWyENBPEdc0NSTRqtExIGJyK7ClcVM0ThgBQm8SOVQWtscqv7VsyNVVgAOzIm2Sb/q7I0zarPLhert6qOQhNqvbZZOAOaWbb4t+8HRc/ynt+65UtcSz7Bz5XA5pQhAupko4+JeFTnrSofk2xXX+HpHYKN4OBsW50X; bm_sv=461A1E77CE52C8D2E4862F96B27B3B79~YAAQKNXdFwwknjWMAQAAUACZQxb2srwvgpToMqIaWYCFFJ6FyUVw8eHacJOKiK0zZ4wFEEDu4lPlNHlaWEE4g9d5c7bAafxJfk3iGFifSgvpQ8Khgyw0RF6ses2VP32Bj/Ibsk9xXuYCdCZOYGVXTwo5U6iTsI1szbdzNixlFA+MTYASCIRHjQ1M5x0A24WhJ4TcUJCjVSpicBgucuj7IBziMzQY4+fWLGW1KNicWzn3TE2UBdUeKn3IzgM1pf/PacYM~1
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TYWc9HTnbSHGk9t&MD=bv2pV4Xu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_uqLnN-jyaq_fseZL-ya5xg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_hVLAIdSbCVjC_yz4lFx6vg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.23271.5/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000/content/js/MeControl_MhktgtiMAnSkSgiYU2_TkQ2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TYWc9HTnbSHGk9t&MD=bv2pV4Xu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000004287BD53E7 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br

Source: chromecache_141.2.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/Microsoft","https://twitter.com/microsoft","https://www.linkedin.com/company/microsoft"] equals www.facebook.com (Facebook)
Source: chromecache_141.2.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/Microsoft","https://twitter.com/microsoft","https://www.linkedin.com/company/microsoft"] equals www.linkedin.com (Linkedin)
Source: chromecache_141.2.dr	String found in binary or memory: "sameAs":["https://www.facebook.com/Microsoft","https://twitter.com/microsoft","https://www.linkedin.com/company/microsoft"] equals www.twitter.com (Twitter)
Source: chromecache_141.2.dr	String found in binary or memory: <a class="d-inline-block" href="https://www.facebook.com/Microsoft" target="_blank" aria-label="Follow Microsoft on Facebook, opens in a new tab" data-bi-ecn="Facebook" data-bi-bhvr="126" data-bi-cn="Facebook" data-bi-socchn="Facebook" data-bi-ct="Social Button" data-bi-pa="body" data-bi-compnm="Social Follow - horizontal"> equals www.facebook.com (Facebook)
Source: chromecache_141.2.dr	String found in binary or memory: <a class="d-inline-block" href="https://www.linkedin.com/company/microsoft" target="_blank" aria-label="Follow Microsoft on Linkedin, opens in a new tab" data-bi-ecn="LinkedIn" data-bi-bhvr="126" data-bi-cn="LinkedIn" data-bi-socchn="LinkedIn" data-bi-ct="Social Button" data-bi-pa="body" data-bi-compnm="Social Follow - horizontal"> equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=k9tT3q7Yfh1nx_FSl06F5UE_vdaFQreiGKe1aDN83MeveD7PL1RZXva4s-nFc9waQi9LtKavuTIba8MUkoGu58E8E81gwB_TWJ4Ng-LfCvzhem7rNrhZQ2aGvJZ9g2TYhqx2W2O4E7uHQzPk3vuLvMLxFXZsqE6NdAViQDECGpo

Source: chromecache_192.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_190.2.dr	String found in binary or memory: http://github.com/aFarkas/lazysizes
Source: chromecache_197.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_190.2.dr	String found in binary or memory: http://github.com/requirejs/domReady
Source: chromecache_190.2.dr	String found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: chromecache_185.2.dr, chromecache_167.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_141.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_181.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_192.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_185.2.dr, chromecache_167.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_141.2.dr	String found in binary or memory: https://accdn.lpsnmedia.net
Source: chromecache_141.2.dr	String found in binary or memory: https://aka.ms/MicrosoftEdgeDownload"
Source: chromecache_141.2.dr	String found in binary or memory: https://aka.ms/hourofcode?icid=mscom_marcom_SAM1a_MinecraftHourofCode
Source: chromecache_141.2.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_141.2.dr	String found in binary or memory: https://analytics.tiktok.com
Source: chromecache_190.2.dr	String found in binary or memory: https://assets.onestore.ms
Source: chromecache_141.2.dr	String found in binary or memory: https://cdnssl.clicktale.net
Source: chromecache_141.2.dr	String found in binary or memory: https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
Source: chromecache_141.2.dr	String found in binary or memory: https://d.impactradius-event.com
Source: chromecache_185.2.dr, chromecache_167.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_141.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: chromecache_141.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_141.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax"
Source: chromecache_228.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_228.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_228.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_141.2.dr	String found in binary or memory: https://js.monitor.azure.com
Source: chromecache_141.2.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: chromecache_139.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_139.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_141.2.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net
Source: chromecache_141.2.dr	String found in binary or memory: https://lptag.liveperson.net
Source: chromecache_141.2.dr	String found in binary or memory: https://mem.gfx.ms
Source: chromecache_190.2.dr	String found in binary or memory: https://microsoftwindows.112.2o7.net
Source: chromecache_141.2.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_141.2.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_141.2.dr	String found in binary or memory: https://publisher.liveperson.net
Source: chromecache_187.2.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: chromecache_141.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_228.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://twitter.com/microsoft
Source: chromecache_190.2.dr	String found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: chromecache_141.2.dr	String found in binary or memory: https://www.clarity.ms
Source: chromecache_141.2.dr	String found in binary or memory: https://www.linkedin.com/company/microsoft
Source: chromecache_141.2.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.xbox.com/
Source: chromecache_141.2.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/pc-game-pass/cfq7ttc0kgq8?icid=CNavAllPCGamePass
Source: chromecache_141.2.dr	String found in binary or memory: https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.9:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.9:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.9:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.9:49850 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6660_2031482432

Jump to behavior

Source: classification engine

Classification label: clean3.win@20/112@56/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,2778689426244649836,16934547055681853078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,2778689426244649836,16934547055681853078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://analytics.tiktok.com	0%	URL Reputation	safe
https://js.foundation/	0%	URL Reputation	safe
https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE	0%	Avira URL Cloud	safe
https://www.clarity.ms	0%	Avira URL Cloud	safe
https://mem.gfx.ms	0%	Avira URL Cloud	safe
https://d.impactradius-event.com	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meCore.min.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_uqLnN-jyaq_fseZL-ya5xg2.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_hVLAIdSbCVjC_yz4lFx6vg2.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js	0%	Avira URL Cloud	safe
https://assets.onestore.ms	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
lpcdn.lpsnmedia.net	34.120.154.120	true	false	high
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
accounts.google.com	192.178.50.77	true	false	high
microsoftwindows.112.2o7.net	63.140.38.139	true	false	high
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	unknown
www.google.com	192.178.50.36	true	false	high
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	unknown
d.impactradius-event.com	35.186.249.72	true	false	unknown
liveperson.map.fastly.net	151.101.193.192	true	false	unknown
clients.l.google.com	192.178.50.78	true	false	high
d1xbuscas8tetl.cloudfront.net	18.64.174.116	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
clients1.google.com	unknown	unknown	false	high
accdn.lpsnmedia.net	unknown	unknown	false	high
www.clarity.ms	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
assets.onestore.ms	unknown	unknown	false	unknown
mem.gfx.ms	unknown	unknown	false	unknown
c.s-microsoft.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
support.content.office.net	unknown	unknown	false	high
publisher.liveperson.net	unknown	unknown	false	high
analytics.tiktok.com	unknown	unknown	false	unknown
login.microsoftonline.com	unknown	unknown	false	high
amp.azure.net	unknown	unknown	false	high
cdnssl.clicktale.net	unknown	unknown	false	high
lptag.liveperson.net	unknown	unknown	false	high
acctcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_hVLAIdSbCVjC_yz4lFx6vg2.js	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false	Avira URL Cloud: safe	unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js	false		high
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_uqLnN-jyaq_fseZL-ya5xg2.js	false	Avira URL Cloud: safe	unknown
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000004287BD53E7	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meCore.min.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/MicrosoftEdgeDownload"	chromecache_141.2.dr	false		high
https://outlook.live.com/owa/	chromecache_141.2.dr	false		high
https://www.xbox.com/en-us/games/store/xbox-game-pass-ultimate/cfq7ttc0khs0?icid=CNavAllXboxGamePass	chromecache_141.2.dr	false		high
https://js.monitor.azure.com	chromecache_141.2.dr	false		high
https://twitter.com/microsoft	chromecache_141.2.dr	false		high
https://www.xbox.com/en-us/games/store/pc-game-pass/cfq7ttc0kgq8?icid=CNavAllPCGamePass	chromecache_141.2.dr	false		high
https://aka.ms/hourofcode?icid=mscom_marcom_SAM1a_MinecraftHourofCode	chromecache_141.2.dr	false		high
https://assets.onestore.ms	chromecache_190.2.dr	false	Avira URL Cloud: safe	unknown
https://login.windows-ppe.net	chromecache_139.2.dr	false		high
https://lptag.liveperson.net	chromecache_141.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php	chromecache_192.2.dr	false		high
https://analytics.tiktok.com	chromecache_141.2.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com	chromecache_139.2.dr	false		high
https://www.clarity.ms	chromecache_141.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js	chromecache_141.2.dr	false		high
https://cdnssl.clicktale.net	chromecache_141.2.dr	false		high
https://publisher.liveperson.net	chromecache_141.2.dr	false		high
http://github.com/requirejs/almond/LICENSE	chromecache_197.2.dr	false		high
https://d.impactradius-event.com	chromecache_141.2.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	chromecache_181.2.dr	false		high
https://microsoftwindows.112.2o7.net	chromecache_190.2.dr	false		high
https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE	chromecache_187.2.dr	false	Avira URL Cloud: safe	unknown
http://github.com/requirejs/requirejs/LICENSE	chromecache_190.2.dr	false		high
https://lpcdn.lpsnmedia.net	chromecache_141.2.dr	false		high
https://www.skype.com/en/	chromecache_141.2.dr	false		high
https://www.linkedin.com/company/microsoft	chromecache_141.2.dr	false		high
http://knockoutjs.com/	chromecache_185.2.dr, chromecache_167.2.dr	false		high
https://github.com/douglascrockford/JSON-js	chromecache_185.2.dr, chromecache_167.2.dr	false		high
https://schema.org	chromecache_141.2.dr	false		high
https://mem.gfx.ms	chromecache_141.2.dr	false	Avira URL Cloud: safe	unknown
https://aka.ms/yourcaliforniaprivacychoices	chromecache_141.2.dr	false		high
https://onedrive.live.com/about/en-us/	chromecache_141.2.dr	false		high
https://jquery.org/license	chromecache_228.2.dr	false		high
https://www.onenote.com/	chromecache_141.2.dr	false		high
http://github.com/requirejs/domReady	chromecache_190.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php)	chromecache_185.2.dr, chromecache_167.2.dr	false		high
https://jquery.com/	chromecache_228.2.dr	false		high
https://accdn.lpsnmedia.net	chromecache_141.2.dr	false		high
https://www.xbox.com/	chromecache_141.2.dr	false		high
http://github.com/aFarkas/lazysizes	chromecache_190.2.dr	false		high
http://schema.org/Organization	chromecache_141.2.dr	false		high
http://feross.org	chromecache_192.2.dr	false		high
https://sizzlejs.com/	chromecache_228.2.dr	false		high
https://js.foundation/	chromecache_228.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.36	www.google.com	United States	15169	GOOGLEUS	false
192.178.50.78	clients.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
192.178.50.77	accounts.google.com	United States	15169	GOOGLEUS	false
34.120.154.120	lpcdn.lpsnmedia.net	United States	15169	GOOGLEUS	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.140.38.139	microsoftwindows.112.2o7.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
142.250.217.206	unknown	United States	15169	GOOGLEUS	false
18.64.174.116	d1xbuscas8tetl.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.193.192	liveperson.map.fastly.net	United States	54113	FASTLYUS	false
35.186.249.72	d.impactradius-event.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.9

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1355287
Start date and time:	2023-12-07 10:24:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean3.win@20/112@56/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.microsoft.com/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.217.227, 34.104.35.123, 23.196.176.107, 20.189.173.5, 23.196.177.129, 23.193.121.172, 20.190.157.11, 40.126.29.15, 40.126.29.5, 40.126.29.14, 40.126.29.10, 40.126.29.6, 40.126.29.8, 40.126.29.7, 40.126.29.12, 40.126.29.13, 104.89.170.148, 104.89.170.138, 23.44.83.2, 72.21.81.240, 23.194.236.236, 192.229.211.108, 40.126.28.12, 40.126.28.18, 40.126.28.21, 40.126.28.23, 40.126.28.11, 40.126.28.20, 40.126.28.19, 40.126.7.35, 52.168.117.171, 40.126.29.11, 40.126.29.9, 142.251.35.234, 192.178.50.74, 172.217.15.202, 142.250.64.170, 192.178.50.42, 142.250.217.202, 142.250.64.202, 142.250.217.170, 142.250.189.138, 142.250.217.234, 20.110.205.119, 13.107.21.200, 204.79.197.200, 20.75.60.91, 23.10.108.77, 104.89.170.176, 104.89.170.143, 52.168.117.170, 72.21.81.200, 23.221.212.54, 23.221.212.56, 208.89.12.153, 208.89.12.91, 52.167.30.171, 23.221.212.43, 23.221.212.23, 23.221.212.27, 23.221.212.25, 23.221.212.41, 23.221.212.39, 23.221.212.42, 23.221.212.28, 23.221.212.26
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 7 08:25:48 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9750477189660187
Encrypted:	false
SSDEEP:	48:8XdaZTBc1aH6idAKZdA1P4ehwiZUklqeh3y+3:88ZFiTO8y
MD5:	3583335E8E868BF09F2147BAA955ED7B
SHA1:	F5ABD6A962054DF26E4F16C217ECE8183148131E
SHA-256:	29B1648C9D368C49B925294E708DEC8AD798AA3C9E1EA9CF52152DE50D086BF0
SHA-512:	2626DF985FDD55496CCC14CEB8FE4E93C5FA122B3F69C254A1224566189AA0A349841E9AAAE45AD505B482B522B29469AEEC502C6315236F627AEC72B8D8A754
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....A?].(....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.W6K....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.W6K....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.W6K....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.W6K.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.W9K...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 7, 2023 10:25:47.535336971 CET	53031	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:47.535754919 CET	60423	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:47.536252022 CET	57572	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:47.536457062 CET	56096	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:47.636739969 CET	53	56426	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:47.660058975 CET	53	53031	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:47.660753012 CET	53	60423	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:47.660768986 CET	53	57572	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:47.661448956 CET	53	56096	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:48.434968948 CET	53	55520	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:49.959748030 CET	60326	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:49.960747004 CET	61025	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:49.962316990 CET	52310	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:49.963941097 CET	58926	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:50.091871023 CET	56404	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:50.092145920 CET	60585	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:50.101643085 CET	57306	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:50.102018118 CET	60418	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:51.350613117 CET	55916	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:51.351228952 CET	60801	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:25:51.475281954 CET	53	55916	1.1.1.1	192.168.2.9
Dec 7, 2023 10:25:51.476190090 CET	53	60801	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:00.705152988 CET	63909	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:00.705720901 CET	64654	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:02.125184059 CET	64388	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:02.126032114 CET	53688	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:05.575850964 CET	53	52381	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:05.708466053 CET	62092	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:05.708858013 CET	52067	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:06.928356886 CET	49784	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:06.928652048 CET	59972	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:07.054225922 CET	53	49784	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:07.054265976 CET	53	59972	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:10.598135948 CET	53	56918	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:14.976430893 CET	51678	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:14.976613045 CET	61945	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:15.326034069 CET	56326	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:15.326247931 CET	57441	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:23.246423006 CET	56888	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:23.246609926 CET	57300	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:23.254534006 CET	55849	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:23.254748106 CET	56444	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:23.375157118 CET	53	52808	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:23.380769014 CET	53	55849	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:23.381865025 CET	53	56444	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:23.397025108 CET	53	56435	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:23.523801088 CET	53	52557	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:24.471276045 CET	53	57777	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:38.502463102 CET	138	138	192.168.2.9	192.168.2.255
Dec 7, 2023 10:26:39.615576029 CET	53	51880	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:47.234914064 CET	53	63516	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:47.298569918 CET	53	65249	1.1.1.1	192.168.2.9
Dec 7, 2023 10:26:55.654273987 CET	49641	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:26:55.654567003 CET	55657	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:00.224158049 CET	53	54431	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.393563032 CET	63387	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.393815041 CET	62685	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.405107975 CET	49949	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.405316114 CET	63266	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.512547016 CET	53	49794	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.515285015 CET	53	51011	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.531230927 CET	53	63266	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.533557892 CET	54191	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.534063101 CET	60632	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.641344070 CET	53	60984	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.642745972 CET	53607	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.643224955 CET	58078	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.658380032 CET	53	54191	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.659816980 CET	53	60632	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.661776066 CET	50461	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.662028074 CET	56632	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.811022043 CET	53	58078	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:09.857153893 CET	61271	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.857820034 CET	51117	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.991864920 CET	49226	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:09.992188931 CET	49390	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.121196032 CET	64094	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.121490002 CET	61602	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.142949104 CET	64485	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.143240929 CET	63179	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.249741077 CET	58587	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.249991894 CET	60813	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.269243002 CET	53	63179	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:10.269351959 CET	53	64485	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:10.375081062 CET	53	60813	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:10.377320051 CET	53	58587	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:10.380645037 CET	57611	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.381165981 CET	59245	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:10.530205011 CET	53	59841	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:10.530724049 CET	53	52895	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:16.018727064 CET	53	53455	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:16.348695040 CET	61196	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:16.349113941 CET	52464	53	192.168.2.9	1.1.1.1
Dec 7, 2023 10:27:16.473715067 CET	53	61196	1.1.1.1	192.168.2.9
Dec 7, 2023 10:27:16.474715948 CET	53	52464	1.1.1.1	192.168.2.9

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:25:47 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=k9tT3q7Yfh1nx_FSl06F5UE_vdaFQreiGKe1aDN83MeveD7PL1RZXva4s-nFc9waQi9LtKavuTIba8MUkoGu58E8E81gwB_TWJ4Ng-LfCvzhem7rNrhZQ2aGvJZ9g2TYhqx2W2O4E7uHQzPk3vuLvMLxFXZsqE6NdAViQDECGpo
2023-12-07 09:25:47 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-07 09:25:48 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-12-07 09:25:48 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-07 09:25:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:25:47 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:25:48 UTC	731	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 74 33 6e 5f 6a 75 4e 46 55 61 48 36 49 4c 30 37 48 63 51 31 62 77 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-t3n_juNFUaH6IL07HcQ1bw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-12-07 09:25:48 UTC	521	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 38 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 31 34 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6184" elapsed_seconds="5148"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-07 09:25:48 UTC	198	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-07 09:25:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:25:53 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-07 09:25:53 UTC	435	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:25:53 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-07 09:25:53 UTC	530	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 Data Ascii: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
2023-12-07 09:25:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:25:53 UTC	1322	OUT	GET /mscc/lib/v2/wcp-consent.js HTTP/1.1 Host: wcpstatic.microsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ak_bmsc=4F179208ADD5CC1EFA95CA23F6B49E1E~000000000000000000000000000000~YAAQKNXdFwoknjWMAQAAc/+YQxb0N+YMmxpMj+9ov60HlsniAL0scDwzooW8ue/Etw3tOOMUr4AaSP6Y93MaREQ7hE/BPDnsAMgWDNwbszQh2r7tUOMQntQlY7uhzdTd6e/fDUdKLTd6zXF9skEyvTkCLNydm8TofDTkDAP/NLqGcrRpj5cs7vKBuVX+QBrnvXoABgWA4e3K6FhHHHPDV4Gp0UHWvhGSWyENBPEdc0NSTRqtExIGJyK7ClcVM0ThgBQm8SOVQWtscqv7VsyNVVgAOzIm2Sb/q7I0zarPLhert6qOQhNqvbZZOAOaWbb4t+8HRc/ynt+65UtcSz7Bz5XA5pQhAupko4+JeFTnrSofk2xXX+HpHYKN4OBsW50X; bm_sv=461A1E77CE52C8D2E4862F96B27B3B79~YAAQKNXdFwwknjWMAQAAUACZQxb2srwvgpToMqIaWYCFFJ6FyUVw8eHacJOKiK0zZ4wFEEDu4lPlNHlaWEE4g9d5c7bAafxJfk3iGFifSgvpQ8Khgyw0RF6ses2VP32Bj/Ibsk9xXuYCdCZOYGVXTwo5U6iTsI1szbdzNixlFA+MTYASCIRHjQ1M5x0A24WhJ4TcUJCjVSpicBgucuj7IBziMzQY4+fWLGW1KNicWzn3TE2UBdUeKn3IzgM1pf/PacYM~1
2023-12-07 09:25:54 UTC	713	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 35 3a 35 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 35 32 37 31 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 45 78 70 6f 73 65 2d 48 65 61 64 65 72 73 3a 20 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 2c 53 65 72 76 65 72 2c 78 2d 6d 73 2d 76 65 72 73 69 6f 6e 2c 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 2c 44 61 74 65 2c 54 72 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:25:53 GMTContent-Type: application/javascriptContent-Length: 52717Connection: closeAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Tr
2023-12-07 09:25:54 UTC	15671	IN	Data Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 74 2c 6f 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e
2023-12-07 09:25:54 UTC	16384	IN	Data Raw: 29 7b 72 65 74 75 72 6e 20 65 3f 65 2e 72 65 70 6c 61 63 65 28 2f 26 2f 67 2c 22 26 61 6d 70 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3c 2f 67 2c 22 26 6c 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3e 2f 67 2c 22 26 67 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 27 2f 67 2c 22 26 23 30 33 39 3b 22 29 3a 22 22 7d 2c 65 7d 28 29 2c 61 3d 6e 2e 6c 6f 63 61 6c 73 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 2c 6f 2c 6e 2c 72 2c 69 2c 61 29 7b 74 68 69 73 2e 64 69 72 65 63 74 69 6f 6e 3d 22 6c 74 72 22 2c 74 68 69 73 2e 70 72 65 76 69 6f 75 73 46 6f 63 75 73 45 6c 65 6d 65 6e 74 42 65 66 6f 72 65 50 6f 70 75 70 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 6f 6f 6b 69 Data Ascii: ){return e?e.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'"):""},e}(),a=n.locals,l=function(){function e(e,t,o,n,r,i,a){this.direction="ltr",this.previousFocusElementBeforePopup=null,this.cooki
2023-12-07 09:25:54 UTC	16384	IN	Data Raw: 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c 61 62 65 6c 3a 68 6f 76 65 72 3a 3a 61 66 74 65 72 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 68 6f 76 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c Data Ascii: or"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + label:hover::after {\n background-color: "+e["radio-button-hover-background-color"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + l
2023-12-07 09:25:54 UTC	4278	IN	Data Raw: 65 6d 65 6e 74 42 79 49 64 28 22 77 63 70 43 6f 6e 73 65 6e 74 42 61 6e 6e 65 72 43 74 72 6c 22 29 7d 2c 65 2e 65 6d 69 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6f 3d 31 3b 6f 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 74 5b 6f 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 6f 5d 3b 76 61 72 20 6e 3d 74 68 69 73 2e 65 76 65 6e 74 73 5b 65 5d 3b 6e 26 26 6e 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 74 29 7d 29 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 Data Ascii: ementById("wcpConsentBannerCtrl")},e.emit=function(e){for(var t=[],o=1;o<arguments.length;o++)t[o-1]=arguments[o];var n=this.events[e];n&&n.forEach((function(e){e.apply(null,t)}))},e.prototype.addEventListener=function(e,t,o){e.addEventListener?e.addEvent

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:01 UTC	566	OUT	GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:01 UTC	638	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 36 3a 30 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 39 37 39 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6e 6f 2d 74 72 61 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:26:01 GMTContent-Type: application/javascriptContent-Length: 29799Connection: closeVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingCache-Control: public, no-tra
2023-12-07 09:26:01 UTC	15746	IN	Data Raw: 77 69 6e 64 6f 77 2e 4d 53 41 3d 77 69 6e 64 6f 77 2e 4d 53 41 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 3d 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 7c 7c 7b 7d 3b 77 69 6e 64 6f 77 2e 4d 53 41 2e 4d 65 43 6f 6e 74 72 6f 6c 2e 43 6f 6e 66 69 67 3d 7b 22 76 65 72 22 3a 22 31 30 2e 32 33 32 37 31 2e 35 22 2c 22 6d 6b 74 22 3a 22 65 6e 2d 55 53 22 2c 22 70 74 6e 22 3a 22 73 6d 63 63 6f 6e 76 65 72 67 65 6e 63 65 22 2c 22 67 66 78 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6d 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 22 2c 22 64 62 67 22 3a 66 61 6c 73 65 2c 22 61 61 64 22 3a 74 72 75 65 2c 22 69 6e 74 22 3a 66 61 6c 73 65 2c 22 70 78 79 22 3a 74 72 75 65 2c 22 6d 73 54 78 74 22 3a 66 61 6c 73 65 2c 22 72 77 Data Ascii: window.MSA=window.MSA\|\|{};window.MSA.MeControl=window.MSA.MeControl\|\|{};window.MSA.MeControl.Config={"ver":"10.23271.5","mkt":"en-US","ptn":"smcconvergence","gfx":"https://amcdn.msftauth.net","dbg":false,"aad":true,"int":false,"pxy":true,"msTxt":false,"rw
2023-12-07 09:26:01 UTC	14053	IN	Data Raw: 2c 64 65 70 73 3a 6e 2c 66 61 63 74 6f 72 79 3a 74 7d 29 7d 28 65 2c 72 2c 6f 29 7d 76 61 72 20 7a 65 3d 7b 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 3a 22 6d 65 49 6e 6c 69 6e 65 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 62 6f 6f 74 22 3a 22 6d 65 42 6f 6f 74 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 63 6f 72 65 22 3a 22 6d 65 43 6f 72 65 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 4b 65 28 65 29 7b 74 72 79 7b 65 20 69 6e 20 7a 65 26 26 28 65 3d 7a 65 5b 65 5d 29 2c 51 65 28 29 3b 76 61 72 20 6e 3d 57 65 28 65 29 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 6e 2e 62 75 6e 64 6c 65 50 72 6f 6d 69 73 65 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 54 65 28 66 75 6e 63 74 69 Data Ascii: ,deps:n,factory:t})}(e,r,o)}var ze={"@mecontrol/web-inline":"meInline","@mecontrol/web-boot":"meBoot","@mecontrol/web-core":"meCore"};function Ke(e){try{e in ze&&(e=ze[e]),Qe();var n=We(e);if(n)return n.bundlePromise;var t=function(u){return new Te(functi

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:02 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TYWc9HTnbSHGk9t&MD=bv2pV4Xu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-07 09:26:03 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 36 31 37 36 61 32 32 37 2d 34 63 37 36 2d 34 35 65 39 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 6176a227-4c76-45e9-
2023-12-07 09:26:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-07 09:26:03 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:04 UTC	2223	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109008071 X-BM-CBT: 1696497265 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 60 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109008071 X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; CortanaAppUID=D36DDDF07E1B512856780840298B626F; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4
2023-12-07 09:26:04 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2023-12-07 09:26:04 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 33 31 33 30 35 45 38 33 43 45 36 34 44 45 30 38 38 36 37 36 46 45 39 34 42 39 36 38 32 43 34 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 32 39 46 43 45 45 38 38 41 35 32 34 46 34 31 39 34 33 46 33 33 35 42 38 33 32 44 31 41 34 37 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>531305E83CE64DE088676FE94B9682C4</CID><Events><E><T>Event.ClientInst</T><IG>829FCEE88A524F41943F335B832D1A47</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2023-12-07 09:26:05 UTC	475	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 34 20 4e 6f 20 43 6f 6e 74 65 6e 74 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 70 74 2d 43 48 3a 20 53 65 63 2d 43 48 2d 55 41 2d 41 72 63 68 2c 20 53 65 63 2d 43 48 2d 55 41 2d 42 69 74 6e 65 73 73 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2d 4c 69 73 74 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 62 69 6c 65 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 64 65 6c 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2d 56 65 72 73 69 6f 6e 0d 0a 58 2d 4d 53 45 64 67 65 2d 52 65 66 3a 20 52 65 Data Ascii: HTTP/1.1 204 No ContentAccess-Control-Allow-Origin: *Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Re

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:05 UTC	614	OUT	GET /scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:05 UTC	837	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 36 3a 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 39 30 36 34 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:26:05 GMTContent-Type: text/javascript; charset=utf-8Content-Length: 90648Connection: closeVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingCache-Control: public
2023-12-07 09:26:05 UTC	15547	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 20 53 44 4b 20 53 68 61 72 65 64 20 41 6e 61 6c 79 74 69 63 73 2c 20 33 2e 32 2e 37 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 66 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 6d 3d 22 6f 62 6a 65 63 74 22 2c 63 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 61 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 43 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 49 3d 4f 62 6a 65 63 74 2c 53 3d 49 Data Ascii: /! 1DS JS SDK Shared Analytics, 3.2.7 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e){"use strict";var f="function",m="object",ce="undefined",a="prototype",C="hasOwnProperty",I=Object,S=I
2023-12-07 09:26:05 UTC	16384	IN	Data Raw: 29 26 26 61 26 26 72 65 28 61 2e 62 6c 6f 63 6b 65 64 43 6f 6f 6b 69 65 73 29 26 26 2d 31 21 3d 3d 61 2e 62 6c 6f 63 6b 65 64 43 6f 6f 6b 69 65 73 5b 74 6e 5d 28 75 29 7c 7c 6f 69 28 61 2c 75 29 29 7c 7c 28 61 3d 7b 7d 2c 2d 31 21 3d 3d 28 6f 3d 28 75 3d 5a 28 6e 7c 7c 76 29 29 5b 74 6e 5d 28 22 3b 22 29 29 26 26 28 75 3d 5a 28 6e 5b 72 6e 5d 28 30 2c 6f 29 29 2c 61 3d 63 69 28 6e 5b 72 6e 5d 28 6f 2b 31 29 29 29 2c 53 74 28 61 2c 22 64 6f 6d 61 69 6e 22 2c 72 7c 7c 66 2c 77 74 2c 47 29 2c 4a 28 74 29 7c 7c 28 6f 3d 69 72 28 29 2c 47 28 61 5b 58 72 5d 29 26 26 30 3c 28 6e 3d 43 74 28 29 2b 31 65 33 2a 74 29 26 26 28 28 72 3d 6e 65 77 20 44 61 74 65 29 2e 73 65 74 54 69 6d 65 28 6e 29 2c 53 74 28 61 2c 58 72 2c 6c 69 28 72 2c 6f 3f 48 72 3a 57 72 29 7c 7c Data Ascii: )&&a&&re(a.blockedCookies)&&-1!==a.blockedCookies[tn](u)\|\|oi(a,u))\|\|(a={},-1!==(o=(u=Z(n\|\|v))[tn](";"))&&(u=Z(n[rn](0,o)),a=ci(n[rn](o+1))),St(a,"domain",r\|\|f,wt,G),J(t)\|\|(o=ir(),G(a[Xr])&&0<(n=Ct()+1e3*t)&&((r=new Date).setTime(n),St(a,Xr,li(r,o?Hr:Wr)\|\|
2023-12-07 09:26:05 UTC	16384	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 45 65 5d 7d 2c 73 65 74 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 5b 45 65 5d 3d 65 7d 2c 67 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 53 6e 5d 7d 2c 73 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 58 69 28 65 29 26 26 28 6e 5b 53 6e 5d 3d 65 29 7d 2c 67 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 73 70 61 6e 49 64 7d 2c 73 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 51 69 28 65 29 26 26 28 6e 2e 73 70 61 6e 49 64 3d 65 29 7d 2c 67 65 74 54 72 61 63 65 46 6c 61 67 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 5b 78 6e 5d 7d 2c 73 65 74 Data Ascii: :function(){return n[Ee]},setName:function(e){n[Ee]=e},getTraceId:function(){return n[Sn]},setTraceId:function(e){Xi(e)&&(n[Sn]=e)},getSpanId:function(){return n.spanId},setSpanId:function(e){Qi(e)&&(n.spanId=e)},getTraceFlags:function(){return n[xn]},set
2023-12-07 09:26:05 UTC	16384	IN	Data Raw: 72 6d 29 29 7d 2c 71 61 3d 22 4d 69 63 72 6f 73 6f 66 74 41 70 70 6c 69 63 61 74 69 6f 6e 73 54 65 6c 65 6d 65 74 72 79 44 65 76 69 63 65 49 64 22 2c 56 61 3d 28 48 61 2e 5f 5f 69 65 44 79 6e 3d 31 2c 48 61 29 3b 66 75 6e 63 74 69 6f 6e 20 48 61 28 75 2c 73 29 7b 76 61 72 20 63 3d 30 3b 65 65 28 48 61 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 2c 72 2c 69 2c 6f 3d 75 2e 70 72 6f 70 65 72 74 79 53 74 6f 72 61 67 65 4f 76 65 72 72 69 64 65 2c 61 3d 28 65 2e 73 65 71 3d 63 2c 65 2e 65 70 6f 63 68 3d 4e 72 28 21 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 2c 61 69 28 73 2c 75 29 29 3b 61 2e 69 73 45 6e 61 62 6c 65 64 28 29 7c 7c 6f 3f 28 72 3d 61 2c 69 3d 71 61 2c 72 3d 28 6f 3f 6f 2e 67 65 74 50 72 6f 70 65 72 74 79 28 69 29 7c 7c Data Ascii: rm))},qa="MicrosoftApplicationsTelemetryDeviceId",Va=(Ha.__ieDyn=1,Ha);function Ha(u,s){var c=0;ee(Ha,this,function(e){var n,t,r,i,o=u.propertyStorageOverride,a=(e.seq=c,e.epoch=Nr(!1).toString(),ai(s,u));a.isEnabled()\|\|o?(r=a,i=qa,r=(o?o.getProperty(i)\|\|
2023-12-07 09:26:05 UTC	16384	IN	Data Raw: 6f 62 28 66 29 3b 69 66 28 64 26 26 64 2e 6c 65 6e 67 74 68 3c 3d 73 29 7b 76 61 72 20 76 3d 64 2e 6c 65 6e 67 74 68 3b 69 66 28 75 3c 6e 2e 6c 65 6e 67 74 68 2b 76 29 7b 67 2e 6f 76 65 72 66 6c 6f 77 3d 70 2e 73 70 6c 69 74 28 63 29 3b 62 72 65 61 6b 7d 6e 26 26 28 6e 2b 3d 22 5c 6e 22 29 2c 6e 2b 3d 64 2c 32 30 3c 2b 2b 6c 26 26 28 6e 2e 73 75 62 73 74 72 28 30 2c 31 29 2c 6c 3d 30 29 2c 72 3d 21 30 2c 74 2b 2b 7d 65 6c 73 65 28 64 3f 69 3a 6f 29 2e 70 75 73 68 28 66 29 2c 65 2e 73 70 6c 69 63 65 28 63 2c 31 29 2c 63 2d 2d 7d 63 2b 2b 7d 69 26 26 30 3c 69 2e 6c 65 6e 67 74 68 26 26 67 2e 73 69 7a 65 45 78 63 65 65 64 2e 70 75 73 68 28 72 73 2e 63 72 65 61 74 65 28 70 2e 69 4b 65 79 28 29 2c 69 29 29 2c 6f 26 26 30 3c 6f 2e 6c 65 6e 67 74 68 26 26 67 2e Data Ascii: ob(f);if(d&&d.length<=s){var v=d.length;if(u<n.length+v){g.overflow=p.split(c);break}n&&(n+="\n"),n+=d,20<++l&&(n.substr(0,1),l=0),r=!0,t++}else(d?i:o).push(f),e.splice(c,1),c--}c++}i&&0<i.length&&g.sizeExceed.push(rs.create(p.iKey(),i)),o&&0<o.length&&g.
2023-12-07 09:26:06 UTC	9565	IN	Data Raw: 67 5b 70 2e 69 64 65 6e 74 69 66 69 65 72 5d 7c 7c 7b 7d 2c 54 3d 72 2e 67 65 74 45 78 74 43 66 67 28 70 2e 69 64 65 6e 74 69 66 69 65 72 29 2c 41 3d 52 73 28 54 2e 73 65 74 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 2c 54 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 4f 76 65 72 72 69 64 65 29 2c 4a 3d 21 54 2e 64 69 73 61 62 6c 65 4f 70 74 69 6d 69 7a 65 4f 62 6a 26 26 21 21 61 65 28 22 63 68 72 6f 6d 65 22 29 2c 6e 3d 65 2e 67 65 74 57 50 61 72 61 6d 2c 65 2e 67 65 74 57 50 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 30 3b 72 65 74 75 72 6e 20 54 2e 69 67 6e 6f 72 65 4d 63 31 4d 73 30 43 6f 6f 6b 69 65 50 72 6f 63 65 73 73 69 6e 67 26 26 28 65 7c 3d 32 29 2c 65 7c 6e 28 29 7d 2c 30 3c 54 2e 65 76 65 6e 74 73 4c 69 6d 69 74 49 6e 4d 65 Data Ascii: g[p.identifier]\|\|{},T=r.getExtCfg(p.identifier),A=Rs(T.setTimeoutOverride,T.clearTimeoutOverride),J=!T.disableOptimizeObj&&!!ae("chrome"),n=e.getWParam,e.getWParam=function(){var e=0;return T.ignoreMc1Ms0CookieProcessing&&(e\|=2),e\|n()},0<T.eventsLimitInMe

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:07 UTC	635	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_uqLnN-jyaq_fseZL-ya5xg2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:07 UTC	750	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 45 78 70 6f 73 65 2d 48 65 61 64 65 72 73 3a 20 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 2c 53 65 72 76 65 72 2c 78 2d 6d 73 2d 76 65 72 73 69 6f 6e 2c 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2c 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 2c 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 2c 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 2c 45 54 61 67 2c 43 6f 6e 74 65 6e 74 2d 4d 44 35 2c 78 2d 6d 73 2d 6c 65 61 73 65 2d 73 74 61 74 75 73 2c 78 2d 6d 73 2d 62 6c 6f 62 2d 74 79 70 65 2c 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 2c 44 61 74 65 2c 54 72 61 6e 73 66 65 72 2d 45 6e Data Ascii: HTTP/1.1 200 OKAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-En
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 3d 41 2e 70 61 72 73 65 28 65 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 73 2e 66 69 6e 64 4f 77 6e 50 72 6f 70 65 72 74 79 28 72 2e 71 75 65 72 79 7c 7c 7b 7d 2c 6e 2c 21 30 29 26 26 28 72 2e 71 75 65 72 79 3d 72 2e 71 75 65 72 79 7c 7c 7b 7d 2c 72 2e 71 75 65 72 79 5b 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 74 29 2c 41 2e 6a 6f 69 6e 28 72 29 7d 2c 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 74 3d 41 2e 70 61 72 73 65 28 65 29 3b 72 65 74 75 72 6e 20 65 26 26 6e 26 26 6e 2e 6c 65 6e 67 74 68 26 26 28 74 2e 71 75 65 72 79 3d 74 2e 71 75 65 72 79 7c 7c 7b 7d 2c 63 2e 66 6f 72 45 61 63 68 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 71 75 65 72 79 5b 65 5b 30 5d 5d 3d 65 5b 31 5d 7d 29 29 29 2c 41 2e 6a 6f 69 Data Ascii: =A.parse(e);return null===s.findOwnProperty(r.query\|\|{},n,!0)&&(r.query=r.query\|\|{},r.query[n.toLowerCase()]=t),A.join(r)},add:function(e,n){var t=A.parse(e);return e&&n&&n.length&&(t.query=t.query\|\|{},c.forEach(n,(function(e){t.query[e[0]]=e[1]}))),A.joi
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 74 45 78 69 73 74 3a 22 35 30 31 38 34 22 2c 4f 6e 65 54 69 6d 65 50 61 73 73 63 6f 64 65 4d 65 73 73 61 67 65 44 65 6c 69 76 65 72 79 46 61 69 6c 65 64 3a 22 35 30 31 38 35 22 2c 49 6e 76 61 6c 69 64 50 61 73 73 77 6f 72 64 3a 22 35 30 31 39 33 22 2c 49 6e 76 61 6c 69 64 4f 6e 65 54 69 6d 65 50 61 73 73 63 6f 64 65 4f 54 50 4e 6f 74 47 69 76 65 6e 3a 22 35 30 31 38 31 31 22 2c 49 6e 76 61 6c 69 64 47 72 61 6e 74 44 65 76 69 63 65 4e 6f 74 46 6f 75 6e 64 3a 22 37 30 30 30 30 33 22 2c 53 73 6f 41 72 74 69 66 61 63 74 45 78 70 69 72 65 64 44 75 65 54 6f 43 6f 6e 64 69 74 69 6f 6e 61 6c 41 63 63 65 73 73 3a 22 37 30 30 34 34 22 2c 53 73 6f 41 72 74 69 66 61 63 74 45 78 70 69 72 65 64 44 75 65 54 6f 43 6f 6e 64 69 74 69 6f 6e 61 6c 41 63 63 65 73 73 52 65 41 Data Ascii: tExist:"50184",OneTimePasscodeMessageDeliveryFailed:"50185",InvalidPassword:"50193",InvalidOneTimePasscodeOTPNotGiven:"501811",InvalidGrantDeviceNotFound:"700003",SsoArtifactExpiredDueToConditionalAccess:"70044",SsoArtifactExpiredDueToConditionalAccessReA
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 63 61 74 63 68 28 6e 29 7b 74 68 72 6f 77 20 53 2e 6f 6e 45 72 72 6f 72 26 26 53 2e 6f 6e 45 72 72 6f 72 28 6e 29 2c 6e 7d 7d 3a 65 7d 2c 73 65 74 54 69 6d 65 6f 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 73 65 74 54 69 6d 65 6f 75 74 28 53 2e 61 2e 41 63 28 65 29 2c 6e 29 7d 2c 47 63 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 53 2e 6f 6e 45 72 72 6f 72 26 26 53 2e 6f 6e 45 72 72 6f 72 28 65 29 2c 65 7d 29 2c 30 29 7d 2c 42 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 72 3d 53 2e 61 2e 41 63 28 74 29 3b 69 66 28 74 3d 76 5b 6e 5d 2c 53 2e 6f 70 74 69 6f 6e 73 2e 75 73 65 4f 6e 6c 79 Data Ascii: his,arguments)}catch(n){throw S.onError&&S.onError(n),n}}:e},setTimeout:function(e,n){return setTimeout(S.a.Ac(e),n)},Gc:function(e){setTimeout((function(){throw S.onError&&S.onError(e),e}),0)},B:function(e,n,t){var r=S.a.Ac(t);if(t=v[n],S.options.useOnly
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 54 61 2e 74 72 61 63 6b 41 72 72 61 79 43 68 61 6e 67 65 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 29 7b 69 66 28 63 29 7b 76 61 72 20 6e 2c 74 3d 5b 5d 2e 63 6f 6e 63 61 74 28 65 2e 76 28 29 7c 7c 5b 5d 29 3b 65 2e 57 61 28 22 61 72 72 61 79 43 68 61 6e 67 65 22 29 26 26 28 28 21 75 7c 7c 31 3c 63 29 26 26 28 75 3d 53 2e 61 2e 50 62 28 6f 2c 74 2c 65 2e 4f 62 29 29 2c 6e 3d 75 29 2c 6f 3d 74 2c 75 3d 6e 75 6c 6c 2c 63 3d 30 2c 6e 26 26 6e 2e 6c 65 6e 67 74 68 26 26 65 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 6e 2c 22 61 72 72 61 79 43 68 61 6e 67 65 22 29 7d 7d 73 3f 6e 28 29 3a 28 73 3d 21 30 2c 69 3d 65 2e 73 75 62 73 63 72 69 62 65 28 28 66 75 6e 63 74 69 6f Data Ascii: Ta.trackArrayChanges=function(e,n){function t(){function n(){if(c){var n,t=[].concat(e.v()\|\|[]);e.Wa("arrayChange")&&((!u\|\|1<c)&&(u=S.a.Pb(o,t,e.Ob)),n=u),o=t,u=null,c=0,n&&n.length&&e.notifySubscribers(n,"arrayChange")}}s?n():(s=!0,i=e.subscribe((functio
2023-12-07 09:26:07 UTC	5	IN	Data Raw: 72 20 62 3d 7b Data Ascii: r b={
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 73 63 72 69 70 74 3a 21 30 2c 74 65 78 74 61 72 65 61 3a 21 30 2c 74 65 6d 70 6c 61 74 65 3a 21 30 7d 3b 53 2e 67 65 74 42 69 6e 64 69 6e 67 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 63 5b 65 5d 7d 3b 76 61 72 20 79 3d 7b 7d 3b 53 2e 66 61 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 72 2c 69 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b 76 61 72 20 65 3d 64 3f 6c 28 29 3a 6c 2c 69 3d 53 2e 61 2e 66 28 65 29 3b 72 65 74 75 72 6e 20 6e 3f 28 53 2e 61 2e 65 78 74 65 6e 64 28 75 2c 6e 29 2c 76 20 69 6e 20 6e 26 26 28 75 5b 76 5d 3d 6e 5b 76 5d 29 29 3a 28 75 2e 24 70 61 72 65 6e 74 73 3d 5b 5d 2c 75 2e 24 72 6f 6f 74 3d 69 2c 75 2e 6b 6f 3d 53 29 2c 75 5b 67 5d 3d 73 2c 63 3f 69 3d 75 2e 24 64 61 74 61 3a 28 75 Data Ascii: script:!0,textarea:!0,template:!0};S.getBindingHandler=function(e){return S.c[e]};var y={};S.fa=function(e,n,t,r,i){function o(){var e=d?l():l,i=S.a.f(e);return n?(S.a.extend(u,n),v in n&&(u[v]=n[v])):(u.$parents=[],u.$root=i,u.ko=S),u[g]=s,c?i=u.$data:(u
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 29 7d 3b 53 2e 63 2e 74 65 78 74 49 6e 70 75 74 3d 7b 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 6f 2c 73 2c 75 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 6e 29 7b 53 2e 61 2e 42 28 6f 2c 65 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 70 7c 7c 28 68 3d 6f 2e 76 61 6c 75 65 2c 70 3d 53 2e 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 64 2c 34 29 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 70 29 2c 68 3d 70 3d 61 3b 76 61 72 20 65 3d 6f 2e 76 61 6c 75 65 3b 67 21 3d 3d 65 26 26 28 67 3d 65 2c 53 2e 6d 2e 65 62 28 73 28 29 2c 75 2c 22 74 65 78 74 49 6e 70 75 74 22 2c 65 29 29 7d 76 61 72 20 70 2c 68 2c 67 3d 6f 2e 76 61 6c 75 65 2c 76 3d 39 3d 3d 53 2e 61 2e 57 3f 6c 3a 64 2c 6d 3d 21 31 3b 72 26 26 63 28 22 6b 65 79 Data Ascii: )};S.c.textInput={init:function(o,s,u){function c(e,n){S.a.B(o,e,n)}function l(){p\|\|(h=o.value,p=S.a.setTimeout(d,4))}function d(){clearTimeout(p),h=p=a;var e=o.value;g!==e&&(g=e,S.m.eb(s(),u,"textInput",e))}var p,h,g=o.value,v=9==S.a.W?l:d,m=!1;r&&c("key
2023-12-07 09:26:07 UTC	16383	IN	Data Raw: 73 5b 68 5d 3d 21 30 2c 65 2e 61 70 70 6c 79 42 69 6e 64 69 6e 67 73 54 6f 4e 6f 64 65 28 6e 2c 67 29 7d 7d 7d 72 65 74 75 72 6e 20 65 2e 61 70 70 6c 79 42 69 6e 64 69 6e 67 73 54 6f 44 65 73 63 65 6e 64 61 6e 74 73 28 75 2c 6e 29 2c 7b 63 6f 6e 74 72 6f 6c 73 44 65 73 63 65 6e 64 61 6e 74 42 69 6e 64 69 6e 67 73 3a 21 30 7d 7d 7d 2c 65 2e 62 69 6e 64 69 6e 67 48 61 6e 64 6c 65 72 73 2e 61 75 74 6f 53 75 62 6d 69 74 3d 7b 75 70 64 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 76 61 72 20 72 3d 74 28 29 3b 65 2e 75 6e 77 72 61 70 28 72 29 26 26 28 65 2e 69 73 57 72 69 74 61 62 6c 65 4f 62 73 65 72 76 61 62 6c 65 28 72 29 26 26 72 28 21 31 29 2c 6e 2e 73 75 62 6d 69 74 28 29 29 7d 7d 2c 65 2e 62 69 6e 64 69 6e 67 48 61 6e 64 6c 65 72 73 2e 70 6f 73 Data Ascii: s[h]=!0,e.applyBindingsToNode(n,g)}}}return e.applyBindingsToDescendants(u,n),{controlsDescendantBindings:!0}}},e.bindingHandlers.autoSubmit={update:function(n,t){var r=t();e.unwrap(r)&&(e.isWritableObservable(r)&&r(!1),n.submit())}},e.bindingHandlers.pos

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:09 UTC	635	OUT	GET /shared/1.0/content/js/FetchSessions_Core_hVLAIdSbCVjC_yz4lFx6vg2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:09 UTC	750	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 45 78 70 6f 73 65 2d 48 65 61 64 65 72 73 3a 20 78 2d 6d 73 2d 72 65 71 75 65 73 74 2d 69 64 2c 53 65 72 76 65 72 2c 78 2d 6d 73 2d 76 65 72 73 69 6f 6e 2c 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2c 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 2c 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 2c 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 2c 45 54 61 67 2c 43 6f 6e 74 65 6e 74 2d 4d 44 35 2c 78 2d 6d 73 2d 6c 65 61 73 65 2d 73 74 61 74 75 73 2c 78 2d 6d 73 2d 62 6c 6f 62 2d 74 79 70 65 2c 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 2c 44 61 74 65 2c 54 72 61 6e 73 66 65 72 2d 45 6e Data Ascii: HTTP/1.1 200 OKAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-En
2023-12-07 09:26:09 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2023-12-07 09:26:09 UTC	16383	IN	Data Raw: 31 36 41 22 2c 50 50 5f 45 5f 53 54 52 4f 4e 47 50 52 4f 43 45 53 53 5f 41 4c 54 45 4d 41 49 4c 53 41 4d 45 41 53 4d 41 49 4c 42 4f 58 3a 22 38 30 30 34 39 43 32 44 22 2c 50 50 5f 45 5f 45 4d 41 49 4c 5f 52 49 47 48 54 5f 54 4f 4f 5f 4c 4f 4e 47 3a 22 38 30 30 34 31 31 30 43 22 2c 50 50 5f 45 5f 4e 41 4d 45 5f 54 4f 4f 5f 4c 4f 4e 47 3a 22 38 30 30 34 31 31 30 32 22 2c 50 50 5f 45 5f 41 4c 49 41 53 5f 41 55 54 48 5f 4e 4f 54 50 45 52 4d 49 54 54 45 44 3a 22 38 30 30 34 37 38 38 42 22 2c 50 50 5f 45 5f 54 4f 54 50 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 39 43 33 34 22 2c 50 50 5f 45 5f 4f 4c 44 5f 53 4b 59 50 45 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 33 35 35 37 22 2c 50 50 5f 45 5f 4f 54 54 5f 44 41 54 41 5f 49 4e 56 41 4c 49 44 3a 22 38 30 30 34 Data Ascii: 16A",PP_E_STRONGPROCESS_ALTEMAILSAMEASMAILBOX:"80049C2D",PP_E_EMAIL_RIGHT_TOO_LONG:"8004110C",PP_E_NAME_TOO_LONG:"80041102",PP_E_ALIAS_AUTH_NOTPERMITTED:"8004788B",PP_E_TOTP_INVALID:"80049C34",PP_E_OLD_SKYPE_PASSWORD:"80043557",PP_E_OTT_DATA_INVALID:"8004
2023-12-07 09:26:09 UTC	2	IN	Data Raw: 20 6e Data Ascii: n
2023-12-07 09:26:09 UTC	16383	IN	Data Raw: 3d 65 2c 74 3d 6e 75 6c 6c 2c 72 3d 6e 75 6c 6c 3b 69 66 28 65 29 7b 76 61 72 20 6f 3d 65 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 2c 69 3d 65 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 2d 31 21 3d 3d 69 26 26 28 2d 31 3d 3d 3d 6f 7c 7c 69 3c 6f 29 3f 28 6e 3d 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 69 29 2c 72 3d 75 2e 64 6f 75 62 6c 65 53 70 6c 69 74 28 65 2e 73 75 62 73 74 72 69 6e 67 28 69 2b 31 29 2c 22 26 22 2c 22 3d 22 29 29 3a 2d 31 21 3d 3d 6f 26 26 2d 31 3d 3d 3d 69 3f 28 6e 3d 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 6f 29 2c 74 3d 75 2e 64 6f 75 62 6c 65 53 70 6c 69 74 28 65 2e 73 75 62 73 74 72 69 6e 67 28 6f 2b 31 29 2c 22 26 22 2c 22 3d 22 29 29 3a 2d 31 21 3d 3d 6f 26 26 2d 31 21 3d 3d 69 26 26 28 6e 3d 65 2e 73 75 62 73 74 72 69 6e 67 28 Data Ascii: =e,t=null,r=null;if(e){var o=e.indexOf("?"),i=e.indexOf("#");-1!==i&&(-1===o\|\|i<o)?(n=e.substring(0,i),r=u.doubleSplit(e.substring(i+1),"&","=")):-1!==o&&-1===i?(n=e.substring(0,o),t=u.doubleSplit(e.substring(o+1),"&","=")):-1!==o&&-1!==i&&(n=e.substring(
2023-12-07 09:26:09 UTC	1	IN	Data Raw: 28 Data Ascii: (
2023-12-07 09:26:09 UTC	16383	IN	Data Raw: 30 29 2c 6f 3d 74 28 34 29 2c 69 3d 7b 7d 2c 61 3d 6e 75 6c 6c 3b 6e 2e 73 65 74 44 61 74 61 50 6f 69 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 72 29 7b 76 61 72 20 69 3d 7b 73 63 6f 70 65 3a 72 7c 7c 6f 2e 44 61 74 61 50 6f 69 6e 74 53 63 6f 70 65 2e 43 6c 69 65 6e 74 45 76 65 6e 74 7d 2c 61 3d 73 28 65 29 3b 61 2e 74 72 61 63 69 6e 67 44 61 74 61 50 6f 69 6e 74 73 3d 61 2e 74 72 61 63 69 6e 67 44 61 74 61 50 6f 69 6e 74 73 7c 7c 7b 7d 2c 61 2e 74 72 61 63 69 6e 67 44 61 74 61 50 6f 69 6e 74 73 5b 6e 5d 3d 7b 6f 70 74 69 6f 6e 73 3a 69 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 7d 7d 7d 3b 76 61 72 20 73 3d 6e 2e 67 65 74 54 72 61 63 69 6e 67 43 6f 6e 74 65 78 74 4f 62 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e Data Ascii: 0),o=t(4),i={},a=null;n.setDataPoint=function(e,n,t,r){var i={scope:r\|\|o.DataPointScope.ClientEvent},a=s(e);a.tracingDataPoints=a.tracingDataPoints\|\|{},a.tracingDataPoints[n]={options:i,value:function(){return t}}};var s=n.getTracingContextObject=function
2023-12-07 09:26:09 UTC	1	IN	Data Raw: 70 Data Ascii: p
2023-12-07 09:26:09 UTC	16383	IN	Data Raw: 6f 72 74 65 64 20 74 6f 20 74 75 72 6e 20 64 65 66 65 72 72 61 6c 20 6f 66 66 20 6f 6e 63 65 20 65 6e 61 62 6c 65 64 2e 22 29 3b 65 2e 48 62 7c 7c 28 65 2e 48 62 3d 21 30 2c 65 2e 75 62 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 2c 72 3d 21 31 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 72 29 7b 53 2e 6e 61 2e 63 61 6e 63 65 6c 28 74 29 2c 74 3d 53 2e 6e 61 2e 7a 62 28 6e 29 3b 74 72 79 7b 72 3d 21 30 2c 65 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 28 61 2c 22 64 69 72 74 79 22 29 7d 66 69 6e 61 6c 6c 79 7b 72 3d 21 31 7d 7d 7d 7d 29 29 29 7d 2c 6e 6f 74 69 66 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 65 2e 65 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 3d 22 61 6c 77 61 79 73 22 3d 3d 6e 3f 6e 75 Data Ascii: orted to turn deferral off once enabled.");e.Hb\|\|(e.Hb=!0,e.ub((function(n){var t,r=!1;return function(){if(!r){S.na.cancel(t),t=S.na.zb(n);try{r=!0,e.notifySubscribers(a,"dirty")}finally{r=!1}}}})))},notify:function(e,n){e.equalityComparer="always"==n?nu
2023-12-07 09:26:09 UTC	1	IN	Data Raw: 72 Data Ascii: r

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:10 UTC	602	OUT	GET /scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:11 UTC	575	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 36 3a 31 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 38 31 32 32 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 57 65 64 2c 20 31 35 20 4e 6f 76 20 32 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:26:10 GMTContent-Type: application/javascriptContent-Length: 181223Connection: closeVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingLast-Modified: Wed, 15 Nov 2
2023-12-07 09:26:11 UTC	15809	IN	Data Raw: 4d 65 43 6f 6e 74 72 6f 6c 44 65 66 69 6e 65 28 22 6d 65 42 6f 6f 74 22 2c 5b 22 65 78 70 6f 72 74 73 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 53 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 69 3d 7b 7d 2c 75 3d 5b 5d 2c 70 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 4f 28 74 2c 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 2c 69 2c 61 3d 70 3b 66 6f 72 28 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 32 3c 69 2d 2d 3b 29 75 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 5b 69 5d 29 3b 66 6f 72 28 65 26 26 6e 75 6c 6c 21 3d 65 2e 63 68 69 6c 64 72 65 6e 26 26 28 75 2e 6c 65 6e 67 74 68 7c 7c 75 2e 70 75 73 68 28 65 2e 63 68 69 6c 64 Data Ascii: MeControlDefine("meBoot",["exports","@mecontrol/web-inline"],function(t,S){"use strict";var c=function(){},i={},u=[],p=[];function O(t,e){var r,n,o,i,a=p;for(i=arguments.length;2<i--;)u.push(arguments[i]);for(e&&null!=e.children&&(u.length\|\|u.push(e.child
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 7d 3a 31 3d 3d 3d 65 2e 6c 65 6e 67 74 68 3f 65 5b 30 5d 3a 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 65 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 61 72 67 75 6d 65 6e 74 73 29 29 7d 7d 29 7d 76 61 72 20 74 74 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 3b 66 75 6e 63 74 69 6f 6e 20 65 74 28 74 29 7b 76 61 72 20 65 2c 72 2c 6e 2c 6f 3d 22 22 2c 69 3d 74 79 70 65 6f 66 20 74 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 69 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 69 29 72 65 74 75 72 6e 20 74 7c 7c 22 22 3b 69 66 28 74 74 28 74 29 26 26 30 3c 74 2e 6c 65 6e 67 74 68 29 66 6f 72 28 65 3d 30 2c 72 3d Data Ascii: ?function(t){return t}:1===e.length?e[0]:e.reduce(function(t,e){return function(){return t(e.apply(void 0,arguments))}})}var tt=Array.isArray;function et(t){var e,r,n,o="",i=typeof t;if("string"==i\|\|"number"==i)return t\|\|"";if(tt(t)&&0<t.length)for(e=0,r=
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 4f 65 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 31 3b 72 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 65 5b 72 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 72 5d 3b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 6f 3d 65 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 6f 5b 6e 5d 3b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 69 29 69 66 28 53 2e 68 61 73 4f 77 6e 28 69 2c 61 29 29 7b 76 61 72 20 73 3d 69 5b 61 5d 3b 6e 75 6c 6c 3d 3d 73 7c 7c 53 65 28 73 29 7c 7c 28 74 5b 61 5d 3d 73 29 7d 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 62 65 28 74 2c 65 2c 72 29 7b 76 61 72 20 6e 3d 53 2e 67 65 74 4f 70 74 69 6f 6e 73 28 29 3b 69 66 28 6e 29 7b 76 61 72 20 6f 3d 6e 65 77 20 53 2e 53 Data Ascii: unction Oe(t){for(var e=[],r=1;r<arguments.length;r++)e[r-1]=arguments[r];for(var n=0,o=e;n<o.length;n++){var i=o[n];for(var a in i)if(S.hasOwn(i,a)){var s=i[a];null==s\|\|Se(s)\|\|(t[a]=s)}}return t}function be(t,e,r){var n=S.getOptions();if(n){var o=new S.S
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 61 74 65 64 3b 72 65 74 75 72 6e 20 4f 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 65 74 28 5b 72 2c 28 74 3d 7b 7d 2c 74 2e 6d 65 63 74 72 6c 5f 66 6f 63 75 73 5f 76 69 73 69 62 6c 65 3d 6f 2c 74 29 5d 29 7d 2c 6e 29 7d 2c 66 72 29 3b 66 75 6e 63 74 69 6f 6e 20 66 72 28 74 29 7b 76 61 72 20 65 3d 75 72 2e 63 61 6c 6c 28 74 68 69 73 2c 74 29 7c 7c 74 68 69 73 3b 72 65 74 75 72 6e 20 65 2e 73 74 61 74 65 3d 7b 61 63 74 69 76 61 74 65 64 3a 21 21 74 2e 76 69 73 69 62 6c 65 4f 6e 53 74 61 72 74 7d 2c 65 2e 68 61 73 52 65 63 65 6e 74 4b 65 79 62 6f 61 72 64 41 63 74 69 6f 6e 3d 21 31 2c 65 2e 6b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 3d 65 2e 6b 65 79 64 6f 77 6e 48 61 6e 64 6c 65 72 2e 62 69 6e 64 28 65 29 2c 65 2e 63 6c 69 63 6b 48 61 6e 64 6c 65 72 3d 65 2e Data Ascii: ated;return O("div",{class:et([r,(t={},t.mectrl_focus_visible=o,t)])},n)},fr);function fr(t){var e=ur.call(this,t)\|\|this;return e.state={activated:!!t.visibleOnStart},e.hasRecentKeyboardAction=!1,e.keydownHandler=e.keydownHandler.bind(e),e.clickHandler=e.
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 65 74 46 72 6f 6d 49 64 70 22 3a 72 65 74 75 72 6e 20 78 74 28 6e 75 6c 6c 3d 3d 3d 28 72 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 6d 73 61 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 73 69 67 6e 4f 75 74 41 6e 64 46 6f 72 67 65 74 55 72 6c 29 3b 63 61 73 65 22 73 77 69 74 63 68 22 3a 72 65 74 75 72 6e 20 78 74 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 53 77 69 74 63 68 55 72 6c 29 3b 63 61 73 65 22 73 77 69 74 63 68 54 6f 22 3a 72 65 74 75 72 6e 20 78 74 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 53 77 69 74 63 68 54 6f 55 72 6c 29 3b 63 61 73 65 22 67 65 74 52 65 6d 65 6d 62 65 72 65 64 41 63 63 6f 75 6e 74 73 22 3a 72 65 74 75 72 6e 20 53 2e 4d 45 2e 43 6f 6e 66 69 67 2e 72 65 6d 41 63 63 26 26 4b 72 28 74 68 69 73 2c Data Ascii: etFromIdp":return xt(null===(r=this.config.msa)\|\|void 0===r?void 0:r.signOutAndForgetUrl);case"switch":return xt(this.config.appSwitchUrl);case"switchTo":return xt(this.config.appSwitchToUrl);case"getRememberedAccounts":return S.ME.Config.remAcc&&Kr(this,
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 69 6e 2e 6c 69 76 65 2e 63 6f 6d 22 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 79 6e 28 74 29 7d 76 61 72 20 79 6e 3d 28 76 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 73 75 70 70 6f 72 74 73 4d 73 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 6d 73 61 6c 4a 73 57 69 74 68 4d 73 61 22 3d 3d 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 79 70 65 7d 2c 76 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 69 73 4f 70 65 72 61 74 69 6f 6e 53 75 70 70 6f 72 74 65 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 73 69 67 6e 4f 75 74 46 72 6f 6d 49 64 70 22 3a 72 65 74 75 72 6e 20 78 74 28 6e 75 6c 6c 3d 3d 3d 28 72 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 61 Data Ascii: in.live.com")}function mn(t){return new yn(t)}var yn=(vn.prototype.supportsMsa=function(){return"msalJsWithMsa"===this.config.type},vn.prototype.isOperationSupported=function(t,e){var r,n,o;switch(t){case"signOutFromIdp":return xt(null===(r=this.config.aa
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 64 5b 66 5d 2e 61 63 63 6f 75 6e 74 49 64 29 3f 6f 3a 64 5b 66 5d 2e 70 61 79 6c 6f 61 64 2e 6b 65 79 5d 29 7b 76 61 72 20 68 3d 64 5b 66 5d 2e 70 61 79 6c 6f 61 64 3b 79 2e 70 69 63 74 75 72 65 55 72 6c 3d 6e 75 6c 6c 21 3d 28 69 3d 79 2e 70 69 63 74 75 72 65 55 72 6c 29 3f 69 3a 68 2e 72 65 73 6f 75 72 63 65 2c 79 2e 63 61 63 68 65 4d 65 74 61 3f 79 2e 63 61 63 68 65 4d 65 74 61 2e 70 69 63 74 75 72 65 55 72 6c 3d 68 2e 72 65 73 6f 75 72 63 65 45 54 61 67 3a 79 2e 63 61 63 68 65 4d 65 74 61 3d 28 28 72 3d 7b 7d 29 2e 70 69 63 74 75 72 65 55 72 6c 3d 68 2e 72 65 73 6f 75 72 63 65 45 54 61 67 2c 72 29 7d 7d 72 65 74 75 72 6e 20 48 28 7b 7d 2c 6c 29 3b 63 61 73 65 22 47 45 54 5f 43 41 43 48 45 44 5f 53 48 4f 57 5f 41 55 54 48 5f 41 50 50 22 3a 76 61 72 20 Data Ascii: d[f].accountId)?o:d[f].payload.key]){var h=d[f].payload;y.pictureUrl=null!=(i=y.pictureUrl)?i:h.resource,y.cacheMeta?y.cacheMeta.pictureUrl=h.resourceETag:y.cacheMeta=((r={}).pictureUrl=h.resourceETag,r)}}return H({},l);case"GET_CACHED_SHOW_AUTH_APP":var
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 73 65 74 5c 78 33 61 2d 32 70 78 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 67 6c 79 70 68 5c 78 37 62 6f 76 65 72 66 6c 6f 77 5c 78 33 61 68 69 64 64 65 6e 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 5c 78 33 61 63 6f 76 65 72 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 5c 78 33 61 63 65 6e 74 65 72 20 63 65 6e 74 65 72 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 5c 78 33 61 6e 6f 2d 72 65 70 65 61 74 5c 78 37 64 2e 67 6c 79 70 68 5f 6d 6f 72 65 5c 78 37 62 77 69 64 74 68 5c 78 33 61 32 34 70 78 5c 78 33 62 68 65 69 67 68 74 5c 78 33 61 32 34 70 78 5c 78 37 64 2e 67 6c 79 70 68 5f 74 65 78 74 5c 78 37 62 63 6c 69 70 5c 78 33 61 72 65 63 74 5c 78 32 38 31 70 78 2c 31 Data Ascii: set\x3a-2px\x21important\x7d.mectrl_glyph\x7boverflow\x3ahidden\x3bbackground-size\x3acover\x3bbackground-position\x3acenter center\x3bbackground-repeat\x3ano-repeat\x7d.glyph_more\x7bwidth\x3a24px\x3bheight\x3a24px\x7d.glyph_text\x7bclip\x3arect\x281px,1
2023-12-07 09:26:11 UTC	16384	IN	Data Raw: 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 67 20 74 72 61 6e 73 66 6f 72 6d 5c 78 33 64 5c 78 32 37 6d 61 74 72 69 78 5c 78 32 38 2e 39 20 30 20 30 20 2e 39 20 31 30 2e 34 33 31 20 31 30 2e 34 33 31 5c 78 32 39 5c 78 32 37 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 5c 78 33 64 5c 78 32 37 32 5c 78 32 37 5c 78 32 35 33 45 5c 78 32 35 33 43 63 69 72 63 6c 65 20 63 78 5c 78 33 64 5c 78 32 37 32 34 2e 32 35 5c 78 32 37 20 63 79 5c 78 33 64 5c 78 32 37 31 38 5c 78 32 37 20 72 5c 78 33 64 5c 78 32 37 39 5c 78 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 70 61 74 68 20 64 5c 78 33 64 5c 78 32 37 4d 31 31 2e 32 20 34 30 61 31 20 31 20 30 20 31 31 32 36 2e 31 20 30 5c 78 32 37 5c 78 32 66 5c 78 32 35 33 45 5c 78 32 35 33 43 5c 78 32 66 67 5c 78 32 Data Ascii: 27\x2f\x253E\x253Cg transform\x3d\x27matrix\x28.9 0 0 .9 10.431 10.431\x29\x27 stroke-width\x3d\x272\x27\x253E\x253Ccircle cx\x3d\x2724.25\x27 cy\x3d\x2718\x27 r\x3d\x279\x27\x2f\x253E\x253Cpath d\x3d\x27M11.2 40a1 1 0 1126.1 0\x27\x2f\x253E\x253C\x2fg\x2

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:13 UTC	602	OUT	GET /scripts/me/MeControl/10.23271.5/en-US/meCore.min.js HTTP/1.1 Host: mem.gfx.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://support.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:13 UTC	575	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 36 3a 31 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 30 30 37 36 39 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 57 65 64 2c 20 31 35 20 4e 6f 76 20 32 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:26:13 GMTContent-Type: application/javascriptContent-Length: 100769Connection: closeVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingVary: Accept-EncodingLast-Modified: Wed, 15 Nov 2
2023-12-07 09:26:13 UTC	15809	IN	Data Raw: 4d 65 43 6f 6e 74 72 6f 6c 44 65 66 69 6e 65 28 22 6d 65 43 6f 72 65 22 2c 5b 22 65 78 70 6f 72 74 73 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 69 6e 6c 69 6e 65 22 2c 22 40 6d 65 63 6f 6e 74 72 6f 6c 2f 77 65 62 2d 62 6f 6f 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 66 2c 68 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 72 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 74 7d 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 74 29 Data Ascii: MeControlDefine("meCore",["exports","@mecontrol/web-inline","@mecontrol/web-boot"],function(e,f,h){"use strict";var r=function(e,t){return(r=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)
2023-12-07 09:26:13 UTC	16384	IN	Data Raw: 74 29 29 2c 74 2e 73 74 61 74 65 3d 7b 65 78 70 61 6e 64 65 64 3a 21 31 7d 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 24 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 6e 65 77 20 66 2e 53 79 6e 74 68 65 74 69 63 45 76 65 6e 74 28 22 63 6f 6d 6d 61 6e 64 63 6c 69 63 6b 22 2c 7b 63 6f 6d 6d 61 6e 64 49 64 3a 74 2e 69 64 2c 63 75 72 72 65 6e 74 41 63 63 6f 75 6e 74 3a 6e 7d 29 2c 6f 3d 66 2e 67 65 74 4f 70 74 69 6f 6e 73 28 29 3b 6f 26 26 28 6f 2e 73 79 6e 74 68 65 74 69 63 45 76 65 6e 74 54 61 72 67 65 74 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 72 29 7c 7c 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 29 2c 74 2e 6f 6e 43 6c 69 63 6b 26 26 28 74 2e 6f 6e 43 6c 69 63 6b 28 72 29 2c 72 2e 64 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 26 26 65 2e 70 72 65 Data Ascii: t)),t.state={expanded:!1},t}function $(e,t,n){var r=new f.SyntheticEvent("commandclick",{commandId:t.id,currentAccount:n}),o=f.getOptions();o&&(o.syntheticEventTarget.dispatchEvent(r)\|\|e.preventDefault()),t.onClick&&(t.onClick(r),r.defaultPrevented&&e.pre
2023-12-07 09:26:14 UTC	16384	IN	Data Raw: 69 6f 6e 47 75 69 64 3a 74 2e 69 6d 70 72 65 73 73 69 6f 6e 47 75 69 64 2c 6d 61 72 6b 65 74 3a 66 2e 4d 45 2e 43 6f 6e 66 69 67 2e 6d 6b 74 2c 70 61 67 65 54 61 67 73 3a 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 66 2e 67 65 74 50 61 67 65 54 61 67 73 28 74 2e 61 63 63 6f 75 6e 74 73 2e 63 6f 75 6e 74 73 2c 74 2e 61 63 63 6f 75 6e 74 73 2e 63 75 72 72 65 6e 74 29 29 2c 63 6f 6e 74 65 6e 74 56 65 72 3a 22 32 2e 30 22 2c 63 6f 6e 74 65 6e 74 3a 22 5b 22 2b 72 2b 22 5d 22 7d 2c 70 61 72 74 43 3a 7b 62 61 73 65 54 79 70 65 3a 46 65 2c 70 61 67 65 4c 6f 61 64 54 69 6d 65 3a 4d 61 74 68 2e 72 6f 75 6e 64 28 65 2e 6c 6f 61 64 54 69 6d 65 29 2c 74 69 6d 69 6e 67 73 3a 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 2e 74 69 6d 69 6e 67 73 29 2c 63 6f 6f 6b 69 Data Ascii: ionGuid:t.impressionGuid,market:f.ME.Config.mkt,pageTags:JSON.stringify(f.getPageTags(t.accounts.counts,t.accounts.current)),contentVer:"2.0",content:"["+r+"]"},partC:{baseType:Fe,pageLoadTime:Math.round(e.loadTime),timings:JSON.stringify(e.timings),cooki
2023-12-07 09:26:14 UTC	16384	IN	Data Raw: 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 66 69 6c 6c 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 5c 78 33 61 70 75 72 70 6c 65 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 61 7a 75 72 65 5f 68 63 6c 69 67 68 74 20 2e 6d 65 63 74 72 6c 5f 63 75 72 72 65 6e 74 41 63 63 6f 75 6e 74 20 61 2e 6d 65 63 74 72 6c 5f 73 69 67 6e 6f 75 74 5c 78 33 61 61 63 74 69 76 65 5c 78 37 62 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 2d 61 64 6a 75 73 74 5c 78 33 61 6e 6f 6e 65 5c 78 33 62 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 Data Ascii: x23fff\x21important\x3bfill\x3a\x23fff\x21important\x3bbackground-color\x3apurple\x7d.mectrl_theme_azure_hclight .mectrl_currentAccount a.mectrl_signout\x3aactive\x7b-ms-high-contrast-adjust\x3anone\x3bcolor\x3a\x23fff\x21important\x3bborder-color\x3a\x23
2023-12-07 09:26:14 UTC	16384	IN	Data Raw: 6c 69 20 62 75 74 74 6f 6e 5c 78 37 62 62 6f 72 64 65 72 5c 78 33 61 73 6f 6c 69 64 20 31 70 78 5c 78 37 64 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 6d 65 6e 75 2e 66 69 78 65 64 2d 6d 65 6e 75 20 75 6c 5c 78 37 62 70 6f 73 69 74 69 6f 6e 5c 78 33 61 66 69 78 65 64 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 6d 65 6e 75 20 75 6c 5c 78 37 62 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 33 33 33 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 6d 65 6e 75 20 75 6c 20 61 5c 78 33 61 66 6f 63 75 73 2c 2e 6d 65 63 74 72 6c 5f 6d 65 6e 75 20 75 6c 20 62 75 74 74 6f 6e 5c 78 33 61 66 6f 63 75 73 5c 78 37 62 63 6f 6c 6f 72 5c Data Ascii: li button\x7bborder\x3asolid 1px\x7d\x7d.mectrl_menu.fixed-menu ul\x7bposition\x3afixed\x7d.mectrl_menu ul\x7bcolor\x3a\x23333\x21important\x3bbackground-color\x3a\x23fff\x21important\x7d.mectrl_menu ul a\x3afocus,.mectrl_menu ul button\x3afocus\x7bcolor\
2023-12-07 09:26:14 UTC	16384	IN	Data Raw: 61 5c 78 32 33 30 66 66 5c 78 37 64 5c 78 37 64 5c 78 34 30 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 5c 78 32 38 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 5c 78 33 61 62 6c 61 63 6b 2d 6f 6e 2d 77 68 69 74 65 5c 78 32 39 5c 78 37 62 2e 6d 65 63 74 72 6c 5f 61 63 63 6f 75 6e 74 49 74 65 6d 20 2e 70 72 69 6d 61 72 79 41 63 74 69 6f 6e 2e 65 78 70 61 6e 64 65 64 2e 73 69 67 6e 49 6e 2c 2e 6d 65 63 74 72 6c 5f 61 63 63 6f 75 6e 74 49 74 65 6d 5c 78 33 61 68 6f 76 65 72 20 2e 70 72 69 6d 61 72 79 41 63 74 69 6f 6e 2e 73 69 67 6e 49 6e 5c 78 37 62 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 5c 78 33 61 69 6e 64 69 67 6f 5c 78 37 64 5c 78 37 64 2e 6d 65 63 74 72 6c 5f 61 63 63 6f 75 6e 74 49 74 65 6d 20 2e 70 72 69 6d 61 72 79 41 63 74 69 Data Ascii: a\x230ff\x7d\x7d\x40media screen and \x28-ms-high-contrast\x3ablack-on-white\x29\x7b.mectrl_accountItem .primaryAction.expanded.signIn,.mectrl_accountItem\x3ahover .primaryAction.signIn\x7bbackground-color\x3aindigo\x7d\x7d.mectrl_accountItem .primaryActi
2023-12-07 09:26:14 UTC	3040	IN	Data Raw: 69 67 67 65 72 2e 65 78 70 61 6e 64 65 64 2c 2e 6d 65 63 74 72 6c 5f 74 68 65 6d 65 5f 61 7a 75 72 65 5f 68 63 6c 69 67 68 74 20 2e 6d 65 63 74 72 6c 5f 61 63 63 6f 75 6e 74 41 63 74 69 6f 6e 73 20 2e 6d 65 63 74 72 6c 5f 74 72 69 67 67 65 72 5c 78 33 61 68 6f 76 65 72 5c 78 37 62 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 2d 61 64 6a 75 73 74 5c 78 33 61 6e 6f 6e 65 5c 78 33 62 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 5c 78 33 61 5c 78 32 33 66 66 66 5c 78 32 31 69 6d 70 6f 72 74 61 6e 74 5c 78 33 62 66 69 6c 6c 5c 78 33 61 5c 78 32 Data Ascii: igger.expanded,.mectrl_theme_azure_hclight .mectrl_accountActions .mectrl_trigger\x3ahover\x7b-ms-high-contrast-adjust\x3anone\x3bcolor\x3a\x23fff\x21important\x3bborder-color\x3a\x23fff\x21important\x3boutline-color\x3a\x23fff\x21important\x3bfill\x3a\x2

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:15 UTC	600	OUT	GET /16.000/content/js/MeControl_MhktgtiMAnSkSgiYU2_TkQ2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-07 09:26:15 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 37 20 44 65 63 20 32 30 32 33 20 30 39 3a 32 36 3a 31 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 30 35 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 46 72 69 2c 20 30 36 20 4f 63 74 20 32 30 32 33 20 30 35 3a 30 33 3a 32 32 20 47 4d 54 0d 0a 45 54 61 67 3a 20 30 78 38 Data Ascii: HTTP/1.1 200 OKDate: Thu, 07 Dec 2023 09:26:15 GMTContent-Type: application/x-javascriptContent-Length: 6053Connection: closeCache-Control: public, max-age=31536000Content-Encoding: gzipLast-Modified: Fri, 06 Oct 2023 05:03:22 GMTETag: 0x8
2023-12-07 09:26:15 UTC	6053	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 a5 3b 6b 77 d3 ba b2 7f a5 f5 ea 02 fb c6 0d 49 d9 6c c0 a9 e1 b6 a5 1c 0a 85 02 2d 8f bd 4b 4f 96 2c 2b 89 5b c7 0e b6 d3 c7 0e b9 bf fd ce 8c 24 5b 76 1c e0 dc fb 01 2a 8f a4 d1 68 5e 9a 19 29 a3 79 c2 8b 28 4d 36 86 93 5b 9b 39 8b 4c 14 f3 2c d9 60 cf 8b 6c 2e 3c e6 fb bd 1f 3f e0 ff 11 8b 73 41 2d cb 5a 8e ca 39 2f e6 36 73 83 72 96 c4 f1 9c 79 81 31 e6 b5 89 76 23 4a f2 82 25 5c a4 a3 8d bd 2c 63 77 c6 c0 fd 17 c6 48 4b c3 ad ee 70 f4 b7 5d dc cd 70 0a 73 91 2c c7 98 f4 d2 98 a3 07 01 91 79 91 45 c9 d8 24 75 ff d0 18 29 09 bd 77 8f a6 df bb c7 36 6b db 82 c9 27 d9 0b 31 62 f3 b8 a8 ef 8f 90 34 f6 b7 f7 10 11 47 23 7b 93 b0 39 7a 03 d6 00 60 ac 1b b3 bc 38 4a 42 71 7b 32 b2 ad ae e5 ec f6 8c 11 9a 2d dd 22 3d 4e 6f 44 76 Data Ascii: ;kwIl-KO,+[$[v*h^)y(M6[9L,`l.<?sA-Z9/6sry1v#J%\,cwHKp]ps,yE$u)w6k'1b4G#{9z`8JBq{2-"=NoDv

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:26:40 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TYWc9HTnbSHGk9t&MD=bv2pV4Xu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-07 09:26:40 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 38 64 37 39 35 38 63 64 2d 32 66 61 34 2d 34 38 39 39 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 8d7958cd-2fa4-4899-
2023-12-07 09:26:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-07 09:26:40 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Timestamp	Bytes transferred	Direction	Data
2023-12-07 09:27:16 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000004287BD53E7 HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2023-12-07 09:27:17 UTC	817	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 34 6f 47 4f 6b 63 33 35 6f 7a 74 67 61 6b 71 48 55 61 68 75 4c 41 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 64 6f 77 6e 6c 6f 61 64 2d 64 74 2f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-4oGOkc35oztgakqHUahuLA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1Content-Security-P
2023-12-07 09:27:17 UTC	219	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 37 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 32 65 31 35 66 38 39 0a Data Ascii: rlzC1: 1C1ONGR_enUS1087rlzC2: 1C2ONGR_enUS1087rlzC7: 1C7ONGR_enUS1087dcc: set_dcc: C1:1C1ONGR_enUS1087,C2:1C2ONGR_enUS1087,C7:1C7ONGR_enUS1087events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 2e15f89

Target ID:	0
Start time:	10:25:41
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	10:25:45
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,2778689426244649836,16934547055681853078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	10:25:47
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Windows Analysis Report
https://support.microsoft.com/en-us/office/restore-deleted-files-or-folders-in-onedrive-949ada80-0026-4db3-a953-c99083e6a84f

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre