Edit tour

Windows Analysis Report
securedoc_20240327T095809.html

Overview

General Information

Sample name:	securedoc_20240327T095809.html
Analysis ID:	1417555
MD5:	44455a91f72ab9e8d685aa703cde01cd
SHA1:	c9bdb93cf8b00e1ab0367c88f826c069af0ba0d4
SHA256:	4155158042b58e1c8d6522ad0017658e84a3847ce5c8217f720015c69dc25ff6
Infos:

Detection

Score:	23
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suspicious Javascript code found in HTML file

Detected hidden input values containing email addresses (often used in phishing pages)

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20240327T095809.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2016,i,12304014152104362397,15301322850232453726,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688%2Ecorpmailsvcs%2Ecom%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27YWNjb3VudHNwYXlhYmxlIDxhY2NvdW50c3BheWFibGVAY3JhbmV3YXJlLmNvbT4sICJwaGFybWFjeWJpbGxpbmdhZG1pbkBjaGFuZ2VoZWFsdGhjYXJlLmNvbSIgPHBoYXJtYWN5YmlsbGluZ2FkbWluQGNoYW5nZWhlYWx0aGNhcmUuY29tPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27LHCijzkUvfOdEEtnk6xpAw%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1711551489199%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,43824%5D,%27Body-1711551489199%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B%27image002%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image002%2Epng%27,%0D%0A21,%5B43824,3817%5D,%27image002%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image003%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image003%2Epng%27,%0D%0A21,%5B47641,5468%5D,%27image003%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B53109,63586%5D,%27MessageBar%2Ehtml%27,%0D%0A%27UTF-16%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27frfzhcw7G%2FNdlMuvS%2BfQLm5CkoE%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27j3rt2rKVtePYhOdkWuHqAvG5IPgP7XWniwxQo6069G4%2FUd1VX8br2nlNrN%2FfyhxIJFGRvKeVONEaCVW6N5mXAjdjK4Zct33b5Yp26m8kPhxD4TzzWva%2B%2F3%2BMC76krWXVGGGdx2CCsZxmrl30Sn%2FaToDfKjQil6%2FRjJWeT5GCmzjirnek%2Ft0%2FPJl6fd1571mAV0g9fyaegZ1Eo0AouxnxsTs1WtzYkDuF5q%2BWH3zhHCfqjegwpVSU2m0uJ8kq2xj8FIMs%2Bsnr5Ya3yuo7aiem0xMqwkl%2Fr5j2Q7rSn8UBGO%2BzOpCaiO6cM7NbLpzTzrJ%2BI5SjwsiRhHJ8nHGz6G7lIFHnF2WsRGfYZ%2BubPnt4xioEjSYGMsauab95VpoQMAq9dvVh3So0VyGx7I6Cfl7UGAwPqSNWTciWoVYVZfQS7FowRMDPPygldJNaNfVsiBu4ZTho9mfPFKeQg0yJCIJtEzOWq6SPbBojJbDH1OUaVtOeYGedoTtJAI6yUC3ypf56IAEsCPrs1jS8CEXLZ1mOc5umusG0nud0q1OLSLIF5b5iBCnmnMcCbqMhZWCvU0F4Bo%2FeSKZmAAABPsR0vDeTMuFuSKyGmWmmImTnoOvDC9Sbuzo3JqatAse1NSJEdpSP8Qfek9WtRyk9fB9gBE0HcLX2nfEaMsx48j8NIz%2F7%2BiTcMaY0i5ypyXH7plGkABDu2WC3mQecoTQMJrIQcVSSseDP4Mp9YJbyzUIE8xYfRZIKGK6baMcGibkQQYdNcljAVeBML9t6TB9n5a%2FtWUBYa4vZUJLB2ddCLkxYle92snWtpe5ELk%2FsWpQxQbBTjBdGrfeexLHsiUizODJc%2FGxamsOjcbwFamyKwsICM%2BiutEzZlWJyRAWab%2BUUZiinrZBQcyuL7Jj4OsHw6JhrLphOKkZYXKUD2EpUyrGeMyo69G4L9dGsxF%2Bcxu903zE%2F06eYwOc9Ot9ukQ8J427a2gana9Ghe%2FlzVq66qYsGJ9YqkJ%2Bx5P7X9UXd1WaSwn1lQi3jqVNbnePDwOrzl0NlGgT0%2F6v%2Fydd%2B%2F7XDFKJKYKE13d4VImSKxOCApc2XZPc7VwtVqJ3SItbKmHZWAqD99SWMTCoKAPEEDfBnwzm90bTKC9Jd8r0lvHY%2BvdnOTV7DBpyAbBeKSa%2B9fSaiTatQleBMnphHTXkJcC4j%2Br27bx%2BsbcrLbdzHukkXkIlNvfxC7PU93LIw4boxVSOdyGf1H6gI2t1ogDpzTVA1O3YEKrpoI9dtjfZfzT5OywiMG%2Bz0Sf01x%2F46TZ8zkIgq0au86ZDrtf%2BdFzQH61SJI

Source: Joe Sandbox View	IP Address: 195.130.217.180 195.130.217.180
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 184.94.241.74 184.94.241.74
Source: Joe Sandbox View	IP Address: 104.17.25.14 104.17.25.14

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /postx.css HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Light.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com?su=&df=&tf=&lp=en&v=2&m=%7c1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688.corpmailsvcs.com&s=1&f=0&d=1711725073246&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/3F8MFGTLrjLNrGEuoJ9LZYq2CZHs77TvrbWgLybRWK5Cx1YIjrZ5X7EVrtiiQDXJHakcWoQ4l9X_WG_OuHJVgMxr-H05_K-Ch48tBOAAjef8TY7QwNOdendkOtQvA5_NAi1syjbf8k84asafJGw1g3vFMwvOHroINaroUbuwMo3g-pJA0nCTLqLnu1DLQMpuk1XcUDFdHQWwls_CUbLvNUHrVniYrlWnxmur2t3lYUjvpZcpUgJYWVBySL9h1rma7CW94Zwg9HzSCtI_gc7YNhwrhdyPiXSElVE_4ehqZMVehGJOFd-y9Bse49i8G6TLtJIRvbeE_TOefuWfqKTh6hHcIyC74aGYmL5umdWnR7_J2syUjan8A7lIo5T6j0rb25CW4ff7C1WA7kth-MIkisj8XzQOd9PABBu_Qb8LgIKa-_ETrtCC5asVHoidzw6yJQFM1gDw4IO4Rs_Np3U4bjzzRZBswec56uzuYOhxC5x-yukitpxuLqvzNW78STFsHf3D3Wbg7Pv2-nNVRxgXshxFzyls2aQ7UQp4dwIrpTAaW1cic3ZqSnjAM-HamFKdjeqZ-BzpdxoCbf7iMKWlxgc6KVDcarMKvHQQesDRfkE1epCtkLph5djuLReNdSSmosmAVMoOdA4Er9Dohn3UQu_KrG3fHPwaK36U9Lhl2HXsxNRalV5ab5kRrHNYHqp0tvbzKcC203MdXPwGjY4v3PbMYPg2a8BZMTgvji1-rM2gjefw1RCdKMUyhwQuKMLgp7IH3-GH6swleggNzCSaGbye_ZdWJPwNQz9zLP13TKhBNJq1EwArnH8XzPXRoiia2KGc7JHoVVD8dA2pXuDG8oW0I82iTSIiUT8XV5CkUH7ZzgtysD8e0EAlNmsng1S3x9McbYRsODUEvSycfqWEwrzywKWx6gGj-6MR1CtaEG_lLlgc9cbcigsqB_TWL2Y9wh7YuvirIgHHZidMHyuv_oUQgpFw_xH96IJH6esB7XuG-LhJ0c8NMb_1aKvLeK0ffRHo826doemavJ-7CfRGyXRUmjbT-jpl_ZJb_zucrHyr2zvbrtVm1Im89UhhcqkzLWPVWvtJxHoWcViy_20wh4mFzGdq_Ez2oGSy37UL2QSDEXrYKPf3IcYDEhjFPbT8gcjwORpffBDoDvNu-1aFUCUDojxNaDUHRSaPiJOMq6giNomlh8kz_kMvZ1hbOr7hk-9GzYxXI4TnAFas-5l57deKywNh_HLnUbR1kmFXk5uZFizRjZRVB_0PdF1q1lePp1ptcqd8r3OMpjBPfRcyLmLBuOekkwKYt8SH3QhkWmwS8lTffKyHwQvUnuKQc48AeoYgXOFNKLGYt45Uvgli98UDMrZs9HszyU3bhGLr-V1r0d6zwlAmjc7MJtIf5rsALq4OBfyUsICTF_80tMgGDKA4WyvOMq-QtTAVi8PcQIqOlmrVeqeS-UvOJEoI64ZZeuEyirX_Q3aRc61TTiGRho_06-e1GI9bia7Ymv9hO-B5Pn5_QW7W0CgE0nq9i24LeYR6j1i01ULjMzw3rpScPFl4woXB7dEeRO--icJHw-5pK23irtZEca7j8TcfAnCHmEMGr9CYv-O4ZNlbUIJR4qpWylU6rJCkyk50I2kEixU4DMXAVw6r8HamgjZW2e1pcLTxDGjvf_QhMyNs8OVqQGUuN1_ztZhKtL0LzgAEWj-uGwjK5djnCinShO6xiniF3fgwuFdsUesVi9_KRWUYYYhxtgErphsPd56Zu5cyTm8qykzXEAOeRZ0TTEWCISyh7iwkn6kYF4CDAF7GM9JH0KO4uVOxaDWTDj38V6NH4Q2YTtG-LiN3QLcdiplshI2S5IWD0d5gAzBLPq-hFgDNzt8RGqY6EcCsA8HQF5geFaDM2qGE3fFtYLscRRVoUD0jcV3mV70ANDW0CfuIXMS97_qcEQ9vqqBShRANccfwN_kxb-1pejuO59k1HUfYg8spqgbZpQDL-2bAd84L7Ml2Zorst8ofvQNf_wrtvqc9SH_jYHXuIkvfyb5CuA3nfDB7tVhQJXKXLTfuJjKYn2mnQgWj3cATCcrpP1NEYi1cbV2MQx0aMo1E8PERONAAQdQA HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5Bus8xRHxnHaSd&MD=TKPwXKu2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5Bus8xRHxnHaSd&MD=TKPwXKu2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688%2Ecorpmailsvcs%2Ecom%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27YWNjb3VudHNwYXlhYmxlIDxhY2NvdW50c3BheWFibGVAY3JhbmV3YXJlLmNvbT4sICJwaGFybWFjeWJpbGxpbmdhZG1pbkBjaGFuZ2VoZWFsdGhjYXJlLmNvbSIgPHBoYXJtYWN5YmlsbGluZ2FkbWluQGNoYW5nZWhlYWx0aGNhcmUuY29tPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27LHCijzkUvfOdEEtnk6xpAw%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1711551489199%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,43824%5D,%27Body-1711551489199%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B%27image002%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image002%2Epng%27,%0D%0A21,%5B43824,3817%5D,%27image002%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image003%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image003%2Epng%27,%0D%0A21,%5B47641,5468%5D,%27image003%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B53109,63586%5D,%27MessageBar%2Ehtml%27,%0D%0A%27UTF-16%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27frfzhcw7G%2FNdlMuvS%2BfQLm5CkoE%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27j3rt2rKVtePYhOdkWuHqAvG5IPgP7XWniwxQo6069G4%2FUd1VX8br2nlNrN%2FfyhxIJFGRvKeVONEaCVW6N5mXAjdjK4Zct33b5Yp26m8kPhxD4TzzWva%2B%2F3%2BMC76krWXVGGGdx2CCsZxmrl30Sn%2FaToDfKjQil6%2FRjJWeT5GCmzjirnek%2Ft0%2FPJl6fd1571mAV0g9fyaegZ1Eo0AouxnxsTs1WtzYkDuF5q%2BWH3zhHCfqjegwpVSU2m0uJ8kq2xj8FIMs%2Bsnr5Ya3yuo7aiem0xMqwkl%2Fr5j2Q7rSn8UBGO%2BzOpCaiO6cM7NbLpzTzrJ%2BI5SjwsiRhHJ8nHGz6G7lIFHnF2WsRGfYZ%2BubPnt4xioEjSYGMsauab95VpoQMAq9dvVh3So0VyGx7I6Cfl7UGAwPqSNWTciWoVYVZfQS7FowRMDPPygldJNaNfVsiBu4ZTho9mfPFKeQg0yJCIJtEzOWq6SPbBojJbDH1OUaVtOeYGedoTtJAI6yUC3ypf56IAEsCPrs1jS8CEXLZ1mOc5umusG0nud0q1OLSLIF5b5iBCnmnMcCbqMhZWCvU0F4Bo%2FeSKZmAAABPsR0vDeTMuFuSKyGmWmmImTnoOvDC9Sbuzo3JqatAse1NSJEdpSP8Qfek9WtRyk9fB9gBE0HcLX2nfEaMsx48j8NIz%2F7%2BiTcMaY0i5ypyXH7plGkABDu2WC3mQecoTQMJrIQcVSSseDP4Mp9YJbyzUIE8xYfRZIKGK6baMcGibkQQYdNcljAVeBML9t6TB9n5a%2FtWUBYa4vZUJLB2ddCLkxYle92snWtpe5ELk%2FsWpQxQbBTjBdGrfeexLHsiUizODJc%2FGxamsOjcbwFamyKwsICM%2BiutEzZlWJyRAWab%2BUUZiinrZBQcyuL7Jj4OsHw6JhrLphOKkZYXKUD2EpUyrGeMyo69G4L9dGsxF%2Bcxu903zE%2F06eYwOc9Ot9ukQ8J427a2gana9Ghe%2FlzVq66qYsGJ9YqkJ%2Bx5P7X9UXd1WaSwn1lQi3jqVNbnePDwOrzl0NlGgT0%2F6v%2Fydd%2B%2F7XDFKJKYKE13d4VImSKxOCApc2XZPc7VwtVqJ3SItbKmHZWAqD99SWMTCoKAPEEDfBnwzm90bTKC9Jd8r0lvHY%2BvdnOTV7DBpyAbBeKSa%2B9fSaiTatQleBMnphHTXkJcC4j%2Br27bx%2BsbcrLbdzHukkXkIlNvfxC7PU93LIw4boxVSOdyGf1H6gI2t1ogDpzTVA1O3YEKrpoI9dtjfZfzT5OywiMG%2Bz0Sf01x%2F46TZ8zkIgq0au86ZDrtf%2BdFzQH61SJI
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: static.cres-aws.com

Source: securedoc_20240327T095809.html	String found in binary or memory: http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5F
Source: chromecache_68.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterLightWeightSlant
Source: chromecache_80.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterSemiBoldWeightSlant
Source: chromecache_72.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlant
Source: chromecache_79.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlantRegular
Source: securedoc_20240327T095809.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Source: securedoc_20240327T095809.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
Source: securedoc_20240327T095809.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
Source: chromecache_80.2.dr, chromecache_68.2.dr	String found in binary or memory: https://github.com/rsms/inter)Inter
Source: chromecache_79.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
Source: chromecache_72.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: chromecache_74.2.dr	String found in binary or memory: https://github.com/select2/select2/blob/master/LICENSE.md
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=authFrame
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com/websafe/images/loginbg.gif
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443/keyserver/keyserver
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=PPNotShown
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=RegEnvelope
Source: securedoc_20240327T095809.html	String found in binary or memory: https://res.cisco.com:443/websafe/pswdForgot.action
Source: securedoc_20240327T095809.html	String found in binary or memory: https://static.cres-aws.com/CRES_login_bg.jpg
Source: securedoc_20240327T095809.html	String found in binary or memory: https://static.cres-aws.com/postx.css
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/9_gNC1wrNT6PwpVtXssXg?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/Dp--C4xR3HzDAJXsjPJbG?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/aKDOC2kvNhVBokMh95_gc?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/c5z9C5y94uMXY0BCli2pa?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/iBBRCZ6VnS7knMJHKXwvL?domain=res.cisco.com
Source: securedoc_20240327T095809.html	String found in binary or memory: https://url.uk.m.mimecastprotect.com/s/vjFtC312XtXyYmnhvrGnN?domain=res.cisco.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49737 version: TLS 1.2

Source: classification engine

Classification label: sus23.phis.winHTML@14/33@16/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20240327T095809.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2016,i,12304014152104362397,15301322850232453726,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2016,i,12304014152104362397,15301322850232453726,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
url.uk.m.mimecastprotect.com	2%	Virustotal		Browse
static.cres-aws.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://url.uk.m.mimecastprotect.com/s/aKDOC2kvNhVBokMh95_gc?domain=res.cisco.com	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/securedoc_20240327T095809.html	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/iBBRCZ6VnS7knMJHKXwvL?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/c5z9C5y94uMXY0BCli2pa?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/9_gNC1wrNT6PwpVtXssXg?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/Dp--C4xR3HzDAJXsjPJbG?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf	0%	Avira URL Cloud	safe
https://static.cres-aws.com/postx.css	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com?su=&df=&tf=&lp=en&v=2&m=%7c1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688.corpmailsvcs.com&s=1&f=0&d=1711725073246&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36	0%	Avira URL Cloud	safe
https://static.cres-aws.com/CRES_login_bg.jpg	0%	Avira URL Cloud	safe
https://url.uk.m.mimecastprotect.com/s/vjFtC312XtXyYmnhvrGnN?domain=res.cisco.com	0%	Avira URL Cloud	safe
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf	0%	Avira URL Cloud	safe
https://static.cres-aws.com/postx.css	0%	Virustotal		Browse
https://static.cres-aws.com/CRES_login_bg.jpg	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
res.cisco.com	184.94.241.74	true	false		high
url.uk.m.mimecastprotect.com	195.130.217.180	true	false	2%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
www.google.com	172.253.122.106	true	false		high
d2qj7djftjbj85.cloudfront.net	108.138.85.60	true	false		high
static.cres-aws.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/securedoc_20240327T095809.html	false	Avira URL Cloud: safe	low
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/websafe/images/loginbg.gif	false		high
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css	false		high
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en	false		high
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/keyserver/keyserver	false		high
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1	false		high
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en	false		high
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en&try=1	false		high
https://static.cres-aws.com/postx.css	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com?su=&df=&tf=&lp=en&v=2&m=%7c1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688.corpmailsvcs.com&s=1&f=0&d=1711725073246&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36	false	Avira URL Cloud: safe	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en	false		high
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en	false		high
https://static.cres-aws.com/CRES_login_bg.jpg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js	false		high
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en	false		high
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en	false		high
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1	false		high
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5F	securedoc_20240327T095809.html	false		high
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg	securedoc_20240327T095809.html	false		high
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn	securedoc_20240327T095809.html	false		high
https://url.uk.m.mimecastprotect.com/s/aKDOC2kvNhVBokMh95_gc?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
https://url.uk.m.mimecastprotect.com/s/iBBRCZ6VnS7knMJHKXwvL?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
https://url.uk.m.mimecastprotect.com/s/c5z9C5y94uMXY0BCli2pa?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
https://github.com/select2/select2/blob/master/LICENSE.md	chromecache_74.2.dr	false		high
https://res.cisco.com:443/websafe/help?topic=RegEnvelope	securedoc_20240327T095809.html	false		high
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter	chromecache_79.2.dr	false		high
https://url.uk.m.mimecastprotect.com/s/9_gNC1wrNT6PwpVtXssXg?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
https://res.cisco.com/websafe/custom.action?cmd=authFrame	securedoc_20240327T095809.html	false		high
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter	chromecache_72.2.dr	false		high
https://url.uk.m.mimecastprotect.com/s/Dp--C4xR3HzDAJXsjPJbG?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
http://scripts.sil.org/OFLWeightSlant	chromecache_72.2.dr	false		high
https://res.cisco.com:443/websafe/help?topic=PPNotShown	securedoc_20240327T095809.html	false		high
http://scripts.sil.org/OFLWeightSlantRegular	chromecache_79.2.dr	false		high
https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp	securedoc_20240327T095809.html	false		high
https://res.cisco.com:443/websafe/pswdForgot.action	securedoc_20240327T095809.html	false		high
http://scripts.sil.org/OFLInterLightWeightSlant	chromecache_68.2.dr	false		high
https://res.cisco.com:443	securedoc_20240327T095809.html	false		high
https://res.cisco.com:443/keyserver/keyserver	securedoc_20240327T095809.html	false		high
https://github.com/rsms/inter)Inter	chromecache_80.2.dr, chromecache_68.2.dr	false		high
https://url.uk.m.mimecastprotect.com/s/vjFtC312XtXyYmnhvrGnN?domain=res.cisco.com	securedoc_20240327T095809.html	false	Avira URL Cloud: safe	unknown
http://scripts.sil.org/OFLInterSemiBoldWeightSlant	chromecache_80.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.106	www.google.com	United States	15169	GOOGLEUS	false
195.130.217.180	url.uk.m.mimecastprotect.com	United Kingdom	42427	MIMECAST-UKGB	false
108.138.85.60	d2qj7djftjbj85.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.94.241.74	res.cisco.com	United States	16417	IRONPORT-SYSTEMS-INCUS	false
108.138.85.84	unknown	United States	16509	AMAZON-02US	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417555
Start date and time:	2024-03-29 16:10:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	securedoc_20240327T095809.html
Detection:	SUS
Classification:	sus23.phis.winHTML@14/33@16/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.63.94, 142.251.167.84, 142.251.167.95, 172.253.122.102, 172.253.122.113, 172.253.122.100, 172.253.122.101, 172.253.122.139, 172.253.122.138, 34.104.35.123, 142.251.163.94, 142.251.16.139, 142.251.16.138, 142.251.16.101, 142.251.16.100, 142.251.16.102, 142.251.16.113
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ajax.googleapis.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
195.130.217.180	https://protect-eu.mimecast.com/s/1176CnxV1CK4O5zhJtqJI?domain=protect.checkpoint.com	Get hash	malicious	Unknown	Browse
	https://protect-eu.mimecast.com/s/UIJ2C2xAMCRxBZAUneUgR?domain=1cl3j.trk.elasticemail.com	Get hash	malicious	Unknown	Browse
	https://protect-eu.mimecast.com/s/XBhRCJZgMfLE6xiVWC4V?domain=archirodon-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	https://protect-eu.mimecast.com/s/uW5ACD81vSDOBZfWnTfl	Get hash	malicious	HTMLPhisher	Browse
	https://protect-eu.mimecast.com/s/ps2yCL7ZzTEr6KVUPRpdf?domain=youtube.com	Get hash	malicious	Unknown	Browse
	https://protect-eu.mimecast.com/s/iyG9C6X7QtyNANJspBNtt?domain=email.mg.chemist2u.com.au%5D	Get hash	malicious	Unknown	Browse
	Lo0111621.html	Get hash	malicious	Unknown	Browse
	80172093021-684374WAV.html	Get hash	malicious	Unknown	Browse
239.255.255.250	http://acsense.com	Get hash	malicious	Unknown	Browse
	http://www.osceolataxcollector.org	Get hash	malicious	Unknown	Browse
	https://cinnaminsonnj.org	Get hash	malicious	Unknown	Browse
	http://us.securewebstatus.com	Get hash	malicious	Unknown	Browse
	https://peleki5574.wixsite.com/service-authentifica	Get hash	malicious	Unknown	Browse
	http://bonosbevvy.com/imei2o7jwqr0/73384	Get hash	malicious	Unknown	Browse
	https://riversidetwp.org	Get hash	malicious	Unknown	Browse
	index[1].htm	Get hash	malicious	Unknown	Browse
	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse
	http://specialtaskevents.com	Get hash	malicious	Unknown	Browse
108.138.85.60	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse
108.138.85.60	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse
184.94.241.74	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse
	http://res.cisco.com/envelopeopener/pf/ZGJAUG9zdFhuZXQgVG9rZW46MTAwMDE!/fhj.kysPBL1vCr-Ap0cgAxtf-4oAnvhBQdGWEbLmIsfjOkRt1iRs6AjBPp6q3ex6OVzfkENWZJb6NYNiwEi.uZSk84ZMSx7qDA!!/	Get hash	malicious	Unknown	Browse
	securedoc_20231101T114817.html	Get hash	malicious	Unknown	Browse
	securedoc_20231030T033913.html	Get hash	malicious	Unknown	Browse
	https://tinyurl.com/mu4vnty3	Get hash	malicious	HTMLPhisher	Browse
104.17.25.14	http://tvchd.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdnjs.cloudflare.com	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse	104.17.24.14
	https://depl.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://8e1fd3fcd03b297a.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://ithmnarokhmnraeohntkhnrthjrt.azurewebsites.net/	Get hash	malicious	TechSupportScam	Browse	104.17.24.14
	https://portal.bakfar.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://28marmic11.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	104.17.24.14
	Signature Required Audits evaluation for lewis on Thursday March 28 2024.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://www.cyclic.sh/pricing	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://celtichouse.net	Get hash	malicious	Unknown	Browse	104.17.25.14
url.uk.m.mimecastprotect.com	https://url.uk.m.mimecastprotect.com/s/nHqyCj8BmuO69jcWWbAS	Get hash	malicious	Unknown	Browse	195.130.217.73
d2qj7djftjbj85.cloudfront.net	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse	108.138.85.20
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse	108.138.85.60
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse	3.163.115.70
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse	18.173.166.40
res.cisco.com	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	http://res.cisco.com/envelopeopener/pf/ZGJAUG9zdFhuZXQgVG9rZW46MTAwMDE!/fhj.kysPBL1vCr-Ap0cgAxtf-4oAnvhBQdGWEbLmIsfjOkRt1iRs6AjBPp6q3ex6OVzfkENWZJb6NYNiwEi.uZSk84ZMSx7qDA!!/	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231101T114817.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231030T033913.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	https://tinyurl.com/mu4vnty3	Get hash	malicious	HTMLPhisher	Browse	184.94.241.74

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://acsense.com	Get hash	malicious	Unknown	Browse	104.17.251.168
	http://www.osceolataxcollector.org	Get hash	malicious	Unknown	Browse	104.18.15.74
	https://cinnaminsonnj.org	Get hash	malicious	Unknown	Browse	172.67.165.242
	http://us.securewebstatus.com	Get hash	malicious	Unknown	Browse	104.21.32.77
	oBMlky3Rkm7h5QK.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	BL-INVOICE SHIPPING DOCUMENTS.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	http://bonosbevvy.com/imei2o7jwqr0/73384	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://riversidetwp.org	Get hash	malicious	Unknown	Browse	104.18.11.207
	CamScanner.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
IRONPORT-SYSTEMS-INCUS	securedoc_20240328T081124.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240212T082824.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20240207T142952.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	bankozk_securedoc_20231214T140252.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	http://res.cisco.com/envelopeopener/pf/ZGJAUG9zdFhuZXQgVG9rZW46MTAwMDE!/fhj.kysPBL1vCr-Ap0cgAxtf-4oAnvhBQdGWEbLmIsfjOkRt1iRs6AjBPp6q3ex6OVzfkENWZJb6NYNiwEi.uZSk84ZMSx7qDA!!/	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231101T114817.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	securedoc_20231030T033913.html	Get hash	malicious	Unknown	Browse	184.94.241.74
	EEad1s92K0.elf	Get hash	malicious	Mirai	Browse	139.138.27.235
	EPtVmZ90nq.elf	Get hash	malicious	Mirai	Browse	139.138.27.228
	IDzTyPghZg.exe	Get hash	malicious	Unknown	Browse	68.232.155.61
MIMECAST-UKGB	https://url.uk.m.mimecastprotect.com/s/nHqyCj8BmuO69jcWWbAS	Get hash	malicious	Unknown	Browse	195.130.217.73
	https://protect-eu.mimecast.com/s/H0XwC59yjF8D25fx__xN?domain=tracker.club-os.com	Get hash	malicious	Fake Captcha	Browse	91.220.42.235
	https://protect-eu.mimecast.com/s/7g3oCn540u6wYy4I9DVc6?domain=app.getresponse.com	Get hash	malicious	Unknown	Browse	195.130.217.187
	https://protect-eu.mimecast.com/s/-GACC717RFQ0oZ2S8mLiz?domain=docs.google.com	Get hash	malicious	HTMLPhisher	Browse	91.220.42.63
	Excel.html	Get hash	malicious	HTMLPhisher	Browse	91.220.42.230
	https://protect-eu.mimecast.com/s/dPhhCGZPjUGrwjntKEyWC?domain=ecv.microsoft.com	Get hash	malicious	Unknown	Browse	91.220.42.215
	https://protect-eu.mimecast.com/s/dPhhCGZPjUGrwjntKEyWC?domain=ecv.microsoft.com	Get hash	malicious	Unknown	Browse	195.130.217.73
	https://protect-eu.mimecast.com/s/dPhhCGZPjUGrwjntKEyWC?domain=ecv.microsoft.com	Get hash	malicious	Unknown	Browse	195.130.217.73
	https://protect-eu.mimecast.com/s/dPhhCGZPjUGrwjntKEyWC?domain=ecv.microsoft.com	Get hash	malicious	Unknown	Browse	195.130.217.187
	v6SEx6rJ3E.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	91.220.42.211
AMAZON-02US	http://acsense.com	Get hash	malicious	Unknown	Browse	35.183.149.76
	http://www.osceolataxcollector.org	Get hash	malicious	Unknown	Browse	54.191.10.61
	https://cinnaminsonnj.org	Get hash	malicious	Unknown	Browse	35.160.179.184
	https://peleki5574.wixsite.com/service-authentifica	Get hash	malicious	Unknown	Browse	52.85.132.10
	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	BMJzumU0MX.elf	Get hash	malicious	Mirai	Browse	15.165.124.157
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse	3.0.224.187
	package80171530600.jpg.lnk	Get hash	malicious	XWorm	Browse	52.217.197.49
AMAZON-02US	http://acsense.com	Get hash	malicious	Unknown	Browse	35.183.149.76
	http://www.osceolataxcollector.org	Get hash	malicious	Unknown	Browse	54.191.10.61
	https://cinnaminsonnj.org	Get hash	malicious	Unknown	Browse	35.160.179.184
	https://peleki5574.wixsite.com/service-authentifica	Get hash	malicious	Unknown	Browse	52.85.132.10
	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	BMJzumU0MX.elf	Get hash	malicious	Mirai	Browse	15.165.124.157
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse	3.0.224.187
	package80171530600.jpg.lnk	Get hash	malicious	XWorm	Browse	52.217.197.49

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://acsense.com	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	http://www.osceolataxcollector.org	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	https://cinnaminsonnj.org	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	http://us.securewebstatus.com	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	https://riversidetwp.org	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	index[1].htm	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse	23.221.242.90 20.114.59.183
	http://bigzipfiles.facebook.com	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183
	https://activeonlinemailuelmanagment.com/Mcm9iZXJ0Lm1hcnRpbmpyQGJvYXJzaGVhZC5jb20=	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.221.242.90 20.114.59.183
	https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux3k7rbbypnm4j2kukqhuubg3om6u5g6gvfkl4gcbs3fdjb7yu3c576dxbg3rkm3e3oav57gu5dlafhnhgr7aofe5mryxqbfeholwxghjdanxxwgkzskmxbcyhb5iuko43dmnq5izqs3pwrwvghq2ex7g6ssikyehcqfqbhovurpxihuxnsbqoetswfgajccnbhp3w63j5cesjoffibslo	Get hash	malicious	Unknown	Browse	23.221.242.90 20.114.59.183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.986353130455434
Encrypted:	false
SSDEEP:	48:87dOTq6z+HIidAKZdA1FehwiZUklqehHMy+3:8E3BmMy
MD5:	427258E1D08A0E74AF08C3553BAF73CA
SHA1:	E3329AFCE4A3C54BEA28EFB455AD2E96068E11EF
SHA-256:	671B1DFAFBF0EDCAA519BEA7D43623D989D6108F0D70F1735BB44DA0E1870281
SHA-512:	F8290E6F5FCB4A92587EECF090DCCE8768E407328DEEC7E66F85E42CD9B6F9875F726D242D542C504C5BF2504456D38C2366F6BA86048946DC1A1A917C1500FC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}XZy....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Xey....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Xey....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Xey..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Xgy...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S7/......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: securedoc_20240327T095809.html	HTTP Parser: document.write
Source: securedoc_20240327T095809.html	HTTP Parser: location.href
Source: securedoc_20240327T095809.html	HTTP Parser: window.location

Source: securedoc_20240327T095809.html	HTTP Parser: "Carruthers, Crystal" <crystal.carruthers@optum.com>
Source: securedoc_20240327T095809.html	HTTP Parser: Secure Message from crystal.carruthers@optum.com
Source: file:///C:/Users/user/Desktop/securedoc_20240327T095809.html	HTTP Parser: {'name':null,'msgID':'\|1__012393150000018e806b24aa956f8f48f98e19c2@ovarp0688.corpmailsvcs.com','keysize':24,'flags':3073,'rid':'YWNjb3VudHNwYXlhYmxlIDxhY2NvdW50c3BheWFibGVAY3JhbmV3YXJlLmNvbT4sICJwaGFybWFjeWJpbGxpbmdhZG1pbkBjaGFuZ2VoZWFsdGhjYXJlLmNvbSIgPHBoYXJtYWN5YmlsbGluZ2FkbWluQGNoYW5nZWhlYWx0aGNhcmUuY29tPg==','algnames':{'encryption':{'data':'AES'}},'algparams':{'encryption':{'data':{'IV':'LHCijzkUvfOdEEtnk6xpAw=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1711551489199.txt',1,'','',13,[0,43824],'Body-1711551489199.txt','UTF-16'],['image002.png',2,'','image002.png',21,[43824,3817],'image002.png','ISO-8859-1'],['image003.png',2,'','image003.png',21,[47641,5468],'image003.png','ISO-8859-1'],['MessageBar.html',4,'','',1,[53109,63586],'MessageBar.html','UTF-16']],'salt':'frfzhcw7G/NdlMuvS+fQLm5CkoE=','data':['','','']}

Source: securedoc_20240327T095809.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20240327T095809.html	HTTP Parser: No favicon

File type:	HTML document, Unicode text, UTF-8 text, with very long lines (474), with CRLF, LF line terminators
Entropy (8bit):	6.047489430774929
TrID:	Scalable Vector Graphics (18501/1) 24.18% HyperText Markup Language (12001/1) 15.69% HyperText Markup Language (12001/1) 15.69% HyperText Markup Language (11501/1) 15.03% HyperText Markup Language (11501/1) 15.03%
File name:	securedoc_20240327T095809.html
File size:	166'143 bytes
MD5:	44455a91f72ab9e8d685aa703cde01cd
SHA1:	c9bdb93cf8b00e1ab0367c88f826c069af0ba0d4
SHA256:	4155158042b58e1c8d6522ad0017658e84a3847ce5c8217f720015c69dc25ff6
SHA512:	2d722b7b283f79dc663fae135bc1cccf98086c92521f257b50fc4cda1d38acac300262c9a5178d95eb2fd22a80f29fecf9547ab3727043b03a17d916609c3c80
SSDEEP:	3072:GZl/LQISQGjA4RPeqeaIHYONBvQpz+vsiVx8A:+/LQIG7eaIHYONBvQpzesi8A
TLSH:	F7F39EC97611643202E618F7707B158A3A3698070509A9A0FBACC5ACBFB9DD6417FFCD
File Content Preview:	saved from url=(0025)<a href="https://url.uk.m.mimecastprotect.com/s/iBBRCZ6VnS7knMJHKXwvL?domain=res.cisco.com">https://res.cisco.com:443</a> -->..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN". "http://www.w3.org/TR/html4/loose.dtd"

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 16:11:10.750174046 CET	53	62790	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.767970085 CET	53	62837	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.802584887 CET	52828	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.802912951 CET	63676	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.803422928 CET	52647	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.803622007 CET	51579	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.804092884 CET	53500	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.804239035 CET	63317	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:10.873871088 CET	53	57014	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.899882078 CET	53	51579	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.900105000 CET	53	52647	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.901649952 CET	53	63317	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.901820898 CET	53	53500	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:10.924062967 CET	53	52828	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:11.041184902 CET	53	63676	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:11.238898039 CET	52901	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:11.239034891 CET	53981	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:11.336508036 CET	53	52901	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:11.405524969 CET	53	53981	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:12.265189886 CET	54541	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:12.265326023 CET	61117	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:12.362298012 CET	53	54541	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:12.414948940 CET	53	61117	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:13.462057114 CET	53	64796	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:14.777812004 CET	60641	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:14.777961016 CET	53965	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:14.779064894 CET	64607	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:14.779197931 CET	59588	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:14.875601053 CET	53	53965	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:14.889487028 CET	53	60641	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:14.922116041 CET	53	64607	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:14.991374969 CET	53	59588	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:15.517297983 CET	64468	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:15.517431974 CET	61190	53	192.168.2.16	1.1.1.1
Mar 29, 2024 16:11:15.613650084 CET	53	64468	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:15.614150047 CET	53	61190	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:29.515244007 CET	53	64729	1.1.1.1	192.168.2.16
Mar 29, 2024 16:11:48.275311947 CET	53	62797	1.1.1.1	192.168.2.16
Mar 29, 2024 16:12:10.745791912 CET	53	51705	1.1.1.1	192.168.2.16
Mar 29, 2024 16:12:10.916100025 CET	53	60068	1.1.1.1	192.168.2.16
Mar 29, 2024 16:12:22.962223053 CET	138	138	192.168.2.16	192.168.2.255
Mar 29, 2024 16:12:39.899061918 CET	53	60634	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 29, 2024 16:11:11.041248083 CET	192.168.2.16	1.1.1.1	c272	(Port unreachable)	Destination Unreachable
Mar 29, 2024 16:11:12.416007996 CET	192.168.2.16	1.1.1.1	c232	(Port unreachable)	Destination Unreachable
Mar 29, 2024 16:11:14.991457939 CET	192.168.2.16	1.1.1.1	c272	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Mar 29, 2024 16:11:11.068675041 CET	477	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 29, 2024 16:11:11.233237028 CET	473	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 41 76 69 20 56 61 6e 74 61 67 65 2f 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>Avi Vantage/</center></body></html>
Mar 29, 2024 16:11:12.264448881 CET	491	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 29, 2024 16:11:12.428628922 CET	487	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 41 76 69 20 56 61 6e 74 61 67 65 2f 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>Avi Vantage/</center></body></html>

Timestamp	Bytes transferred	Direction	Data
Mar 29, 2024 16:11:11.068864107 CET	12860	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688%2Ecorpmailsvcs%2Ecom%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27YWNjb3VudHNwYXlhYmxlIDxhY2NvdW50c3BheWFibGVAY3JhbmV3YXJlLmNvbT4sICJwaGFybWFjeWJpbGxpbmdhZG1pbkBjaGFuZ2VoZWFsdGhjYXJlLmNvbSIgPHBoYXJtYWN5YmlsbGluZ2FkbWluQGNoYW5nZWhlYWx0aGNhcmUuY29tPg%3D%3D%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27LHCijzkUvfOdEEtnk6xpAw%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1711551489199%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,43824%5D,%27Body-1711551489199%2Etxt%27,%0D%0A%27UTF-16%27%5D,%0D%0A%5B%27image002%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image002%2Epng%27,%0D%0A21,%5B43824,3817%5D,%27image002%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27image003%2Epng%27,2,%0D%0A%27%27,%0D%0A%27image003%2Epng%27,%0D%0A21,%5B47641,5468%5D,%27image003%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B53109,63586%5D,%27MessageBar%2Ehtml%27,%0D%0A%27UTF-16%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27frfzhcw7G%2FNdlMuvS%2BfQLm5CkoE%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27j3rt2rKVtePYhOdkWuHqAvG5IPgP7XWniwxQo6069G4%2FUd1VX8br2nlNrN%2FfyhxIJFGRvKeVONEaCVW6N5mXAjdjK4Zct33b5Yp26m8kPhxD4TzzWva%2B%2F3%2BMC76krWXVGGGdx2CCsZxmrl30Sn%2FaToDfKjQil6%2FRjJWeT5GCmzjirnek%2Ft0%2FPJl6fd1571mAV0g9fyaegZ1Eo0AouxnxsTs1WtzYkDuF5q%2BWH3zhHCfqjegwpVSU2m0uJ8kq2xj8FIMs%2Bsnr5Ya3yuo7aiem0xMqwkl%2Fr5j2Q7rSn8UBGO%2BzOpCaiO6cM7NbLpzTzrJ%2BI5SjwsiRhHJ8nHGz6G7lIFHnF2WsRGfYZ%2BubPnt4xioEjSYGMsauab95VpoQMAq9dvVh3So0VyGx7I6Cfl7UGAwPqSNWTciWoVYVZfQS7FowRMDPPygldJNaNfVsiBu4ZTho9mfPFKeQg0yJCIJtEzOWq6SPbBojJbDH1OUaVtOeYGedoTtJAI6yUC3ypf56IAEsCPrs1jS8CEXLZ1mOc5umusG0nud0q1OLSLIF5b5iBCnmnMcCbqMhZWCvU0F4Bo%2FeSKZmAAABPsR0vDeTMuFuSKyGmWmmImTnoOvDC9Sbuzo3JqatAse1NSJEdpSP8Qfek9WtRyk9fB9gBE0HcLX2nfEaMsx48j8NIz%2F7%2BiTcMaY0i5ypyXH7plGkABDu2WC3mQecoTQMJrIQcVSSseDP4Mp9YJbyzUIE8xYfRZIKGK6baMcGibkQQYdNcljAVeBML9t6TB9n5a%2FtWUBYa4vZUJLB2ddCLkxYle92snWtpe5ELk%2FsWpQxQbBTjBdGrfeexLHsiUizODJc%2FGxamsOjcbwFamyKwsICM%2BiutEzZlWJyRAWab%2BUUZiinrZBQcyuL7Jj4OsHw6JhrLphOKkZYXKUD2EpUyrGeMyo69G4L9dGsxF%2Bcxu903zE%2F06eYwOc9Ot9ukQ8J427a2gana9Ghe%2FlzVq66qYsGJ9YqkJ%2Bx5P7X9UXd1WaSwn1lQi3jqVNbnePDwOrzl0NlGgT0%2F6v%2Fydd%2B%2F7XDFKJKYKE13d4VImSKxOCApc2XZPc7VwtVqJ3SItbKmHZWAqD99SWMTCoKAPEEDfBnwzm90bTKC9Jd8r0lvHY%2BvdnOTV7DBpyAbBeKSa%2B9fSaiTatQleBMnphHTXkJcC4j%2Br27bx%2BsbcrLbdzHukkXkIlNvfxC7PU93LIw4boxVSOdyGf1H6gI2t1ogDpzTVA1O3YEKrpoI9dtjfZfzT5OywiMG%2Bz0Sf01x%2F46TZ8zkIgq0au86ZDrtf%2BdFzQH61SJIiOa3jCy4aEUi%2BBLub93DWTQcYnMw1oEMgYIw4tCmrRCulUdvxifukZdWkU5XsBDOPaK7t4B7VECjJ5z%2ByG30lJ4wQc%2FqZGzta5ShtuLfsw7UYastLlGYY1%2Ft6tuBYj7oRcS9LssMiHTGRE8KiBUafTrOf%2BNa71leBFamZRYqkcK4sdTOfy8NPJo2Som62VcQDlHkw91WGvLklNQU4ocyAyIa6Pqo4hNNpG8CD1csFGfL4e1lJgFEguPV67E0xUkwtRDRA%2BYunKe3RDhTceiGHiWzFoIdeuZ1RHqVfzyzwTojvVwtyw1j5RI85XiFi1CAPiCv1SDJe3awVMj7%2Fr7HP958qconocMySTSvIcyFiF9m65HQ3vQ4D0ZhkrgCDyJjnyc%2Fese6VCEfdmvAIML7LRdDiH0wPTqRxZrbuiR85j7jMRyT7pljQOdU29Tn%2BquzdJRNCy5upbO1XGVtvqNRre2id4lf%2FQGbCOQ49T2K1LlGH%2F%2BY%2FBhXTWMI5ezbL46PzYMwkUd8UgT2SVToFg8rnciGwA9315T6CVux9E%2BDTvOtohmWjXEp7xTpifMWIS%2BgXvyuYmtiwqfIkxuSKmNWG%2FDE%2FHWJ3r6WnD3jIB4jGHx%2FPlrYM4VcNmD8EBPCSqBdAQcvPIAVLlPbvNrNU%2FHnT6Vny4crfOEAyIIbx6bhPjQiEU2GlF7aMHymjFoAd5yw2gVeLah6ODq3mvZJkg4hfc%2BwMHCg%2BgxU0PzM0iAy%2BodrbrZdh%2BR1qVJI0xoG%2FW%2BYJMEhUucmhFkiTfVluArAiC7RO3ikSHTAIPcsHMSiSS6PKcL0iuZPemIoqOIzRNGhBOpajFHcUdrGHRtwXJXu03rzNzDmprjOmuP%2B69Q5a1YbYbe9GPNSYzCPQzcSpoW4TzvHH4AdM3Y4E9%2FoCbdhHapqiYlTEyVrkhrw4RLXfKOf8nxFlo8eMlFEr%2FU1Smqwn2x7dRippDYNnOgWqVY4rQJ2cJVOm9NfwUFVctkdMcGCAYsb%2FOf%2FGQ19HTRQv4ztcPJxVIJO8KFwkG Data Raw: Data Ascii:
Mar 29, 2024 16:11:11.233227968 CET	2572	OUT	Data Raw: 52 74 4e 47 70 73 62 46 68 45 59 4e 78 56 79 47 43 55 44 45 6a 58 42 6e 59 34 51 68 6d 4e 4b 35 56 66 31 44 36 39 34 61 51 59 30 31 43 6a 34 59 44 74 75 57 6c 56 70 6a 46 36 42 4d 69 55 65 7a 49 47 46 58 37 32 52 45 63 35 6e 74 6b 74 55 64 4e 59 Data Ascii: RtNGpsbFhEYNxVyGCUDEjXBnY4QhmNK5Vf1D694aQY01Cj4YDtuWlVpjF6BMiUezIGFX72REc5ntktUdNYrQoI1iUUPTlWLlBydeBbM2%2F60AEdg9FgPTQUAZaAP6bn%2F%2BzHPWiJrJ2HmWZ7JTYyXiKet7I6y5PdaiS3as4h%2F8EkeELQPwBXlnFPeh7xCux3M20Wotvjv5SwXKVyND%2B%2B%2FJ1ZwMy%2B9V8q84Ylh
Mar 29, 2024 16:11:11.233377934 CET	2572	OUT	Data Raw: 6f 58 6a 48 42 74 4e 45 4c 68 6d 33 6c 41 34 75 72 7a 5a 42 71 64 7a 6c 70 4e 71 41 53 63 33 68 38 46 54 4e 62 50 6a 6e 41 48 65 39 35 64 45 36 74 64 44 30 31 52 49 47 43 41 62 46 41 34 4e 63 53 70 42 79 78 59 4d 34 66 4a 61 79 35 62 70 75 50 70 Data Ascii: oXjHBtNELhm3lA4urzZBqdzlpNqASc3h8FTNbPjnAHe95dE6tdD01RIGCAbFA4NcSpByxYM4fJay5bpuPpPpUQ72Y2tS3nSMjJ3870TI9aQjYTC%2F9%2FVJvjIL9L7UPpy5yPSolQV2XiQTjLgdjN9tgNv%2B7WCGsHjB6Gj7IRdrasZ6rVT5lpPKg55WqNCsNithfeNJVMKerIRbkq9xyu%2F7BWO0guSbiAqWqm2B1meyYHU
Mar 29, 2024 16:11:11.233484030 CET	1286	OUT	Data Raw: 68 72 70 49 36 48 58 58 66 46 37 58 74 6e 25 32 42 62 64 75 38 41 5a 34 6d 7a 77 52 72 25 32 42 54 75 50 37 52 4e 48 25 32 42 4b 4d 59 63 4d 4c 36 37 72 6b 51 6c 4e 31 73 6f 71 71 72 6c 4e 67 6f 66 50 61 48 6d 4b 57 61 55 64 54 51 79 56 59 68 5a Data Ascii: hrpI6HXXfF7Xtn%2Bbdu8AZ4mzwRr%2BTuP7RNH%2BKMYcML67rkQlN1soqqrlNgofPaHmKWaUdTQyVYhZ1P%2FcjOFmIMOZmfSeGL1SsAZ8%2Ba4e8ocLj9CAs0jmiOUmlOAHLDTfvpWLzwDH%2Feo0GRs0Rr%2FtTSXjy4dw3isFW8G3sTVW7%2FFVMp4fnPztR4J9r40jQw1xkRtQHTTEyxzDWdQcREqZm4VdyHym%2B1aye
Mar 29, 2024 16:11:11.233638048 CET	1286	OUT	Data Raw: 74 41 4a 46 70 36 38 37 43 63 50 4d 62 37 76 30 58 72 32 39 58 35 4f 4b 25 32 46 46 75 42 4b 32 4c 65 58 53 79 5a 6c 70 50 68 79 51 51 52 69 37 51 6a 4e 53 53 50 66 67 66 49 42 48 43 45 55 6d 4b 30 6d 5a 51 6e 56 37 58 6c 44 57 76 44 62 5a 69 6a Data Ascii: tAJFp687CcPMb7v0Xr29X5OK%2FFuBK2LeXSyZlpPhyQQRi7QjNSSPfgfIBHCEUmK0mZQnV7XlDWvDbZij83lft8zygSiLe906vbCBCrgHFPcHndtF3gWssqzQ1emODv8zISLUBwn%2F2rxF%2BRgw2K4eyp%2FO3nxiWPxlIcscPu%2FjEpGrlKKwJtVDlZJR2LXV5NBhhzceDLh94DVt6z%2FI1MY66BqI839BexyIVeQ90yM
Mar 29, 2024 16:11:11.233767033 CET	2572	OUT	Data Raw: 30 4c 71 70 71 76 36 4a 57 74 61 31 4c 63 59 79 79 61 35 50 61 6a 4c 72 45 68 63 48 39 38 31 57 37 53 48 50 31 4d 45 4c 45 63 38 51 56 49 51 43 71 32 52 67 45 4a 56 5a 56 59 6e 50 48 44 62 78 78 34 75 64 6c 6e 52 72 4f 50 65 45 30 74 47 58 57 6c Data Ascii: 0Lqpqv6JWta1LcYyya5PajLrEhcH981W7SHP1MELEc8QVIQCq2RgEJVZVYnPHDbxx4udlnRrOPeE0tGXWlDoZTAGoU%2BULKy4zvtS8Ksqgwme1LUZjNblU7rkMj45VOc1cv%2B2P1hO1PLY27Z46FRXe%2B3RWbOMKs1Hamb9NcrDFs5gCj%2FUIzrAhq%2Fgdu8zCzs5cXybVmgHe7rdxn6GWuA%2FlPuQZ1aRlGRUnhG3b68
Mar 29, 2024 16:11:11.233895063 CET	2572	OUT	Data Raw: 33 38 25 32 46 45 45 72 74 6f 66 67 45 47 51 67 78 37 67 77 66 4e 56 41 71 6f 56 36 50 53 58 58 67 75 68 58 55 78 35 39 50 74 76 79 41 5a 59 70 6e 71 30 78 64 74 33 77 4f 66 62 32 61 71 57 39 58 4d 61 74 71 4f 62 75 77 6a 36 73 4e 41 39 64 36 61 Data Ascii: 38%2FEErtofgEGQgx7gwfNVAqoV6PSXXguhXUx59PtvyAZYpnq0xdt3wOfb2aqW9XMatqObuwj6sNA9d6ag8tWNE2xVBDBegFRA4HR1HpU5%2B1TsIvMcZotk61f9kShw9CR7w92fY30BmFLIlcAPbHb5DV3uFgt0Zi7ZWsL27jcIru5baOzetNAa%2BtX0Et%2F4b4SrYyshsZvRBbDTiPc6xkX56fJwQpo3NCKFi7bJ75FFtv
Mar 29, 2024 16:11:11.234061003 CET	1286	IN	HTTP/1.1 400 Bad Request Content-Type: text/html Content-Length: 65250 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 58 58 58 20 45 72 72 6f 72 20 2d 20 4d 65 73 73 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 64 65 73 63 72 69 70 74 69 6f 6e 27 20 6e 61 6d 65 3d 27 45 72 72 6f 72 20 50 61 67 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 68 74 6d 6c 20 7b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 7d 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 61 74 74 61 63 68 6d 65 6e 74 3a 20 66 69 78 65 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 33 31 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 66 66 66 20 30 2c 23 46 46 46 2c 23 66 66 66 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 46 46 46 29 2c 74 6f 28 23 66 66 66 29 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 46 46 46 2c 23 66 66 66 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 46 46 46 2c 23 66 66 66 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 46 46 46 2c 23 66 66 66 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 46 46 46 2c 23 66 66 66 29 3b 0a 20 20 7d 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 62 72 61 6e 64 6f 6e 5f 74 65 78 74 2c 22 4f 70 65 6e 20 53 61 6e 73 22 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 7d 0a 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 7d 0a 20 20 2e 61 76 69 2d 77 65 6c 63 6f 6d 65 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 20 20 20 20 74 6f 70 3a 20 30 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 42 76 6f 41 41 41 47 47 Data Ascii: <!DOCTYPE html><html><head><title>XXX Error - Message</title><meta content='description' name='Error Page'><meta content='IE=edge,chrome=1' http-equiv='X-UA-Compatible'><meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'><style> html { height: 100%; display: block; } body { margin: 0; padding: 0; min-width: 768px; font-size: 14px; font-weight: 300; background-repeat: no-repeat; background-attachment: fixed; line-height: 1.231; background-color: #FFF; background: linear-gradient(to bottom,#fff 0,#FFF,#fff); background: -webkit-gradient(linear,left top,left bottom,from(#FFF),to(#fff)); background: -webkit-linear-gradient(top,#FFF,#fff); background: -moz-linear-gradient(top,#FFF,#fff); background: -ms-linear-gradient(top,#FFF,#fff); background: -o-linear-gradient(top,#FFF,#fff); } body { font-family: brandon_text,"Open Sans",sans-serif; } div { display: block; } .avi-welcome { position: fixed; top: 0; bottom: 0; left: 0; right: 0; background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABvoAAAGG
Mar 29, 2024 16:11:11.234074116 CET	1286	IN	Data Raw: 43 41 49 41 41 41 41 31 72 4d 45 6e 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 Data Ascii: CAIAAAA1rMEnAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFh
Mar 29, 2024 16:11:11.234122038 CET	1286	OUT	Data Raw: 6b 25 32 42 4d 76 61 67 46 36 6a 47 5a 64 48 53 42 47 41 4e 71 25 32 46 37 62 49 38 49 59 70 30 30 4c 70 62 63 6f 52 68 34 6b 79 67 72 76 66 6d 69 4c 36 75 4e 72 49 36 35 64 48 31 4b 6e 4d 31 6f 53 71 25 32 42 72 50 35 4a 31 46 58 76 6f 67 4a 63 Data Ascii: k%2BMvagF6jGZdHSBGANq%2F7bI8IYp00LpbcoRh4kygrvfmiL6uNrI65dH1KnM1oSq%2BrP5J1FXvogJcRTfgxx%2FZfQJyrQiLAieANu67lU6qrBs6cdnopwsbK75tw7E9imMBuIhCYnWFr%2BmaYeKFGLVQRurHmbH5hJlrvYi9YREplw3TxTeBVhRky%2BW1soDinKfkeccXa%2BI83r5lSRLnDy5gUI4iTh72HMDWZP6bi
Mar 29, 2024 16:11:11.234144926 CET	1286	IN	Data Raw: 41 41 41 41 41 41 41 49 43 64 67 4e 77 4a 41 41 41 41 41 41 41 41 41 41 41 41 4f 77 47 35 45 77 41 41 41 41 41 41 41 41 41 41 41 48 59 43 63 69 63 41 41 41 41 41 41 41 41 41 41 41 44 73 42 4f 52 4f 41 41 41 41 41 41 41 41 41 41 41 41 32 41 6e 49 Data Ascii: AAAAAAAICdgNwJAAAAAAAAAAAAOwG5EwAAAAAAAAAAAHYCcicAAAAAAAAAAADsBOROAAAAAAAAAAAA2AnInQAAAAAAAAAAALATkDsBAAAAAAAAAABgJyQMAQAAAAAAAACsThzHVVWpn2mahmGY5/n1elW/YWQAYBDInQAAAAAAAACwPkVR/J//83+CIJT/jOMkTdPfv3+jeALAIEhmBwAAAAAAAID1iePYaJ1CFMXn85mRAYBBI
Mar 29, 2024 16:11:11.234158039 CET	1286	IN	Data Raw: 5a 56 6d 57 31 32 75 74 6b 43 5a 4a 72 4a 75 38 4a 36 64 54 71 6a 36 45 33 48 61 41 50 59 48 63 43 51 41 41 41 41 41 41 41 41 42 62 51 67 64 70 31 69 33 61 31 55 2b 52 4c 77 65 68 43 33 70 6d 59 56 67 6e 78 59 64 68 6d 4b 61 70 2b 68 7a 31 6d 65 Data Ascii: ZVmW12utkCZJrJu8J6dTqj6E3HaAPYHcCQAAAAAAAABbQgdp1i3a1U+RLwehC3pmYVgnxYdhmKap+hz1meS2A+wD5E4AAAAAAAAA2BiS0h4EYRRFeZ4N/fOqqtRf5Xmuc9vVZ0Tq09RPctsBdgByJwAAAAAAAABsjKqqdPnORJoOjctGVx9yvV7VT/U5Ugz0fD4NTZAHAN9A7gQAAAAAAACA7aEDPFMRPUektNufk2XXMAzU5wR

Timestamp	Bytes transferred	Direction	Data
Mar 29, 2024 16:11:12.268825054 CET	487	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 29, 2024 16:11:12.495656013 CET	483	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 41 76 69 20 56 61 6e 74 61 67 65 2f 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>Avi Vantage/</center></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:11 UTC	542	OUT	GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:11 UTC	948	IN	HTTP/1.1 200 OK Date: Fri, 29 Mar 2024 15:11:11 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fcb-3a76" Last-Modified: Mon, 04 May 2020 16:16:11 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 632986 Expires: Wed, 19 Mar 2025 15:11:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMDaYNFO26oDBQNu5qgZY2jY5cTgSH4wgNS0CMRwQS74Zb3Bg1GTIDdWZ%2BmT5zp5nwcclcQY5m6easg2BOat6nFCcE716T5xm9Qgnh8K156S%2Bsv2RAunoy%2BDuR%2F3m60f%2FJ5vn0Wu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 86c0ca80bbf305fe-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 15:11:11 UTC	421	IN	Data Raw: 33 61 37 36 0d 0a 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 Data Ascii: 3a76.select2-container{box-sizing:border-box;display:inline-block;margin:0;position:relative;vertical-align:middle}.select2-container .select2-selection--single{box-sizing:border-box;cursor:pointer;display:block;height:28px;user-select:none;-webkit-user
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 63 6c 65 61 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 5b 64 69 72 3d 22 72 74 6c 22 5d 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 72 65 6e 64 65 72 65 64 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 Data Ascii: w:ellipsis;white-space:nowrap}.select2-container .select2-selection--single .select2-selection__clear{position:relative}.select2-container[dir="rtl"] .select2-selection--single .select2-selection__rendered{padding-right:8px;padding-left:20px}.select2-cont
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 2d 64 72 6f 70 64 6f 77 6e 2d 2d 61 62 6f 76 65 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6f 70 65 6e 20 2e 73 65 6c 65 63 74 32 2d 64 72 6f 70 64 6f 77 6e 2d 2d 62 65 6c 6f 77 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 73 65 61 72 63 68 2d 2d 64 72 6f 70 64 6f 77 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 Data Ascii: -dropdown--above{border-bottom:none;border-bottom-left-radius:0;border-bottom-right-radius:0}.select2-container--open .select2-dropdown--below{border-top:none;border-top-left-radius:0;border-top-right-radius:0}.select2-search--dropdown{display:block;paddi
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 23 39 39 39 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 61 72 72 6f 77 7b 68 65 69 67 68 74 3a 32 36 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 70 78 3b 72 69 67 68 74 3a 31 70 78 3b 77 69 64 74 68 3a 32 30 70 78 7d 2e 73 65 Data Ascii: t-weight:bold}.select2-container--default .select2-selection--single .select2-selection__placeholder{color:#999}.select2-container--default .select2-selection--single .select2-selection__arrow{height:26px;position:absolute;top:1px;right:1px;width:20px}.se
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 69 6f 6e 5f 5f 72 65 6e 64 65 72 65 64 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 72 65 6e 64 65 72 65 64 20 6c 69 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 20 2e 73 65 6c 65 63 74 Data Ascii: ion__rendered{box-sizing:border-box;list-style:none;margin:0;padding:0 5px;width:100%}.select2-container--default .select2-selection--multiple .select2-selection__rendered li{list-style:none}.select2-container--default .select2-selection--multiple .select
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 6e 74 61 69 6e 65 72 2d 2d 66 6f 63 75 73 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 7b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 62 6c 61 63 6b 20 31 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 69 73 61 62 6c 65 64 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 6d 75 6c 74 69 70 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 69 73 61 62 6c 65 64 20 Data Ascii: ntainer--focus .select2-selection--multiple{border:solid black 1px;outline:0}.select2-container--default.select2-container--disabled .select2-selection--multiple{background-color:#eee;cursor:default}.select2-container--default.select2-container--disabled
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 5b 61 72 69 61 2d 73 65 6c 65 63 74 65 64 3d 74 72 75 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 64 64 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 65 6d 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f Data Ascii: ntainer--default .select2-results__option[aria-selected=true]{background-color:#ddd}.select2-container--default .select2-results__option .select2-results__option{padding-left:1em}.select2-container--default .select2-results__option .select2-results__optio
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 67 72 6f 75 70 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 36 70 78 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 63 6c 61 73 73 69 63 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 66 37 66 37 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 35 Data Ascii: default .select2-results__group{cursor:default;display:block;padding:6px}.select2-container--classic .select2-selection--single{background-color:#f7f7f7;border:1px solid #aaa;border-radius:4px;outline:0;background-image:-webkit-linear-gradient(top, #fff 5
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 65 65 65 20 35 30 25 2c 20 23 63 63 63 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 27 23 46 46 45 45 45 45 45 45 27 2c 20 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 27 23 46 46 43 43 43 43 43 43 27 2c 20 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 63 6c 61 73 73 69 63 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 Data Ascii: ;background-image:linear-gradient(to bottom, #eee 50%, #ccc 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#FFEEEEEE', endColorstr='#FFCCCCCC', GradientType=0)}.select2-container--classic .select2-selecti
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 66 66 66 20 30 25 2c 20 23 65 65 65 20 35 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 78 Data Ascii: -left-radius:0;border-top-right-radius:0;background-image:-webkit-linear-gradient(top, #fff 0%, #eee 50%);background-image:-o-linear-gradient(top, #fff 0%, #eee 50%);background-image:linear-gradient(to bottom, #fff 0%, #eee 50%);background-repeat:repeat-x

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:11 UTC	506	OUT	GET /postx.css HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:11 UTC	534	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 125526 Connection: close Date: Thu, 28 Mar 2024 22:25:03 GMT Last-Modified: Fri, 06 Oct 2023 15:16:52 GMT ETag: "1444470212c91839f71d8f970716c08e" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 71c1b7cb74a6a3840a4f2be73ffddc84.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: lI6PF7U1FGSYNgkbgM5MJXsZov1rdlBiMGKufJSnSImt2jolSOOQ-Q== Age: 60368 Vary: Origin
2024-03-29 15:11:11 UTC	15850	IN	Data Raw: 0a 2f 2a 20 49 6e 74 65 72 20 46 6f 6e 74 20 4c 69 62 72 61 72 79 20 2a 2f 0a 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 49 6e 74 65 72 22 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 22 2e 2f 66 6f 6e 74 73 2f 49 6e 74 65 72 2f 49 6e 74 65 72 2d 54 68 69 6e 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 20 20 7d 0a 20 20 0a 20 20 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 49 6e 74 65 72 22 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 32 30 30 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 22 2e 2f 66 6f 6e 74 73 2f 49 6e 74 65 72 2f 49 6e 74 65 Data Ascii: /* Inter Font Library */@font-face { font-family: "Inter"; font-weight: 100; src: url("./fonts/Inter/Inter-Thin.ttf") format("truetype"); } @font-face { font-family: "Inter"; font-weight: 200; src: url("./fonts/Inter/Inte
2024-03-29 15:11:11 UTC	16384	IN	Data Raw: 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 33 32 36 63 64 31 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2f 2a 20 53 74 79 6c 65 73 20 72 65 6c 61 74 65 64 20 74 6f 20 73 65 61 72 63 68 20 72 65 73 75 6c 74 73 20 2a 2f 0a 0a 2e 6c 69 73 74 48 65 61 64 65 72 4c 69 6e 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 2e 6c 69 73 74 48 65 61 64 65 Data Ascii: ; font-weight: 700 !important; font-size: 12px !important; line-height: 18px !important; color: #326cd1 !important;}/* Styles related to search results */.listHeaderLink { color: #555555; font-size: 8pt; font-weight: bold;}.listHeade
2024-03-29 15:11:11 UTC	16384	IN	Data Raw: 6c 65 4f 75 74 65 72 43 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 7a 6f 6f 6d 3a 20 31 3b 0a 20 20 68 65 69 67 68 74 3a 20 35 70 78 3b 0a 20 20 77 69 64 74 68 3a 20 31 35 30 70 78 3b 0a 7d 0a 0a 23 71 75 6f 74 61 54 61 62 6c 65 43 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 74 6f 70 3a 20 2d 32 38 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 25 3b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 31 30 25 3b 0a 7d 0a 0a 23 71 75 6f 74 61 54 61 62 6c 65 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 63 63 63 3b 0a 7d Data Ascii: leOuterContainer { position: relative; zoom: 1; height: 5px; width: 150px;}#quotaTableContainer { text-align: center; position: absolute; top: -28px; margin-left: 10%; margin-right: 10%;}#quotaTable { border: 1px solid #cccccc;}
2024-03-29 15:11:11 UTC	15342	IN	Data Raw: 2d 66 61 6d 69 6c 79 3a 20 22 53 68 61 72 70 53 61 6e 73 22 2c 20 22 49 6e 74 65 72 22 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 34 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 33 37 33 63 34 32 3b 0a 7d 0a 2e 50 72 6f 76 69 73 69 6f 6e 41 63 63 6f 75 6e 74 54 69 74 6c 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 53 68 61 72 70 53 61 6e 73 22 2c 20 22 49 6e 74 65 72 22 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b Data Ascii: -family: "SharpSans", "Inter"; font-style: normal; font-weight: 700; font-size: 24px; line-height: 34px; color: #373c42;}.ProvisionAccountTitle { font-family: "SharpSans", "Inter"; font-style: normal; font-weight: 700; font-size: 24px;
2024-03-29 15:11:11 UTC	16384	IN	Data Raw: 2d 61 63 63 65 6e 74 2d 67 2d 32 3a 20 72 67 62 61 28 32 30 35 2c 20 32 30 33 2c 20 31 33 36 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 2d 67 2d 31 3a 20 72 67 62 61 28 32 33 35 2c 20 32 33 34 2c 20 32 30 37 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 2d 66 2d 33 3a 20 72 67 62 61 28 31 38 33 2c 20 34 38 2c 20 30 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 2d 66 2d 32 3a 20 72 67 62 61 28 32 31 39 2c 20 31 35 31 2c 20 31 32 38 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 2d 66 2d 31 3a 20 72 67 62 61 28 32 34 31 2c 20 32 31 34 2c 20 32 30 34 2c 20 31 29 3b 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 2d 65 2d 33 3a 20 72 67 62 61 28 32 34 34 2c 20 31 30 30 2c 20 Data Ascii: -accent-g-2: rgba(205, 203, 136, 1); --color-accent-g-1: rgba(235, 234, 207, 1); --color-accent-f-3: rgba(183, 48, 0, 1); --color-accent-f-2: rgba(219, 151, 128, 1); --color-accent-f-1: rgba(241, 214, 204, 1); --color-accent-e-3: rgba(244, 100,
2024-03-29 15:11:11 UTC	16384	IN	Data Raw: 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 3a 68 6f 76 65 72 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 2e 6d 64 73 2d 62 75 74 74 6f 6e 2d 6c 6f 61 64 69 6e 67 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 2e 6d 64 73 2d 62 75 74 74 6f 6e 2d 6c 6f 61 64 69 6e 67 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 5c 22 74 72 75 65 5c 22 5d 2c 0a 2e 6d 64 73 2d 62 75 74 74 6f 6e 5b 61 72 69 61 2d 65 78 70 61 Data Ascii: ,.mds-button:disabled:hover,.mds-button[disabled]:hover,.mds-button.mds-button-loading:focus-visible,.mds-button:disabled:focus-visible,.mds-button[disabled]:focus-visible,.mds-button.mds-button-loading[aria-expanded=\"true\"],.mds-button[aria-expa
2024-03-29 15:11:11 UTC	16384	IN	Data Raw: 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 34 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 76 61 72 28 2d 2d 73 69 7a 65 2d 32 78 73 29 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 2e 6d 64 73 2d 74 65 78 74 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 66 6f 6e 74 2d 66 65 61 74 75 72 65 2d 73 65 74 74 69 6e 67 73 3a 20 5c 22 74 6e 75 6d 5c 22 3b 0a 20 20 66 6f 6e 74 2d 76 61 72 69 61 6e 74 2d 6e 75 6d 65 72 69 63 3a 20 74 61 62 75 6c 61 72 2d 6e 75 6d 73 3b 0a 7d 0a 63 6f Data Ascii: cursor: pointer; display: flex; align-items: center; padding: 4px; padding: var(--size-2xs); background: none; border: 0;}.mds-text { margin: 0; padding: 0; font-feature-settings: \"tnum\"; font-variant-numeric: tabular-nums;}co
2024-03-29 15:11:11 UTC	12414	IN	Data Raw: 2d 76 69 65 77 2d 73 77 69 74 63 68 65 72 2e 6d 64 73 2d 76 69 65 77 2d 73 77 69 74 63 68 65 72 2d 66 75 6c 6c 2d 77 69 64 74 68 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 66 6c 65 78 0a 20 7d 0a 20 0a 2f 2a 20 43 53 53 20 66 72 6f 6d 20 4d 61 67 6e 65 74 69 63 20 65 6e 64 73 20 68 65 72 65 20 2a 2f 0a 0a 2f 2a 20 74 68 69 73 20 69 73 20 74 68 65 20 63 6f 6d 6d 6f 6e 20 63 73 73 20 66 6f 72 20 61 6c 6c 20 6d 65 64 69 75 6d 20 69 6e 70 75 74 20 65 6c 65 6d 65 6e 74 73 20 2a 2f 0a 2f 2a 65 67 20 3c 6c 61 62 65 6c 20 63 6c 61 73 73 3d 22 6d 64 73 2d 72 65 62 75 69 6c 64 2d 69 6e 70 75 74 2d 66 72 61 6d 65 20 6d 64 73 2d 72 65 62 75 69 6c 64 2d 69 6e 70 75 74 2d 6c 61 62 65 6c 2d 73 69 7a 65 2d 6d 64 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: -view-switcher.mds-view-switcher-full-width { display:flex } /* CSS from Magnetic ends here // this is the common css for all medium input elements //eg <label class="mds-rebuild-input-frame mds-rebuild-input-label-size-md"> <div class

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:11 UTC	526	OUT	GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:11 UTC	955	IN	HTTP/1.1 200 OK Date: Fri, 29 Mar 2024 15:11:11 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fcb-112d5" Last-Modified: Mon, 04 May 2020 16:16:11 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 520653 Expires: Wed, 19 Mar 2025 15:11:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j4pSCQAgnjJ3rQKCSE0mu38DTVve47pcZNmdxVOnWyKWs3tvANaJo7QYTZ4NAubdfd1t4kDAlXT58H2Z2CIwQbaNP0lr7mZvBluhgE%2BeRMFf9PK8zJk8EEY6XbNjLv2EDyZ0dBiL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 86c0ca804a030609-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 15:11:11 UTC	414	IN	Data Raw: 37 62 66 36 0d 0a 2f 2a 21 20 53 65 6c 65 63 74 32 20 34 2e 30 2e 31 32 20 7c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 65 6c 65 63 74 32 2f 73 65 6c 65 63 74 32 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 2e 6d 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 5d 2c 6e 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 22 75 6e 64 Data Ascii: 7bf6/! Select2 4.0.12 \| https://github.com/select2/select2/blob/master/LICENSE.md /!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=function(e,t){return void 0===t&&(t="und
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 3d 75 2e 66 6e 2e 73 65 6c 65 63 74 32 2e 61 6d 64 3b 76 61 72 20 74 2c 6e 2c 72 2c 68 2c 6f 2c 73 2c 66 2c 67 2c 6d 2c 76 2c 79 2c 5f 2c 69 2c 61 2c 77 3b 66 75 6e 63 74 69 6f 6e 20 62 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 69 2e 63 61 6c 6c 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 73 2c 61 2c 6c 2c 63 2c 75 2c 64 2c 70 2c 68 3d 74 26 26 74 2e 73 70 6c 69 74 28 22 2f 22 29 2c 66 3d 79 2e 6d 61 70 2c 67 3d 66 26 26 66 5b 22 2a 22 5d 7c 7c 7b 7d 3b 69 66 28 65 29 7b 66 6f 72 28 73 3d 28 65 3d 65 2e 73 70 6c 69 74 28 22 2f 22 29 29 2e 6c 65 6e 67 74 68 2d 31 2c 79 2e 6e 6f 64 65 49 64 43 6f 6d 70 61 74 26 26 77 2e 74 65 73 74 28 65 5b 73 5d 29 26 26 28 65 5b 73 5d 3d 65 5b 73 5d 2e 72 65 70 6c 61 Data Ascii: =u.fn.select2.amd;var t,n,r,h,o,s,f,g,m,v,y,_,i,a,w;function b(e,t){return i.call(e,t)}function l(e,t){var n,r,i,o,s,a,l,c,u,d,p,h=t&&t.split("/"),f=y.map,g=f&&f["*"]\|\|{};if(e){for(s=(e=e.split("/")).length-1,y.nodeIdCompat&&w.test(e[s])&&(e[s]=e[s].repla
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 3d 72 5b 31 5d 2c 69 26 26 28 6e 3d 44 28 69 3d 6c 28 69 2c 6f 29 29 29 2c 69 3f 65 3d 6e 26 26 6e 2e 6e 6f 72 6d 61 6c 69 7a 65 3f 6e 2e 6e 6f 72 6d 61 6c 69 7a 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6c 28 65 2c 74 29 7d 7d 28 6f 29 29 3a 6c 28 65 2c 6f 29 3a 28 69 3d 28 72 3d 63 28 65 3d 6c 28 65 2c 6f 29 29 29 5b 30 5d 2c 65 3d 72 5b 31 5d 2c 69 26 26 28 6e 3d 44 28 69 29 29 29 2c 7b 66 3a 69 3f 69 2b 22 21 22 2b 65 3a 65 2c 6e 3a 65 2c 70 72 3a 69 2c 70 3a 6e 7d 7d 2c 67 3d 7b 72 65 71 75 69 72 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 41 28 65 29 7d 2c 65 78 70 6f 72 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6d 5b 65 5d 3b Data Ascii: =r[1],i&&(n=D(i=l(i,o))),i?e=n&&n.normalize?n.normalize(e,function(t){return function(e){return l(e,t)}}(o)):l(e,o):(i=(r=c(e=l(e,o)))[0],e=r[1],i&&(n=D(i))),{f:i?i+"!"+e:e,n:e,pr:i,p:n}},g={require:function(e){return A(e)},exports:function(e){var t=m[e];
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 65 20 61 6c 6d 6f 6e 64 20 52 45 41 44 4d 45 3a 20 69 6e 63 6f 72 72 65 63 74 20 6d 6f 64 75 6c 65 20 62 75 69 6c 64 2c 20 6e 6f 20 6d 6f 64 75 6c 65 20 6e 61 6d 65 22 29 3b 74 2e 73 70 6c 69 63 65 7c 7c 28 6e 3d 74 2c 74 3d 5b 5d 29 2c 62 28 6d 2c 65 29 7c 7c 62 28 76 2c 65 29 7c 7c 28 76 5b 65 5d 3d 5b 65 2c 74 2c 6e 5d 29 7d 29 2e 61 6d 64 3d 7b 6a 51 75 65 72 79 3a 21 30 7d 2c 65 2e 72 65 71 75 69 72 65 6a 73 3d 74 2c 65 2e 72 65 71 75 69 72 65 3d 6e 2c 65 2e 64 65 66 69 6e 65 3d 72 29 2c 65 2e 64 65 66 69 6e 65 28 22 61 6c 6d 6f 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 65 2e 64 65 66 69 6e 65 28 22 6a 71 75 65 72 79 22 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 75 7c 7c 24 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 Data Ascii: e almond README: incorrect module build, no module name");t.splice\|\|(n=t,t=[]),b(m,e)\|\|b(v,e)\|\|(v[e]=[e,t,n])}).amd={jQuery:!0},e.requirejs=t,e.require=n,e.define=r),e.define("almond",function(){}),e.define("jquery",[],function(){var e=u\|\|$;return null==e
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 66 6f 72 28 76 61 72 20 6c 3d 30 3b 6c 3c 65 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 7b 76 61 72 20 63 3d 65 5b 6c 5d 3b 6f 2e 70 72 6f 74 6f 74 79 70 65 5b 63 5d 3d 61 28 63 29 7d 72 65 74 75 72 6e 20 6f 7d 3b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 7b 7d 7d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 7c 7c 7b 7d 2c 65 20 69 6e 20 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3f 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 5b 65 5d 2e 70 75 73 68 28 74 29 3a 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 5b 65 5d 3d 5b 74 5d 7d 2c 65 Data Ascii: pply(this,arguments)}}for(var l=0;l<e.length;l++){var c=e[l];o.prototype[c]=a(c)}return o};function e(){this.listeners={}}e.prototype.on=function(e,t){this.listeners=this.listeners\|\|{},e in this.listeners?this.listeners[e].push(t):this.listeners[e]=[t]},e
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 22 2c 27 22 27 3a 22 26 71 75 6f 74 3b 22 2c 22 27 22 3a 22 26 23 33 39 3b 22 2c 22 2f 22 3a 22 26 23 34 37 3b 22 7d 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 3f 65 3a 53 74 72 69 6e 67 28 65 29 2e 72 65 70 6c 61 63 65 28 2f 5b 26 3c 3e 22 27 5c 2f 5c 5c 5d 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 5b 65 5d 7d 29 7d 2c 69 2e 61 70 70 65 6e 64 4d 61 6e 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 31 2e 37 22 3d 3d 3d 6f 2e 66 6e 2e 6a 71 75 65 72 79 2e 73 75 62 73 74 72 28 30 2c 33 29 29 7b 76 61 72 20 6e 3d 6f 28 29 3b 6f 2e 6d 61 70 28 74 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 6e 2e 61 64 64 28 65 29 7d 29 2c 74 3d 6e 7d 65 2e 61 70 70 65 6e 64 28 74 29 7d 2c 69 2e 5f 5f 63 Data Ascii: ",'"':""","'":"'","/":"/"};return"string"!=typeof e?e:String(e).replace(/[&<>"'\/\\]/g,function(e){return t[e]})},i.appendMany=function(e,t){if("1.7"===o.fn.jquery.substr(0,3)){var n=o();o.map(t,function(e){n=n.add(e)}),t=n}e.append(t)},i.__c
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 72 6b 75 70 22 29 3b 74 68 69 73 2e 63 6c 65 61 72 28 29 2c 74 68 69 73 2e 68 69 64 65 4c 6f 61 64 69 6e 67 28 29 3b 76 61 72 20 6e 3d 68 28 27 3c 6c 69 20 72 6f 6c 65 3d 22 61 6c 65 72 74 22 20 61 72 69 61 2d 6c 69 76 65 3d 22 61 73 73 65 72 74 69 76 65 22 20 63 6c 61 73 73 3d 22 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6f 70 74 69 6f 6e 22 3e 3c 2f 6c 69 3e 27 29 2c 72 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 67 65 74 28 22 74 72 61 6e 73 6c 61 74 69 6f 6e 73 22 29 2e 67 65 74 28 65 2e 6d 65 73 73 61 67 65 29 3b 6e 2e 61 70 70 65 6e 64 28 74 28 72 28 65 2e 61 72 67 73 29 29 29 2c 6e 5b 30 5d 2e 63 6c 61 73 73 4e 61 6d 65 2b 3d 22 20 73 65 6c 65 63 74 32 2d 72 65 73 75 6c 74 73 5f 5f 6d 65 73 73 61 67 65 22 2c 74 68 69 73 2e 24 72 65 73 75 6c Data Ascii: rkup");this.clear(),this.hideLoading();var n=h('<li role="alert" aria-live="assertive" class="select2-results__option"></li>'),r=this.options.get("translations").get(e.message);n.append(t(r(e.args))),n[0].className+=" select2-results__message",this.$resul
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 65 63 74 65 64 7c 7c 6e 75 6c 6c 3d 3d 74 2e 65 6c 65 6d 65 6e 74 26 26 2d 31 3c 68 2e 69 6e 41 72 72 61 79 28 6e 2c 72 29 3f 65 2e 61 74 74 72 28 22 61 72 69 61 2d 73 65 6c 65 63 74 65 64 22 2c 22 74 72 75 65 22 29 3a 65 2e 61 74 74 72 28 22 61 72 69 61 2d 73 65 6c 65 63 74 65 64 22 2c 22 66 61 6c 73 65 22 29 7d 29 7d 29 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 4c 6f 61 64 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 68 69 64 65 4c 6f 61 64 69 6e 67 28 29 3b 76 61 72 20 74 3d 7b 64 69 73 61 62 6c 65 64 3a 21 30 2c 6c 6f 61 64 69 6e 67 3a 21 30 2c 74 65 78 74 3a 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 67 65 74 28 22 74 72 61 6e 73 6c 61 74 69 6f 6e 73 22 29 2e 67 65 74 28 22 73 65 61 72 63 68 69 6e 67 22 29 28 65 29 7d 2c 6e Data Ascii: ected\|\|null==t.element&&-1<h.inArray(n,r)?e.attr("aria-selected","true"):e.attr("aria-selected","false")})})},r.prototype.showLoading=function(e){this.hideLoading();var t={disabled:!0,loading:!0,text:this.options.get("translations").get("searching")(e)},n
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 64 28 61 29 2c 73 2e 61 70 70 65 6e 64 28 70 29 7d 65 6c 73 65 20 74 68 69 73 2e 74 65 6d 70 6c 61 74 65 28 65 2c 74 29 3b 72 65 74 75 72 6e 20 66 2e 53 74 6f 72 65 44 61 74 61 28 74 2c 22 64 61 74 61 22 2c 65 29 2c 74 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6c 3d 74 68 69 73 2c 6e 3d 74 2e 69 64 2b 22 2d 72 65 73 75 6c 74 73 22 3b 74 68 69 73 2e 24 72 65 73 75 6c 74 73 2e 61 74 74 72 28 22 69 64 22 2c 6e 29 2c 74 2e 6f 6e 28 22 72 65 73 75 6c 74 73 3a 61 6c 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6c 2e 63 6c 65 61 72 28 29 2c 6c 2e 61 70 70 65 6e 64 28 65 2e 64 61 74 61 29 2c 74 2e 69 73 4f 70 65 6e 28 29 26 26 28 6c 2e 73 65 74 43 6c 61 73 73 65 73 28 29 2c 6c 2e 68 69 67 68 6c Data Ascii: d(a),s.append(p)}else this.template(e,t);return f.StoreData(t,"data",e),t},r.prototype.bind=function(t,e){var l=this,n=t.id+"-results";this.$results.attr("id",n),t.on("results:all",function(e){l.clear(),l.append(e.data),t.isOpen()&&(l.setClasses(),l.highl
2024-03-29 15:11:11 UTC	1369	IN	Data Raw: 30 29 29 7b 76 61 72 20 72 3d 6e 2d 31 3b 30 3d 3d 3d 65 2e 6c 65 6e 67 74 68 26 26 28 72 3d 30 29 3b 76 61 72 20 69 3d 74 2e 65 71 28 72 29 3b 69 2e 74 72 69 67 67 65 72 28 22 6d 6f 75 73 65 65 6e 74 65 72 22 29 3b 76 61 72 20 6f 3d 6c 2e 24 72 65 73 75 6c 74 73 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2c 73 3d 69 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2c 61 3d 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2b 28 73 2d 6f 29 3b 30 3d 3d 3d 72 3f 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 30 29 3a 73 2d 6f 3c 30 26 26 6c 2e 24 72 65 73 75 6c 74 73 2e 73 63 72 6f 6c 6c 54 6f 70 28 61 29 7d 7d 29 2c 74 2e 6f 6e 28 22 72 65 73 75 6c 74 73 3a 6e 65 78 74 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6c 2e 67 65 Data Ascii: 0)){var r=n-1;0===e.length&&(r=0);var i=t.eq(r);i.trigger("mouseenter");var o=l.$results.offset().top,s=i.offset().top,a=l.$results.scrollTop()+(s-o);0===r?l.$results.scrollTop(0):s-o<0&&l.$results.scrollTop(a)}}),t.on("results:next",function(){var e=l.ge

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:11 UTC	557	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:12 UTC	395	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 49 Connection: close Date: Fri, 29 Mar 2024 15:11:12 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private
2024-03-29 15:11:12 UTC	49	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 91 00 00 00 00 00 ff ff ff ff ff ff 00 00 00 21 f9 04 01 00 00 02 00 2c 00 00 00 00 01 00 01 00 00 02 02 54 01 00 3b Data Ascii: GIF89a!,T;

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:11 UTC	653	OUT	GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:12 UTC	639	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 10598 Connection: close Date: Fri, 29 Mar 2024 15:11:11 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Last-Modified: Fri, 02 Feb 2024 14:23:17 GMT ETag: "18d6a33cc20-2966" Set-Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A; Path=/websafe; Secure; HttpOnly; samesite=None
2024-03-29 15:11:12 UTC	4096	IN	Data Raw: 47 49 46 38 39 61 00 05 28 03 f1 00 00 00 00 00 f6 f6 f6 f7 f7 f7 f8 f8 f8 21 f9 04 01 00 00 00 00 21 ff 0b 49 6d 61 67 65 4d 61 67 69 63 6b 0e 67 61 6d 6d 61 3d 30 2e 34 35 34 35 34 35 00 2c 00 00 00 00 00 05 28 03 00 02 ff 84 8f a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 0b c7 f2 4c d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 c4 a2 f1 88 4c 2a 97 cc a6 f3 09 8d 4a a7 d4 aa f5 8a cd 6a b7 dc ae f7 0b 0e 8b c7 e4 b2 f9 8c 4e ab d7 ec b6 fb 0d 8f cb e7 f4 ba fd 8e cf eb f7 fc be ff 0f 18 28 38 48 58 68 78 88 98 a8 b8 c8 d8 e8 f8 08 19 29 39 49 59 69 79 89 99 a9 b9 c9 d9 e9 f9 09 1a 2a 3a 4a 5a 6a 7a 8a 9a aa ba ca da ea fa 0a 1b 2b 3b 4b 5b 6b 7b 8b 9b ab bb cb db eb fb 0b 1c 2c 3c 4c 5c 6c 7c 8c 9c ac bc cc dc ec fc 0c 1d 2d 3d 4d Data Ascii: GIF89a(!!ImageMagickgamma=0.454545,(HLLJjN(8HXhx)9IYiy:JZjz+;K[k{,<L\l\|-=M
2024-03-29 15:11:12 UTC	4096	IN	Data Raw: a7 c4 fb ad 92 3b b9 c6 db b4 be eb 9f ad 8b bc 43 00 bc a6 aa bc cb fb bc 78 2b bb b3 7b bd aa 2b bc c9 cb bc 0d 7a af 8e 9b 96 81 cb 9d dd 19 9c ba 69 b8 76 98 b3 87 1b b1 d9 db ad bd bb ba 28 10 bd 74 5b bd a8 9b ba d8 ff 5b bf da bb bd 93 9a bf d6 7b ba 00 4b b3 dd eb 01 f1 4b ba a5 eb a9 f3 4b bf ea 1b ad f7 5b c0 fb ab b7 9c 0b b6 9e 4b c0 0b cc c0 0d fc be 4b 6b c0 38 da ac e3 5b b8 cf 0a b1 6d 5b c1 26 20 c0 b5 3b bd 5c 0b be e2 ab c1 21 48 90 17 1c 99 ee 3b c2 2f 10 c2 58 db c2 b6 18 c3 32 dc bf fe 0b c0 1c ca b6 31 59 be e6 fb 94 10 ac c0 ed ab c2 3f fb c1 64 79 c3 2a 58 c4 46 3a c4 cb 79 c4 9a 67 b0 e0 fb c2 c3 1b c4 4c ba c4 4c 3c c5 64 3a c3 97 1b c5 5a 5b c5 73 fa bf 49 5c 9c 26 9c 9e ea e9 b0 5b cc c5 64 5c a7 57 ec b1 0e dc c1 70 1b c1 40 Data Ascii: ;Cx+{+ziv(t[[{KKK[KKk8[m[& ;\!H;/X21Y?dy*XF:ygLL<d:Z[sI\&[d\Wp@
2024-03-29 15:11:12 UTC	267	IN	Data Raw: ab 83 f3 fc 54 7d d2 f7 de 73 d2 67 7d f6 80 bf fd 37 ee 8e 77 55 9a 3c e6 c5 76 d2 d8 e9 1b 7b 2e 66 57 d7 a6 ff 7a de 65 6e 32 e3 ff 9e 11 af 5f e0 f1 9b af 7c b3 0f 7f f9 39 d3 3d f4 83 8e 79 b4 53 bf 1b ac 67 aa 2d b4 ff ff ea b7 2f 9c fc 40 72 fe f8 7b 8f 8e da 7f 34 fe 89 5f 3f ee db 8f aa f7 7b 7c ff e9 98 ff 7b 77 2f fa 7c 0e 09 cc ef fc 38 2e fd 08 4c f4 4e cf fa e8 4f fc 96 ce 64 90 2f 9b 82 0f c0 ea 6f de f2 0f 3a ce 4d 3d 2e b0 d2 18 4e fd 02 70 f4 c0 2f 0e 26 d0 ff 32 30 f5 2a f0 0a 0a 50 01 af 4a 05 d3 6b d8 92 86 01 cd e1 ff c6 2b 04 2d 70 00 0f 0f 06 27 01 f5 b8 05 07 d5 8e 05 23 8f 06 eb 2c e3 f0 cf 01 61 0f 01 1f f0 e6 d6 8c 07 05 8e fb d6 20 05 37 d0 04 46 30 c3 fa af 06 89 90 f6 7c b0 f3 aa 50 f6 14 66 08 b3 30 07 95 b0 fb 9e 30 1b 64 Data Ascii: T}sg}7wU<v{.fWzen2_\|9=ySg-/@r{4_?{\|{w/\|8.LNOd/o:M=.Np/&20*PJk+-p'#,a 7F0\|Pf00d
2024-03-29 15:11:12 UTC	2139	IN	Data Raw: 90 f8 ba f0 1c c6 f0 00 db 90 ee f8 25 02 39 e0 0d 1f 21 0a 9f 2e 0d e5 0f 0f 67 90 09 e5 a0 03 97 ed 0a 2b a1 04 ff 90 0f dd d0 10 c9 b0 a1 c8 06 73 86 c0 09 c5 07 14 1c 11 6f 1a 4f 10 49 ff 10 11 c3 cf 0f 17 91 d9 1a d1 0e 99 6c 0d 01 ce 08 bb 21 dc 9e 0f 13 af a6 66 14 cc 12 5f 0b 15 3f 31 0c c5 50 15 79 0f 08 4b d1 5d 4e 91 12 bd d0 13 f5 4e 0f f7 90 16 13 b1 9e ea a5 5b 66 51 17 17 0f 18 13 d0 15 c5 41 14 d9 0e 16 2f cd 59 7e d1 16 dd 4f 07 a5 4d 18 63 90 13 e5 0e 19 93 2f 58 02 11 1a 3b 91 19 ed 0f 14 bd c1 d3 7e 90 14 b1 0c f4 7e 20 12 b3 a6 e9 70 71 15 59 b1 15 a5 b1 bb a8 b1 cf 2c 0d 0d cf 71 4f d6 71 1b d3 51 1d b1 11 04 15 f1 0e 11 cd ac e6 11 11 fa b1 f2 b4 31 1c bc d1 f6 4e 70 10 b0 ca 07 06 b2 08 03 d2 a7 48 84 0e a9 21 21 01 b0 1d b3 b1 b8 Data Ascii: %9!.g+soOIl!f_?1PyK]NN[fQA/Y~OMc/X;~~ pqY,qOqQ1NpH!!

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:12 UTC	571	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:28 UTC	458	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 0 Connection: close Date: Fri, 29 Mar 2024 15:11:27 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains Location: https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:13 UTC	506	OUT	GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A
2024-03-29 15:11:13 UTC	534	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 10598 Connection: close Date: Fri, 29 Mar 2024 15:11:13 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Last-Modified: Fri, 02 Feb 2024 14:23:17 GMT ETag: "18d6a33cc20-2966"
2024-03-29 15:11:14 UTC	2445	IN	Data Raw: 47 49 46 38 39 61 00 05 28 03 f1 00 00 00 00 00 f6 f6 f6 f7 f7 f7 f8 f8 f8 21 f9 04 01 00 00 00 00 21 ff 0b 49 6d 61 67 65 4d 61 67 69 63 6b 0e 67 61 6d 6d 61 3d 30 2e 34 35 34 35 34 35 00 2c 00 00 00 00 00 05 28 03 00 02 ff 84 8f a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 0b c7 f2 4c d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 c4 a2 f1 88 4c 2a 97 cc a6 f3 09 8d 4a a7 d4 aa f5 8a cd 6a b7 dc ae f7 0b 0e 8b c7 e4 b2 f9 8c 4e ab d7 ec b6 fb 0d 8f cb e7 f4 ba fd 8e cf eb f7 fc be ff 0f 18 28 38 48 58 68 78 88 98 a8 b8 c8 d8 e8 f8 08 19 29 39 49 59 69 79 89 99 a9 b9 c9 d9 e9 f9 09 1a 2a 3a 4a 5a 6a 7a 8a 9a aa ba ca da ea fa 0a 1b 2b 3b 4b 5b 6b 7b 8b 9b ab bb cb db eb fb 0b 1c 2c 3c 4c 5c 6c 7c 8c 9c ac bc cc dc ec fc 0c 1d 2d 3d 4d Data Ascii: GIF89a(!!ImageMagickgamma=0.454545,(HLLJjN(8HXhx)9IYiy:JZjz+;K[k{,<L\l\|-=M
2024-03-29 15:11:14 UTC	4096	IN	Data Raw: fe d9 70 6f 9d eb 67 af e9 dc ed 71 73 db dc 59 e7 60 ae 3b 7a dc ae 63 91 f3 bd 26 79 97 d2 b1 ff 98 f3 91 cf 23 ed 92 bb fb bb bb 1e 8d c2 5b e9 f0 4e 16 3c db 0f ec f8 66 67 9e df 09 6f fb e6 2f c0 f8 cb 41 9e 11 a1 17 bd df 19 d9 f9 19 49 1b 0f 92 ff 92 e5 35 9c ec c1 ff 68 f5 31 04 fc 91 e1 be 6b 15 d6 5b 69 81 af 43 eb 41 98 f8 9a cf f6 f4 43 9e f2 10 89 8f 7a e4 47 35 f5 6e 68 aa 41 33 fd f6 38 fc 3e af b8 bf 6d f5 03 ee ad aa 27 51 f9 4a fd bc c4 99 bf 06 c4 32 17 fb e1 b7 fd ed af 7f f1 2a a6 ff 8c de 3f 1c f7 6d b0 72 f5 af 1f fa f3 b7 a3 f9 8d 8f fe ff ee d2 91 fc e2 1c 38 7b fd df 66 a5 07 7a de b6 69 62 57 7e ed f7 7d 08 88 72 52 47 72 04 78 49 ef a7 3f 10 c8 7b 02 98 80 b9 e7 72 57 97 06 d3 e7 5c b1 a7 78 7d 47 76 27 66 80 d0 f4 81 b3 24 81 Data Ascii: pogqsY`;zc&y#[N<fgo/AI5h1k[iCACzG5nhA38>m'QJ2*?mr8{fzibW~}rRGrxI?{rW\x}Gv'f$
2024-03-29 15:11:14 UTC	1651	IN	Data Raw: 77 5b 27 2a 1d c3 dd 09 ff 9c 57 3c 34 ed f5 96 ab 7c c7 13 b7 47 32 d0 0d f7 0f 7e ef 85 83 60 4c ad 3a d8 d5 61 ab 15 43 61 4e fb 78 18 62 4b 25 3e 35 e1 8a e5 63 78 dc 30 30 96 2e e2 8e 3d a6 18 e4 58 a9 1a 39 64 78 0d fd c2 64 01 f7 58 f9 c6 52 5d b6 35 aa 80 ed f5 37 47 30 62 36 10 c7 9c 75 a6 95 67 99 9b fa 59 58 94 67 ed 42 68 66 9b 3d 1a c9 33 68 56 9a ba a0 9d 46 ba 89 78 b7 88 1a 8f a8 a5 2e 03 eb fc 98 da 1a 38 9b 6d f4 c2 6a 3b bc 7e da 8c a6 b7 56 aa 6c b3 a7 4e 39 c2 b1 d5 2d 9b dc b5 b9 2e 8a 6e b6 29 75 fb b7 b4 f1 95 1b e0 bb 81 06 0a ed 83 c1 ff 9e b1 ea ad a1 5d 03 70 32 00 bf 32 a8 c6 0b 87 f1 70 ac 13 4f 63 70 c2 1d 6e dc 71 9f 34 8f 9c c5 b7 bd 36 18 72 8e 35 b7 78 a7 d2 3d d7 71 6f bf 45 5e 1c e7 d2 f5 cd 09 f6 d4 49 cc 82 6e 37 66 Data Ascii: w['*W<4\|G2~`L:aCaNxbK%>5cx00.=X9dxdXR]57G0b6ugYXgBhf=3hVFx.8mj;~VlN9-.n)u]p22pOcpnq46r5x=qoE^In7f
2024-03-29 15:11:14 UTC	2406	IN	Data Raw: ab 83 f3 fc 54 7d d2 f7 de 73 d2 67 7d f6 80 bf fd 37 ee 8e 77 55 9a 3c e6 c5 76 d2 d8 e9 1b 7b 2e 66 57 d7 a6 ff 7a de 65 6e 32 e3 ff 9e 11 af 5f e0 f1 9b af 7c b3 0f 7f f9 39 d3 3d f4 83 8e 79 b4 53 bf 1b ac 67 aa 2d b4 ff ff ea b7 2f 9c fc 40 72 fe f8 7b 8f 8e da 7f 34 fe 89 5f 3f ee db 8f aa f7 7b 7c ff e9 98 ff 7b 77 2f fa 7c 0e 09 cc ef fc 38 2e fd 08 4c f4 4e cf fa e8 4f fc 96 ce 64 90 2f 9b 82 0f c0 ea 6f de f2 0f 3a ce 4d 3d 2e b0 d2 18 4e fd 02 70 f4 c0 2f 0e 26 d0 ff 32 30 f5 2a f0 0a 0a 50 01 af 4a 05 d3 6b d8 92 86 01 cd e1 ff c6 2b 04 2d 70 00 0f 0f 06 27 01 f5 b8 05 07 d5 8e 05 23 8f 06 eb 2c e3 f0 cf 01 61 0f 01 1f f0 e6 d6 8c 07 05 8e fb d6 20 05 37 d0 04 46 30 c3 fa af 06 89 90 f6 7c b0 f3 aa 50 f6 14 66 08 b3 30 07 95 b0 fb 9e 30 1b 64 Data Ascii: T}sg}7wU<v{.fWzen2_\|9=ySg-/@r{4_?{\|{w/\|8.LNOd/o:M=.Np/&20*PJk+-p'#,a 7F0\|Pf00d

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:14 UTC	560	OUT	GET /CRES_login_bg.jpg HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:14 UTC	502	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 155249 Connection: close Date: Fri, 29 Mar 2024 15:11:15 GMT Last-Modified: Wed, 20 Sep 2023 11:59:56 GMT ETag: "c3598f2d3bf6694df3378aafc792bfee" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: 93bKTIgHsic5-FvEYUbWzAaOCTb_MJjwJvzFnEMZJlYfdwnArtxyFQ== Vary: Origin
2024-03-29 15:11:14 UTC	3589	IN	Data Raw: ff d8 ff e1 00 4a 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 01 00 98 82 02 00 26 00 00 00 1a 00 00 00 00 00 00 00 73 61 6e 64 72 61 20 63 69 66 6f 2e 20 77 77 77 2e 63 69 66 6f 67 72 61 70 68 79 2e 63 6f 6d 2e 20 32 30 31 36 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 00 00 00 ff e1 04 13 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 Data Ascii: JExifII*&sandra cifo. www.cifography.com. 2016Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: 87 c1 65 94 25 7e 4a 61 fe 21 03 e3 b2 d5 49 93 aa ea a0 e9 af b9 5d 51 aa bd 2e 0c 71 27 6a fc ac d1 7b 8b ac 35 27 43 e0 ab 32 7c 0d 68 c8 2a be ea 8f 5c 1b d6 ea da 33 8a dc 6d 7c c8 cb 67 67 05 35 ea 48 1e 6a bf 25 74 72 68 bd db 5f 32 22 eb b8 0e 5f ef 38 ba b8 65 ee 77 53 f2 d4 1a e2 a2 b7 2a f4 ac 19 f2 70 db 8e d1 25 af 71 b3 e5 c1 17 f7 0f 91 e4 88 d7 86 94 fd f9 3a be b7 1d 74 38 97 17 25 fa 47 98 5b 82 d4 7e ad 0a 37 7e ea 3e 54 43 f7 17 b6 9f 81 d1 c5 c3 c7 18 c9 d1 b1 74 c1 47 02 e0 e4 be b8 36 af b5 5d 59 d4 bc 46 45 c6 55 e1 a5 74 46 b0 00 15 cd cf 56 f2 8e 4d c8 f5 0c ad c3 4b 6a 82 63 9e 9c db 71 aa 2e bb 1b c3 89 e9 d0 1f b5 5d 1c 18 df 82 d4 53 a8 47 42 e3 74 cf 1b c7 66 6e b4 c9 e5 ae 4b 2f 03 5a f3 d9 05 8f 44 0e 4a fb 9e e8 d1 73 55 Data Ascii: e%~Ja!I]Q.q'j{5'C2\|h\3m\|gg5Hj%trh_2"_8ewSp%q:t8%G[~7~>TCtG6]YFEUtFVMKjcq.]SGBtfnK/ZDJsU
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: ed 2f c7 9a fa d7 86 a7 3a b0 1e 95 6e 99 a1 e6 ab 9d 14 e5 80 3a 89 b5 15 b5 41 5b ab 14 04 d7 8a a8 d5 24 88 91 a6 06 89 21 92 98 49 43 0d 06 0c 04 26 84 34 02 d0 69 95 b5 b1 3a 30 00 14 c6 a3 22 86 a4 ae 3a c4 88 aa 94 17 33 2e e4 00 80 00 81 80 00 00 c0 0a 19 25 12 40 80 00 06 31 0c a2 d3 18 aa 50 0a 02 06 00 00 00 00 00 00 26 a4 e5 e4 a6 cc ad 0e b2 5e 70 07 3d 6d 07 42 b4 9c d6 e2 75 ca d0 75 b1 11 d1 bd 68 33 3a c5 b5 34 58 2a 81 80 00 00 00 00 9b 81 91 33 6f 20 29 28 18 83 20 30 16 42 00 ca ce 1c a2 eb 7d c5 41 82 b3 ab 80 37 80 80 43 00 22 d6 da 8b 39 b9 2d b9 81 35 5b 99 d4 94 68 67 c7 09 1a 00 c4 19 08 00 92 1d a1 97 03 03 29 75 66 a4 b5 21 30 b2 04 b7 b4 ce d6 76 0b 3d cc aa 71 ed 72 c0 9a f1 37 ab 83 55 44 87 28 25 80 c6 2c 84 77 00 90 90 00 Data Ascii: /:n:A[$!IC&4i:0":3.%@1P&^p=mBuuh3:4X*3o )( 0B}A7C"9-5[hg)uf!0v=qr7UD(%,w
2024-03-29 15:11:14 UTC	1024	IN	Data Raw: 18 14 4d 8a 33 bd 92 28 c6 da 97 4d 0c ec a7 25 d1 90 5c 09 ae e3 90 e8 11 8a 49 39 45 72 57 70 23 58 03 9e 94 c9 7c be de 9c aa 2c 6d 5c 19 df 00 63 c7 c7 4e 0a ec ae bd c7 5d 4a bc 46 84 2e 44 82 b4 59 2a c4 d5 c9 56 02 3e a6 d3 45 0f 43 0b ea 5a 70 98 46 8e db 5c 92 b9 13 7e 26 6a ed 14 b6 b7 31 90 37 dd 04 59 a9 35 d5 18 d9 29 0a 52 d3 c0 ed 64 d4 3c 04 64 02 34 e2 5b 53 eb 90 b3 96 57 1e 84 32 a8 1a 10 c8 8a 33 45 f4 21 05 68 94 8c 2a a4 ad a8 a3 36 95 b0 cc 7e 96 dd 0e a8 14 01 cd 5b 56 b8 7a 9b ee f8 11 7e 25 6c f5 33 6b 6e 6d 92 0e 9d c8 17 91 95 79 14 4a d0 d5 59 3d 19 42 b6 a4 95 6d 49 01 88 63 a8 13 16 21 d2 d5 f5 23 70 6e 00 ca ad 5b 26 a6 17 aa af a9 3c 9a d3 2a 58 05 ad b5 49 3c 6a 14 bd 59 3f 3d b3 a2 29 bd d8 44 0d 3d de 45 34 b4 12 c2 80 Data Ascii: M3(M%\I9ErWp#X\|,m\cN]JF.DYV>ECZpF\~&j17Y5)Rd<d4[SW23E!h6~[Vz~%l3knmyJY=BmIc!#pn[&<*XI<jY?=)D=E4
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: ea 73 5b 62 e3 53 d5 bf cc ae 0e 5d 8e d6 af 42 ec a9 ee 29 56 a2 8f fa 7a 3c f4 01 6e a7 d4 f2 4c be 3f 73 45 46 af ea a4 c4 3e 9e 46 4e 8b ea b9 99 da cc b6 d3 e9 bd 7e 66 41 e8 2e 1a 72 3a db 8f 29 47 9a 1f 3f 1f 1f 12 6f 49 39 a8 95 79 69 13 3f c8 f4 ed 5a 72 e2 e0 79 b5 7c 73 55 f7 1a ff 00 71 c6 ea eb c9 9a fe 28 da fe d3 8d 59 35 2a 34 ec 71 db 82 aa ae 5b d4 0d ed c5 55 17 59 ac 6a 64 be 9d 96 3b 95 c7 1c 56 9a d9 c4 65 74 2d 71 f1 f2 ff 00 c5 e9 b7 f4 bf d0 05 57 5a 37 65 83 5f f6 b9 5c e2 b6 39 ac d2 dc 9a 69 93 35 95 e4 51 ad ab 4a c2 b6 19 d3 4c 2c 1c d5 e6 ad ea ab cb ea ec fa a3 b2 b4 85 8c a0 15 b8 e9 77 ea 52 2b f0 d5 29 e8 0f 93 6d d2 69 e4 d9 56 ba c8 1c bb 28 53 54 78 63 e4 e3 eb 56 62 d6 a1 1b 2a 25 a6 84 de 94 6d 36 55 5c 23 3b 7b 8a Data Ascii: s[bS]B)Vz<nL?sEF>FN~fA.r:)G?oI9yi?Zry\|sUq(Y54q[UYjd;Vet-qWZ7e_\9i5QJL,wR+)miV(STxcVb%m6U\#;{
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: 09 23 95 4a c9 a1 3c 96 55 52 f4 03 ce 76 8d 19 a7 15 a5 9a a5 c5 ca bd 2c 2b c1 b1 ca 78 03 6b ac 18 26 8e 9b 29 47 1d b0 e0 05 74 ed a1 9d e9 7b 28 48 ec ad 10 f6 10 65 c3 c1 6a ac 8a de de ed ca 3a 25 a1 ee 60 72 be 0e 4e c1 f4 39 22 20 e8 b5 dd 73 07 1f f7 f0 f3 5f c4 a3 a2 9c 36 ad 61 a3 0b 71 dd fe d0 fe fd 75 ab fb c5 ff 00 c8 d7 fa 59 05 aa 5e 1e 18 3e 3b e7 0c 2b ef ab 6d 13 2b fb ea f6 65 0f 6d bb 33 27 5b f6 66 df de 51 66 18 7f 7b 4f 10 39 bd 4a 30 c6 b7 63 53 67 ef 29 fe 60 5e f7 8f bb fb 88 22 fa 9d 94 bd 7b 98 3f 75 c6 94 cb 8f 23 7a 59 5d 4d 74 28 c3 9e ae cd 6d ee 2b cd 62 4e 9b 72 d6 9f 33 8f 81 2f dc f1 35 8b 20 30 ad 6d 65 d9 49 d0 aa 92 9d 7c cc 5f b9 e3 d1 3d cc e6 e4 e4 fa 98 b3 b2 5d b0 4d 91 71 d7 6e 7a 27 b5 b5 3f 81 16 b6 ef df Data Ascii: #J<URv,+xk&)Gt{(Hej:%`rN9" s_6aquY^>;+m+em3'[fQf{O9J0cSg)`^"{?u#zY]Mt(m+bNr3/5 0meI\|_=]Mqnz'?
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: 77 4e 0f 46 9e de a9 67 53 53 59 b8 f3 39 5e df 94 c7 8e d6 6c f7 3e 9d 74 83 95 fb 75 c4 f7 24 6b 13 5e 7f 37 23 4e 0f 73 87 35 47 89 cd 65 ac 1e d7 07 c8 bc 87 95 ad 89 28 93 6c 89 1c 92 12 40 d9 2c 6d 88 82 d0 c4 86 68 00 21 01 40 c5 21 24 11 73 33 4b 19 81 2c 51 bb 03 64 bd 00 4b db da b9 94 5a ab 7a c1 c5 f5 9a 70 d6 e4 0a b4 bf ca f6 b0 3d 4a 28 50 65 cd 26 7e df d1 86 69 ca e0 0c b8 bd cc 28 b4 e0 c7 dc 72 d3 92 04 ae 9e 22 0c 79 38 db ca 72 41 9b 56 ae 56 51 9d bd c5 97 dc 27 ba a4 5b 92 71 65 d0 a3 47 ce 9e ab a8 d5 a7 35 ce a6 1b 55 9f a5 c6 4c dd 5a fc 40 e9 fa ae ba a8 d0 ba f3 a8 ce 4e 6a f2 5a 3b af 12 92 5c 9a 26 9f 80 1e 87 0d ea de 09 f7 f2 d2 f3 33 e0 f6 f7 ad a5 e8 6f ee 79 6b 45 36 52 07 3b 5b 51 cd c9 c4 b9 17 89 db ff 00 25 75 81 57 Data Ascii: wNFgSSY9^l>tu$k^7#Ns5Ge(l@,mh!@!$s3K,QdKZzp=J(Pe&~i(r"y8rAVVQ'[qeG5ULZ@NjZ;\&3oykE6R;[Q%uW
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: de 99 c7 70 a5 6a b8 ac bd 50 af 3f 2f 8a 2f 9a 89 d2 ca 1b c3 f0 fc 4e 7e bb 8c f1 cb cc e6 e6 6b db f1 ba 25 59 76 d0 c9 70 5f 96 89 f8 eb 6f e6 75 ba a5 ed ea db 55 4a cf e5 5b bf 17 d4 85 6a ba 3f 4e e6 ba dd cf e1 a1 d5 7c f7 c3 2a 71 d3 4d db df 6e 34 df f2 34 bd 7e 9d 67 62 af 8f 25 b3 ff 00 a5 19 db 9e f1 13 0b b2 c1 c9 77 2c 8d d9 7e 6b d6 e3 b2 75 e1 6f d4 b7 44 bd 34 7a 23 8b 9d 46 e4 f5 4d 9d 9c 55 b5 bd bd 5e 8e b6 4f 3e 0c cf dd 5a 94 e4 b7 ee b3 cf 80 4f 36 4d 79 16 4d 29 3d fa 55 72 56 bc 8d c3 8a bf b8 f9 eb dd dd cb 3d 9e 76 b6 d2 17 ed 5f 70 63 cd af 51 d6 bb ec e7 58 31 dd c7 f5 2f 9c ec ca 2a 7f dc b4 76 af e4 71 f1 d1 ff 00 77 74 ff 00 75 1f e4 73 9f b5 67 e1 1c 5e e3 89 b8 a5 5b c7 52 3f bf b6 95 ad 51 8f b6 ac 5e 3c 19 9b 69 36 75 Data Ascii: pjP?//N~k%Yvp_ouUJ[j?N\|qMn44~gb%w,~kuoD4z#FMU^O>ZO6MyM)=UrV=v_pcQX1/vqwtusg^[R?Q^<i6u
2024-03-29 15:11:14 UTC	5120	IN	Data Raw: 9c d4 b4 60 e8 4c aa 60 03 02 60 c6 f4 5a 9b 99 d9 81 cd 19 34 5c 4c 8a ea 75 54 23 1f a6 d6 48 b5 1a c9 d6 00 71 a6 35 76 74 ba 26 65 6e 1e a8 05 5e 53 45 ca 8c 76 b5 92 aa fa 01 b2 ba 1e e4 42 aa 62 fa 7d b0 15 ac 81 8e cb 2d 18 4d aa 06 e0 63 f5 1f 54 3f a8 80 d4 08 57 4c a9 01 80 80 06 02 00 18 08 00 60 20 01 80 80 06 02 90 90 18 08 24 06 20 09 00 83 1b d3 b1 b4 86 a0 73 ab c6 a6 b5 b2 64 da 88 c9 4d 40 ea 19 95 6c 5a 60 50 08 00 60 20 01 80 82 40 60 20 01 80 80 06 02 00 18 13 21 20 50 13 28 37 2e e0 50 12 da 5d 45 b9 77 40 58 11 be bd d0 6f ae 92 80 b0 21 5e af 09 a0 fa 95 ee 80 6d 4e a6 37 e2 7a d4 d1 72 d1 e8 d7 de 3d f5 ee 80 e6 77 c4 59 4f e6 3d b3 9a e5 7e 26 b6 b5 2d 86 d1 ce eb 54 fd 36 fe 24 18 5b e4 f8 a2 d3 ff 00 73 e0 53 7b d4 72 67 c5 6a Data Ascii: `L``Z4\LuT#Hq5vt&en^SEvBb}-McT?WL` $ sdM@lZ`P` @` ! P(7.P]Ew@Xo!^mN7zr=wYO=~&-T6$[sS{rgj
2024-03-29 15:11:14 UTC	16384	IN	Data Raw: 4d 48 90 7c 80 09 09 08 20 b8 80 41 90 b8 e9 f6 3f f2 c7 74 cf 73 89 6b e4 78 7e ca ad f3 54 f7 1d b6 71 d9 ad 60 e5 7f 7f f0 bf 0f 36 b5 3b af e9 df fe 4a 56 9f 7e 59 c0 b9 2b 56 a5 e2 51 d5 cd ca a3 93 ff 00 ee 27 ff 00 8c 60 ea e9 eb b9 0f db 7a 6d 6b 74 a5 1f e2 3e 57 f4 f8 1f 75 53 9f db f2 ab 2e 4a ad 5d 71 f0 35 f7 16 57 e2 69 75 ae 0e 5e fb f2 cd ee b8 7d e5 a2 9c 49 69 f4 ce 0d ad e4 e9 ad 69 cb e9 b7 fb 77 4b 0d e8 fc fb 02 e2 7c 36 8e 4c 51 e3 72 d3 cf c4 ec e4 c2 b4 6c d9 56 b5 53 7d 3f a7 af c4 2f 3e da de 8c ce 97 ef e4 62 d6 fc ad 48 b3 95 df 99 d9 42 f4 d7 b2 17 17 25 b8 ed ba af e1 dc cd 78 84 84 ae 8e 6e 67 cd 77 76 a2 71 1d 97 42 24 89 14 86 56 4d 9f 4f bc 4e d0 44 81 7b ba 90 ed 22 79 29 54 a2 60 a8 82 a1 0d b8 40 4b 41 1d 4a 88 78 04 Data Ascii: MH\| A?tskx~Tq`6;JV~Y+VQ'`zmkt>WuS.J]q5Wiu^}IiiwK\|6LQrlVS}?/>bHB%xngwvqB$VMOND{"y)T`@KAJx

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:14 UTC	616	OUT	GET /websafe/images/loginbg.gif HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=E50D505096AD70B0E639F9D86D643C3A
2024-03-29 15:11:14 UTC	534	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 51646 Connection: close Date: Fri, 29 Mar 2024 15:11:14 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" X-Frame-Options: DENY Cache-Control: must-revalidate,max-age=1 Pragma: no-cache Last-Modified: Fri, 02 Feb 2024 14:23:17 GMT ETag: "18d6a33cc20-c9be"
2024-03-29 15:11:14 UTC	4096	IN	Data Raw: ff d8 ff e1 00 4a 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 01 00 98 82 02 00 26 00 00 00 1a 00 00 00 00 00 00 00 73 61 6e 64 72 61 20 63 69 66 6f 2e 20 77 77 77 2e 63 69 66 6f 67 72 61 70 68 79 2e 63 6f 6d 2e 20 32 30 31 36 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 00 00 00 ff e1 04 13 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 Data Ascii: JExifII*&sandra cifo. www.cifography.com. 2016Duckyhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79
2024-03-29 15:11:14 UTC	3429	IN	Data Raw: ab 23 55 ea 58 00 00 00 00 00 00 00 a4 05 6a f2 c0 aa a5 46 e5 49 0e 53 9d 80 aa bd 87 24 59 46 4a 50 03 90 09 0c 80 40 04 04 00 00 c0 05 01 03 00 02 6c 51 0f 36 02 90 c9 58 c0 e4 06 02 90 c8 0c 52 10 38 01 48 48 37 b2 04 a0 05 c7 a9 50 00 02 7a a1 8a da 0c 00 00 00 09 b1 44 58 0b 02 15 87 20 50 13 c8 5c 80 5f dc 68 63 39 92 f9 01 60 4f 20 90 28 4b 71 8a ba 00 c0 00 00 00 00 96 38 80 18 12 d3 d5 0d 31 89 a9 01 81 28 70 03 01 04 80 c0 00 00 8b 29 65 90 fa 81 40 30 01 04 0c 00 50 12 30 01 48 c2 05 00 30 14 30 90 18 98 48 96 40 6b 02 59 c8 35 38 29 60 00 00 00 00 00 00 50 86 00 47 02 74 d4 d4 4d 48 12 99 49 99 b5 03 4c 0d 04 d8 48 96 00 69 40 c5 28 60 00 00 00 28 18 01 2e a2 86 8b 00 22 5a 1f 22 80 0c 2d a8 8d 6d 5c 19 04 5a 65 72 66 68 72 14 ed 95 fa 85 73 Data Ascii: #UXjFIS$YFJP@lQ6XR8HH7PzDX P\_hc9`O (Kq81(p)e@0P0H00H@kY58)`PGtMHILHi@(`(."Z"-m\Zerfhrs
2024-03-29 15:11:14 UTC	667	IN	Data Raw: 96 b2 80 70 03 80 01 4f 51 c8 9b 12 ca 02 89 99 c2 16 ba 68 3d 3d 00 69 40 c5 23 00 00 00 00 00 00 24 a1 00 00 21 80 80 62 80 25 88 a2 40 65 a3 32 d0 03 42 ca 28 40 4b 96 28 40 ef d0 89 20 4e cd 61 61 12 99 4a ae da 9b 2a aa 94 45 69 d4 b5 0b 40 00 01 00 59 f1 5e 60 03 82 6b 67 b9 a0 0b 40 42 6c 69 80 31 89 84 80 e4 4d 93 20 d0 04 c8 47 50 9c c0 ad 33 80 86 94 64 ce 24 d5 e5 13 00 73 a7 3a 02 b4 6a 42 5e f8 2b 3e b8 20 76 aa b1 0f b6 e7 da 69 19 1a 70 06 14 ee 5a 9e ef d4 df 9d 6f 8b 2f 20 69 58 8b 76 da cf b4 0b e1 6a fd af 92 e8 c3 9d 6f 8b ac f8 dc c5 59 d7 cb 43 75 75 dc c5 91 46 76 ec bd 6a f9 2f 89 92 67 5b ab 59 af b8 97 6a df 17 50 fc f1 f1 dc 0c 95 8d 15 89 b7 65 af b7 3e 5b 99 68 07 52 65 1c ca c6 8a e4 1b 01 13 25 48 0c 6b 02 19 40 01 21 20 00 Data Ascii: pOQh==i@#$!b%@e2B(@K(@ NaaJ*Ei@Y^`kg@Bli1M GP3d$s:jB^+> vipZo/ iXvjoYCuuFvj/g[YjPe>[hRe%Hk@!
2024-03-29 15:11:14 UTC	4096	IN	Data Raw: 27 ea 4b b3 60 57 3c 89 da 49 9e a8 96 d0 18 3b 3a eb 95 1a 97 33 a1 0f 78 f2 07 0d e5 6f b1 06 b3 91 99 29 59 5f 56 a5 2b 27 ee 02 c7 24 f2 09 4c 0a 84 f5 27 87 17 28 1b ea 35 64 05 55 b6 d8 9d d3 6e b6 5a 15 57 39 33 74 cb 7d 40 be 36 ae 68 e5 74 7f b8 72 ad f1 65 9f 1b 99 29 ab c7 8c 1a 2b ab 62 e8 09 b7 65 ac d7 26 53 1a 9d 0a ad 66 8e 57 46 0e d5 be 2f 86 06 4a c6 8a c4 db b2 d7 db 9f 99 9c b5 86 07 4a 65 49 ce ac 68 ac 06 9a 92 f0 34 00 45 6e 57 33 3b f6 e7 28 15 18 1b cc 93 19 90 55 2a 0a 02 5e 4a 08 01 0c 00 04 eb 26 2e ad 3c 9b 80 56 6a cc d9 68 66 eb 1a 1a 2d 00 90 00 00 00 02 00 62 19 40 20 02 00 00 0a 28 62 18 04 0a 3c c6 00 66 e9 e6 4c 34 6c 00 62 99 48 2d 5d d0 93 03 41 89 0c 00 00 00 00 00 00 4d f4 18 90 04 60 51 05 00 00 12 9c 61 94 00 02 Data Ascii: 'K`W<I;:3xo)Y_V+'$L'(5dUnZW93t}@6htre)+be&SfWF/JJeIh4EnW3;(U*^J&.<Vjhf-b@ (b<fL4lbH-]AM`Qa
2024-03-29 15:11:14 UTC	4096	IN	Data Raw: 84 21 c8 b9 00 71 5d 03 8a 0e 5e 63 90 0d 02 40 60 12 20 60 00 31 02 7d 40 20 1e 46 27 90 07 81 fa 88 59 40 52 19 33 92 80 41 22 9d 87 00 26 9e a3 4e 46 4b 5b a0 28 40 9c 8c 0c d7 d2 e0 b2 6c a7 20 9c a0 28 62 18 08 06 00 2d 06 27 80 4c 00 4d ec 81 b0 50 03 4a 32 30 00 01 00 c0 44 8d 88 06 50 90 c0 41 20 00 31 00 00 a1 0c 00 00 06 20 18 12 24 c0 a1 09 0e 00 49 0f 88 e4 96 c8 2a 52 25 b2 1d 85 2d e8 05 37 03 a5 a5 93 c7 a9 75 f2 45 16 31 0c 00 96 51 2c 01 0c 94 50 00 c4 30 11 2c a2 58 12 34 20 41 04 e4 a4 48 ea 15 4c 99 65 32 40 49 b1 8b 05 a0 26 05 05 36 4b 6b 70 1c 21 fa 09 3e 88 70 10 00 44 0c 09 c9 2d 60 a0 7a 01 89 ad 74 32 6d 1a 55 e3 a0 14 04 bb ad 85 2d e8 05 89 d9 21 71 6f 56 10 90 52 e7 d0 7f 53 f2 17 24 b4 17 36 06 1d c7 15 15 6c d4 2d a0 ea 59 Data Ascii: !q]^c@` `1}@ F'Y@R3A"&NFK[(@l (b-'LMPJ20DPA 1 $I*R%-7uE1Q,P0,X4 AHLe2@I&6Kkp!>pD-`zt2mU-!qoVRS$6l-Y
2024-03-29 15:11:14 UTC	4096	IN	Data Raw: b1 05 22 35 90 6e ab 60 10 9b 2b 97 90 b9 30 8a 56 6b 44 1f 5b 23 93 ea 00 54 3d d8 d4 75 21 9a 20 a4 94 21 59 e0 2a e5 0e 3a 81 82 af 2d f6 29 aa a7 97 2f d7 05 ce cb 41 59 29 01 55 cd 9e 64 2f 47 64 74 2a a5 98 32 bb 9f 40 2c 04 01 03 70 67 4c b2 ec 67 4c 75 0a 77 6b 46 14 ac 3f 23 49 4f 58 1a 55 5a 60 0c fb 8b 28 53 38 b7 53 4b 51 58 97 da e8 c0 9e 31 e8 42 5b 96 fe 86 84 9a b6 98 60 55 9a 6b ea f7 8d 28 22 ea 11 75 60 3b 60 7d cd 05 6c 8e f9 50 06 32 6a af 1a 99 a7 b3 f7 95 6a e0 01 f7 53 7a 48 4d 7a 33 3e 16 5b 0c 0d 3e 9e a1 08 89 1f 19 dd 01 5c 4b b2 fa 4c b8 9a b7 88 03 3a a7 04 57 0e 20 d5 36 b5 04 e5 ec 06 af 43 35 62 db c6 42 b0 d6 00 94 fc 85 64 b7 c1 5c 7c c9 b2 49 48 11 ca ab 44 d9 69 d9 c6 c8 cf f2 f4 1d 6c db 52 07 43 20 b6 41 43 00 02 00 Data Ascii: "5n`+0VkD[#T=u! !Y:-)/AY)Ud/Gdt2@,pgLgLuwkF?#IOXUZ`(S8SKQX1B[`Uk("u`;`}lP2jjSzHMz3>[>\KL:W 6C5bBd\\|IHDilRC AC
2024-03-29 15:11:14 UTC	253	IN	Data Raw: ff 00 22 95 ae ff 00 b8 c0 a0 36 b2 be 8e c5 d6 d6 aa fa 9a 30 ac db 05 df b5 69 97 a0 03 e5 32 ac 81 73 6e 25 17 4e d2 5a 94 ab 55 6c 20 21 d3 b9 d5 19 f1 b7 54 76 33 9d 2c 80 b8 df c8 da ab bb 18 68 4d 60 e8 ae 10 1c b5 76 56 6e d0 52 ee e7 3a 0b 8f 3b 34 8c 78 3a e1 81 d2 ea ad 94 57 e2 c6 a7 29 a2 4f 88 1a 3e d7 98 bf 12 ea 64 d3 32 e3 60 3a ff 00 1a 7b 8f f0 9c fd ba be 49 b3 d0 90 30 5d b8 72 16 af 23 79 42 6d 01 82 ac 21 a8 7a 0e ee 50 bb 6a 16 00 a7 c6 72 ca e3 53 1e ef 77 83 88 32 7d d6 f7 03 a1 f1 41 87 29 1c 92 74 76 ad 2e 00 76 a9 9b 47 4d 91 9c 11 a6 2a a5 71 35 88 25 a2 0c 5a 08 34 e2 5a a9 46 75 a9 a4 25 a8 f4 32 bb 97 00 68 b3 9d 8a c6 9b 89 74 1c 43 84 0a aa a2 c4 8a 2b 20 e7 be a7 41 cd 77 90 29 fd a6 09 33 79 4a aa 74 31 77 01 a7 Data Ascii: "60i2sn%NZUl !Tv3,hM`vVnR:;4x:W)O>d2`:{I0]r#yBm!zPjrSw2}A)tv.vGM*q5%Z4ZFu%2htC+ Aw)3yJt1w
2024-03-29 15:11:14 UTC	192	IN	Data Raw: 25 2d 88 a3 4b 52 d6 a0 53 59 c8 dd 50 9b 53 91 5a c4 54 81 b5 5a b6 c5 70 5d 0a 8c 6e 93 70 c4 a1 68 cd f8 a7 b0 bf 1d 56 c0 67 1e 60 8d 38 20 e0 ba 0c 18 b6 0b 46 6d c1 3d 84 eb 5a ac a0 30 9c af 54 75 d8 e7 6a ad e0 e8 b0 08 68 43 40 02 b6 83 64 df ed 03 14 39 25 00 04 83 d0 40 f4 00 70 75 d8 e2 6f 07 63 10 03 12 02 8e 36 fa ad c9 4e ab fb 59 d4 fb 69 91 dc e3 45 a6 76 20 d2 99 a2 82 d1 97 69 cd 32 6a 8a 39 fb f6 4a 24 3b 2d 67 d8 2f f6 1b 94 90 bb 16 6d b9 20 d7 b9 f6 b3 4a e8 bd 0c fb bf 6b 34 ae 88 06 31 01 43 01 00 0d e8 21 bd 09 01 5b 51 20 b6 a0 b4 22 09 c9 44 Data Ascii: %-KRSYPSZTZp]nphVg`8 Fm=Z0TujhC@d9%@puoc6NYiEv i2j9J$;-g/m Jk41C![Q "D
2024-03-29 15:11:15 UTC	4096	IN	Data Raw: a5 92 8a a6 88 9c 96 88 e2 e6 42 29 64 68 55 43 0a 00 03 60 12 c8 6e 24 87 19 02 98 86 c4 02 00 00 00 00 00 33 ff 00 fa 7b 0d 0c bf fe 9e c0 2e da 19 57 b9 d5 9a db 46 71 f2 51 10 c8 3b 7b 6e 64 d1 98 76 1e 1c 1b b2 8c bb 9a 33 1e 5f f2 35 ee 7d ac ce 9d aa d9 69 a1 28 4e de 63 a3 96 b2 5b ec d5 8e bd a4 9c a2 60 d8 18 09 9a 12 ce 46 a4 eb 39 59 03 4a 10 eb f4 89 68 08 28 4b 25 53 e9 d7 72 56 a3 b3 08 bb 2d 83 b6 a2 c4 2b b5 e8 6b 46 9d 80 d8 00 0a 02 59 44 01 36 d0 c5 6b 2c da da 33 14 e0 80 71 b0 9a 51 a0 f9 bd 47 cd 81 3a 68 8a ed d5 26 9c 43 27 f2 34 e0 ba bc 80 f0 f2 c9 04 2d 80 a4 c5 3e 86 6f 50 6a 10 17 33 b1 4c ca af 06 80 4c be 88 52 fa 20 88 04 06 f6 78 42 6f e9 0b 68 8c 5e ac 06 ac ca 4f 1e 66 34 52 cd 95 95 40 49 db 71 cb 2f 90 3b 60 8a d6 9a Data Ascii: B)dhUC`n$3{.WFqQ;{ndv3_5}i(Nc[`F9YJh(K%SrV-+kFYD6k,3qQG:h&C'4->oPj3LLR xBoh^Of4R@Iq/;`
2024-03-29 15:11:15 UTC	3712	IN	Data Raw: fa 8b 0d cf 90 bf eb d7 a9 5d 9e d7 16 d3 ca 7a 01 b7 35 2a ae 18 ad 4a 3d e1 9c 77 4f 9c 3d 8e 8e 2a d6 86 01 dc 5c 17 d5 94 f7 37 a3 c2 33 b7 69 5f 7c 9b 29 9d 70 51 40 00 00 4b 28 96 04 5b 46 73 6c 74 db 46 73 d6 bc b0 88 3a 69 f6 a2 85 55 09 26 32 80 00 30 10 00 60 25 00 1c dd de f3 ed db 1a 41 d1 2b a9 87 76 8a d9 95 a1 15 5d be e7 35 2d 16 f8 ee 67 da 49 57 05 ec 04 fd 0c 4f b7 2b 06 6d 05 f4 1a 3a 52 8a c1 cd f8 9a d9 1d 2b ec 38 df 7e c9 b4 05 70 b6 c9 10 fb 6f a2 2d 7f b2 f7 45 d7 bf 57 b3 03 1f c7 65 b0 9d 6d 27 4f 3a db 57 03 55 4f 46 06 9d 9f b5 49 a9 14 50 a0 b2 80 43 10 10 c7 50 61 50 2c 04 30 01 31 89 81 0c 96 53 13 20 51 22 5c aa 35 82 93 92 84 9a 79 dc 9e e5 5d 96 0b d3 42 6d 2f 4c 01 c2 ea d6 a1 2d 1d 92 e3 ea 52 66 fb 75 b7 da c8 32 e6 Data Ascii: ]z5J=wO=\73i_\|)pQ@K([FsltFs:iU&20`%A+v]5-gIWO+m:R+8~po-EWem'O:WUOFIPCPaP,01S Q"\5y]Bm/L-Rfu2

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:14 UTC	569	OUT	GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:15 UTC	547	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 303504 Connection: close Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Fri, 29 Mar 2024 15:11:16 GMT ETag: "a4a7379505cd554ea9523594b7c28b2a" Vary: Accept-Encoding X-Cache: RefreshHit from cloudfront Via: 1.1 87bf84f333bc8ae1d8c723bf1e035c1e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: x8jzYGotB3qF6sV4ULWhREAQM9gR055OReMV7MeyOxu2DHQzhg-jKA== Access-Control-Allow-Origin: *
2024-03-29 15:11:15 UTC	15837	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 3b 00 00 00 04 12 47 50 4f 53 bc af 92 58 00 03 3f 14 00 01 1f 80 47 53 55 42 be 7f 66 78 00 04 5e 94 00 00 42 b4 4f 53 2f 32 22 97 6e 62 00 02 6e 4c 00 00 00 60 53 54 41 54 f1 71 d9 45 00 04 a1 48 00 00 00 48 63 6d 61 70 2f 2e e9 9d 00 02 6e ac 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 3a f8 00 00 00 08 67 6c 79 66 8b bf 4f 34 00 00 01 0c 00 02 1d 26 68 65 61 64 2d c3 61 46 00 02 46 24 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 6e 28 00 00 00 24 68 6d 74 78 fd c3 4c d4 00 02 46 5c 00 00 27 ca 6c 6f 63 61 09 5d 06 34 00 02 1e 54 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 1e 34 00 00 00 20 6e 61 6d 65 30 24 51 40 00 02 d4 40 00 00 02 16 70 6f 73 74 a7 a8 35 72 00 02 d6 58 00 00 64 9e 70 72 65 Data Ascii: GDEF11;GPOSX?GSUBfx^BOS/2"nbnL`STATqEHHcmap/.negasp:glyfO4&head-aFF$6hhean($hmtxLF\'loca]4T'maxp4 name0$Q@@post5rXdpre
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 28 dc dc f8 dc 07 24 ff ff 00 88 00 00 06 88 08 00 02 06 01 99 00 00 00 01 00 f8 ff dc 07 30 08 00 00 15 00 00 01 33 11 14 02 04 23 22 24 02 35 11 33 11 14 16 16 33 32 36 36 35 06 38 f8 c5 fe 9a f1 f1 fe 9a c5 f8 84 f5 ab ab f6 83 08 00 fa b4 d2 fe b7 bd bd 01 49 d2 05 4c fa c8 96 e9 85 85 e9 96 00 02 00 f8 ff dc 08 fc 08 7c 00 09 00 1f 00 00 01 33 14 02 04 23 35 32 36 36 25 33 11 14 02 04 23 22 24 02 35 11 33 11 14 16 16 33 32 36 36 35 08 14 e8 75 fe fd d4 8c 9b 3d fe 24 f8 c5 fe 9a f1 f1 fe 9a c5 f8 84 f5 ab ab f6 83 08 7c c4 fe f5 89 c4 5c b4 08 fa b4 d2 fe b7 bd bd 01 49 d2 05 4c fa c8 96 e9 85 85 e9 96 ff ff 00 f8 ff dc 07 30 0a a0 02 26 01 a5 00 00 00 07 06 66 00 c0 02 00 ff ff 00 f8 ff dc 07 30 0a a0 02 26 01 a5 00 00 00 07 06 64 01 78 02 00 ff ff Data Ascii: ($03#"$53326658IL\|3#5266%3#"$5332665u=$\|\IL0&f0&dx
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: af 01 39 d0 d0 01 39 af af fe c7 d0 9e cc 62 62 cc 9e 9e cc 62 62 cc 06 74 e4 fe f4 a8 52 94 f9 ce c6 01 64 ee f0 01 66 c6 c6 fe 9a f0 ee fe 9c c6 d4 a2 01 08 9a 9a 01 0a a4 a4 fe f6 9a 9a fe f8 a2 ff ff 00 90 ff e0 06 00 08 a0 02 26 03 07 00 00 00 06 06 66 f4 00 ff ff 00 90 ff e0 06 00 08 a0 02 26 03 07 00 00 00 07 06 64 00 ac 00 00 ff ff 00 90 ff e0 06 00 08 68 02 26 03 07 00 00 00 07 06 6a 00 c8 00 00 ff ff 00 90 ff e0 06 00 08 00 02 26 03 07 00 00 00 07 06 6d 00 d0 00 00 ff ff 00 90 ff e0 06 00 08 00 02 26 03 07 00 00 00 07 06 6e 00 d0 00 00 ff ff 00 90 ff e0 06 00 08 50 02 26 03 07 00 00 00 07 06 65 01 64 00 10 ff ff 00 90 ff e0 06 00 08 68 02 26 03 07 00 00 00 07 06 73 00 c8 00 00 00 03 00 90 fd a8 06 00 06 14 00 0f 00 1f 00 34 00 00 05 22 24 02 35 Data Ascii: 99bbbbtRdf&f&dh&j&m&nP&edh&s4"$5
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 90 fa 20 fd a0 02 60 00 02 00 60 ff e4 05 94 08 5e 00 25 00 37 00 00 01 34 24 33 32 16 17 15 26 26 23 22 06 15 14 16 16 17 04 00 11 15 14 02 04 23 22 24 02 35 35 34 12 36 37 35 26 26 13 15 14 16 16 33 32 36 36 35 35 34 26 26 27 22 06 06 01 08 01 16 f6 6c ab 5d 3c ce 66 78 80 2f 83 7e 01 2f 01 15 9f fe d7 d0 d4 fe d5 9d 7a cc 7a 81 97 6c 53 ad 88 86 ac 52 60 ae 76 88 ad 53 06 d6 b1 d7 24 24 ec 18 38 5b 47 24 54 5a 2e 6c fe 80 fe ec 1c ce fe b6 c0 c0 01 4a ce 1c a0 01 0a b4 1e 08 33 c2 fc 87 1c 8a e7 8b 8b e7 8a 1c 70 db a1 18 8f eb 00 02 00 90 ff e4 05 7c 06 14 00 1b 00 35 00 00 01 33 15 23 22 06 06 15 14 16 33 32 36 37 33 0e 03 23 22 24 26 35 34 3e 02 05 23 22 2e 02 35 34 36 24 33 32 04 16 17 23 26 26 23 22 06 15 14 16 33 33 02 d0 d0 b8 6c 9e 56 d2 ae a8 Data Ascii: ``^%74$32&&#"#"$554675&&3266554&&'"l]<fx/~/zzlSR`vS$$8[G$TZ.lJ3p\|53#"32673#"$&54>#".546$32#&&#"33lV
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 4a 4a 6a 6a 4a 31 52 31 ff ff 00 70 ff f0 0a 9c 08 1c 00 26 05 35 00 00 00 07 05 35 05 94 00 00 ff ff 00 70 ff f0 07 d0 08 1c 00 26 05 35 00 00 00 07 05 31 05 94 00 00 00 02 00 8c fd e0 05 24 06 0c 00 23 00 30 00 00 01 15 0e 02 07 0e 02 15 14 16 16 33 32 36 36 37 33 06 06 04 23 22 24 26 35 34 36 36 37 3e 02 37 35 13 32 16 15 14 06 23 22 26 35 34 36 36 03 88 01 4d 8c 62 3a 5f 37 5c 9a 5e 52 98 67 07 fc 07 a2 fe f7 a2 b0 fe fb 8f 43 7d 58 58 6a 30 02 70 4a 6a 6a 4a 4a 6a 31 52 03 bc 0c be e3 8b 3c 23 64 81 50 62 90 4e 44 92 76 aa f2 80 8c f4 9c 6f b2 8c 35 37 79 a6 7c 0c 02 50 6a 4a 4a 6a 6a 4a 32 51 31 00 03 00 70 ff f0 05 08 08 1c 00 21 00 25 00 32 00 00 01 35 3e 02 37 36 36 35 34 26 26 23 22 06 06 07 23 36 36 24 33 32 04 16 15 14 02 07 0e 02 15 15 23 03 Data Ascii: JJjjJ1R1p&55p&51$#0326673#"$&54667>752#"&5466Mb:_7\^RgC}XXj0pJjjJJj1R<#dPbNDvo57y\|PjJJjjJ2Q1p!%25>76654&&#"#66$32#
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 3f 00 51 00 5f 00 71 00 7f 00 83 00 00 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 05 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 01 33 01 04 e4 68 bb 7d 7d ab 58 58 ab 7d 7d bb 68 cc 68 6c 6c 64 65 6b 6a 6a 01 c0 5a ad 7d 7d ad 5a 58 ab 7d 7d af 5c b0 6e 6a 6b 65 69 6b 6a 6a f8 cc 5d b3 80 82 b0 5a 5b b1 80 82 b2 5c cc 58 6c 69 57 54 6c 69 5b 08 2c 5a ad 7d 7d bb 68 66 b9 7d 7d af 5c b0 6e 6a 6b 65 69 6b 6a 6a f6 a4 05 80 e4 fa 80 01 80 6c 70 bb 71 71 bb 70 6c 70 Data Ascii: ?Q_q546632#"&&7326554&#"546632#"&&7326554&#"546632#"&&7326554&#"546632#"&&7326554&#"3h}}XX}}hhlldekjjZ}}ZX}}\njkeikjj]Z[\XliWTli[,Z}}hf}}\njkeikjjlpqqplp
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 01 9b 01 25 ac d8 2c c4 fe f4 88 b9 01 4c db a0 b0 01 13 be 63 16 2e 24 d0 1d 30 24 13 ee fe 4b fe d3 a0 fe eb fe 4a fd ff ff 00 90 ff e4 07 0c 0a 40 02 26 04 21 00 00 00 07 06 68 00 8c 02 00 00 01 00 f0 fd e4 07 00 08 1c 00 29 00 00 01 35 36 36 35 34 26 27 25 26 24 02 35 35 10 12 24 33 32 04 12 17 21 26 26 23 22 06 02 15 15 14 16 16 17 05 16 16 15 14 06 06 05 10 4a 4e 32 3e fe 40 d8 fe e0 90 ca 01 6f f7 d3 01 3a bd 16 fe e4 23 df c0 ac ec 7a 5b b7 8a 01 d0 a6 a2 66 c3 fd e4 e8 06 38 3a 2a 3c 16 94 47 e5 01 3d cb f0 01 1b 01 a3 e6 a0 fe d2 d6 e6 d6 a4 fe c7 df f0 91 df 9d 2f a0 38 a8 7c 66 9b 5f ff ff 00 88 00 00 06 88 08 00 02 26 01 99 00 00 00 07 07 fe 01 10 00 40 ff ff 00 88 fe 10 06 88 08 00 02 26 01 99 00 00 00 07 08 03 03 7c 00 00 00 02 00 1c 00 00 Data Ascii: %,Lc.$0$KJ@&!h)56654&'%&$55$32!&&#"JN2>@o:#z[f8:*<G=/8\|f_&@&\|
2024-03-29 15:11:15 UTC	15982	IN	Data Raw: 03 00 07 00 00 01 11 33 11 27 35 21 15 fb c8 cc c0 02 18 fd 9c 02 10 fd f0 a8 c0 c0 ff ff fc 30 fd b4 fe 60 ff 84 00 07 09 df fb 50 fc c8 ff ff 00 80 fe 08 05 60 06 00 02 26 04 d1 00 00 00 07 08 03 02 e4 ff f8 ff ff 00 68 00 00 05 68 06 00 00 06 03 b1 f0 00 00 04 00 34 fd c0 06 10 08 5c 00 03 00 15 00 25 00 35 00 00 01 15 21 35 01 21 11 14 16 33 32 36 36 37 15 06 06 23 22 26 26 35 01 21 11 34 00 33 32 16 17 07 26 26 23 22 06 15 05 21 11 14 00 23 22 26 27 37 16 16 33 32 36 35 03 fc fc 38 01 0c 01 14 45 57 28 5b 49 0c 1e 9e 60 88 9f 45 03 3c fe f0 01 0a ea 2a 59 2d 10 1b 49 24 75 87 fe f0 01 10 fe f6 ea 2a 58 2a 0c 1b 49 24 78 84 05 d0 cc cc 01 64 fa 68 78 58 0c 0e 02 dc 09 1f 6b c5 88 fe 64 06 68 f3 01 01 0b 09 dc 06 06 8c 84 64 f9 b0 f3 fe ff 0b 09 dc 06 Data Ascii: 3'5!0`P`&hh4\%5!5!32667#"&&5!432&&#"!#"&'732658EW([I`E<Y-I$uX*I$xdhxXkdhd
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 26 02 35 35 34 12 12 00 37 17 06 06 02 02 15 15 14 16 16 33 32 36 36 35 34 26 26 02 f0 48 aa 01 02 90 8d fe e9 d0 a5 f3 9e 4e 5d c3 01 31 d3 60 94 e8 a1 53 6b a9 5c 72 9f 53 68 aa 04 60 e0 2a cd fe d5 b6 c4 fe df 9f 89 e2 01 13 8a 4c d8 01 81 01 4e 01 15 6c c8 4c d5 fe eb fe a9 cf 58 b2 f2 7c 5d b3 80 9c d6 80 00 04 00 94 ff e4 07 74 08 00 00 04 00 09 00 19 00 27 00 00 01 01 21 01 03 01 01 07 23 01 01 22 26 26 35 34 36 36 33 32 16 16 15 14 06 06 27 32 36 36 35 34 26 23 22 06 06 15 14 16 03 ec 02 4c 01 3c fc 8c 1c fe 3a 02 7a 3c ac fd 30 01 88 82 d4 7e 7e d4 82 8e d2 74 7f d5 80 3a 5e 38 79 57 3c 60 38 7a 02 fc 05 04 f8 d8 01 e0 05 48 fb 0c 58 05 4c f7 e4 7e d4 82 80 d5 7f 89 d7 74 82 d4 7e f8 32 62 48 6f 71 32 64 4a 6c 70 00 03 00 88 fd a8 06 78 06 00 00 Data Ascii: &5547326654&&HN]1`Sk\rSh`*LNlLX\|]t'!#"&&546632'26654&#"L<:z<0~~t:^8yW<`8zHXL~t~2bHoq2dJlpx
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: ac 00 01 6e c6 00 01 6f 1c 00 01 6f 34 00 01 6f 4c 00 01 6f 64 00 01 6f 7c 00 01 6f 8c 00 01 6f d2 00 01 70 2a 00 01 70 c9 00 01 70 e1 00 01 71 7f 00 01 71 97 00 01 71 a7 00 01 71 b7 00 01 72 2d 00 01 72 45 00 01 72 be 00 01 72 d6 00 01 73 50 00 01 73 f3 00 01 74 0b 00 01 74 41 00 01 74 59 00 01 75 09 00 01 75 76 00 01 76 32 00 01 76 4a 00 01 76 62 00 01 76 8a 00 01 76 a2 00 01 76 d5 00 01 77 7e 00 01 78 2c 00 01 78 95 00 01 79 35 00 01 7a 2a 00 01 7a b9 00 01 7a c9 00 01 7b 25 00 01 7b 82 00 01 7b dc 00 01 7c 72 00 01 7c f9 00 01 7d 11 00 01 7d 9a 00 01 7d b2 00 01 7d ca 00 01 7e 28 00 01 7e 40 00 01 7e 50 00 01 7e 68 00 01 7e cd 00 01 7f 46 00 01 7f 5e 00 01 7f a6 00 01 80 3e 00 01 80 f4 00 01 81 49 00 01 81 b9 00 01 81 d1 00 01 81 e9 00 01 82 01 00 01 Data Ascii: noo4oLodo\|oopppqqqqr-rErrsPsttAtYuuvv2vJvbvvvw~x,xy5zzz{%{{\|r\|}}}}~(~@~P~h~F^>I

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:14 UTC	567	OUT	GET /fonts/Inter/Inter-Light.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:15 UTC	547	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 304092 Connection: close Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Fri, 29 Mar 2024 15:11:16 GMT ETag: "60c8f64064078554b6469eeda25944eb" Vary: Accept-Encoding X-Cache: RefreshHit from cloudfront Via: 1.1 c6bba20dc3ec8526b729f039a2fdf7ae.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: Vi2OiB3ARV9c8Wbang2im4kmXSkYggeLqMtJsBCC78BoYNFSmUqf6A== Access-Control-Allow-Origin: *
2024-03-29 15:11:15 UTC	15837	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 3b 6c 00 00 04 12 47 50 4f 53 44 54 7b 36 00 03 3f 80 00 01 21 64 47 53 55 42 be 7f 66 78 00 04 60 e4 00 00 42 b4 4f 53 2f 32 22 33 6e 62 00 02 6e 98 00 00 00 60 53 54 41 54 ee 4d d9 3f 00 04 a3 98 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 6e f8 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 3b 64 00 00 00 08 67 6c 79 66 97 e6 ea 0c 00 00 01 0c 00 02 1d 71 68 65 61 64 2d c3 61 46 00 02 46 70 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 6e 74 00 00 00 24 68 6d 74 78 e5 18 e6 d0 00 02 46 a8 00 00 27 ca 6c 6f 63 61 09 5d 8d 80 00 02 1e a0 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 1e 80 00 00 00 20 6e 61 6d 65 35 9c 5c a6 00 02 d4 8c 00 00 02 38 70 6f 73 74 a7 a8 35 72 00 02 d6 c4 00 00 64 9e 70 72 65 Data Ascii: GDEF11;lGPOSDT{6?!dGSUBfx`BOS/2"3nbn`STATM?Dcmap/.negasp;dglyfqhead-aFFp6hheant$hmtxF'loca]'maxp name5\8post5rdpre
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: f8 a8 07 58 ff ff 00 94 00 00 06 61 08 00 02 06 01 99 00 00 00 01 01 10 ff dd 07 20 08 00 00 15 00 00 01 33 11 14 02 04 23 22 24 02 35 11 33 11 14 16 04 33 32 24 36 35 06 65 bb c4 fe a3 e7 e6 fe a2 c4 bb 92 01 09 b2 b2 01 0a 91 08 00 fa b4 d1 fe b7 bd be 01 48 d1 05 4c fa c1 a3 ff 92 92 ff a3 00 02 01 10 ff dd 08 c2 08 87 00 09 00 1f 00 00 01 33 16 06 06 07 35 3e 02 05 33 11 14 02 04 23 22 24 02 35 11 33 11 14 16 04 33 32 24 36 35 08 11 b0 01 65 df b6 80 90 39 fe 54 bb c4 fe a3 e7 e6 fe a2 c4 bb 92 01 09 b2 b2 01 0a 91 08 87 ad ea 7e 09 98 09 5a a6 0a fa b4 d1 fe b7 bd be 01 48 d1 05 4c fa c1 a3 ff 92 92 ff a3 ff ff 01 10 ff dd 07 20 0a 9b 02 26 01 a5 00 00 00 07 06 66 00 cb 02 00 ff ff 01 10 ff dd 07 20 0a 9b 02 26 01 a5 00 00 00 07 06 64 01 73 02 00 ff Data Ascii: Xa 3#"$5332$65eHL35>3#"$5332$65e9T~ZHL &f &ds
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 01 31 c7 c7 01 30 ad ac fe cf c7 a0 de 73 73 de a0 9f df 73 73 de 06 7d d4 f3 04 85 03 4f 90 f9 c7 ca 01 65 ea ec 01 67 c9 ca fe 9a ec ea fe 9b ca a3 ac 01 1e ac ac 01 20 ae ae fe e0 ac ac fe e2 ac ff ff 00 9c ff e0 05 e4 08 9b 02 26 03 07 00 00 00 06 06 66 f3 00 ff ff 00 9c ff e0 05 e4 08 9b 02 26 03 07 00 00 00 07 06 64 00 9b 00 00 ff ff 00 9c ff e0 05 e4 08 50 02 26 03 07 00 00 00 07 06 6a 00 d0 00 00 ff ff 00 9c ff e0 05 e4 07 d3 02 26 03 07 00 00 00 07 06 6d 01 11 00 00 ff ff 00 9c ff e0 05 e4 08 00 02 26 03 07 00 00 00 07 06 6e 00 d8 00 00 ff ff 00 9c ff e0 05 e4 08 50 02 26 03 07 00 00 00 07 06 65 01 67 00 10 ff ff 00 9c ff e0 05 e4 08 61 02 26 03 07 00 00 00 07 06 73 00 d0 00 07 00 03 00 9c fd a5 05 e4 06 15 00 0f 00 1f 00 34 00 00 05 22 24 02 35 Data Ascii: 10ssss}Oeg &f&dP&j&m&nP&ega&s4"$5
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 99 02 67 00 02 00 42 ff e4 05 47 08 5d 00 25 00 37 00 00 13 34 24 33 32 16 17 15 26 26 23 22 06 15 14 16 16 17 04 00 11 15 14 02 04 23 22 24 02 35 35 34 12 36 37 35 26 26 13 15 14 16 16 33 32 36 36 35 35 34 26 26 27 0e 02 e7 01 0b ed 69 b3 57 45 c7 65 90 9a 3a 96 8a 01 27 01 0f 9b fe e0 c6 c9 fe e0 9b 7b d5 89 96 9e 28 64 c3 90 8f c2 63 63 bd 89 97 c7 64 06 dc b0 d1 26 25 b4 1f 33 73 62 33 62 62 35 6e fe 8f fe f6 15 cf fe bc ba ba 01 45 ce 16 a6 01 0f b6 20 07 3c c2 fc 70 16 9b f9 91 91 f9 9b 15 7d e0 a8 2a 09 98 f6 00 02 00 9c ff e4 05 5d 06 14 00 1b 00 35 00 00 01 33 15 23 22 06 06 15 14 16 33 32 36 37 33 0e 03 23 22 24 26 35 34 3e 02 05 23 06 2e 02 35 3e 02 33 32 16 16 17 23 26 26 23 22 06 15 06 16 33 33 02 d3 af ad 71 ac 61 e3 bd bd ce 21 ba 0e 61 a0 Data Ascii: gBG]%74$32&&#"#"$554675&&3266554&&'iWEe:'{(dccd&%3sb3bb5nE <p}*]53#"32673#"$&54>#.5>32#&&#"33qa!a
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 6e 36 fd a6 55 3b 3c 54 54 3c 27 42 27 ff ff 00 77 ff f1 0a 60 08 1c 00 26 05 35 00 00 00 07 05 35 05 79 00 00 ff ff 00 77 ff f1 07 89 08 1c 00 26 05 35 00 00 00 07 05 31 05 79 00 00 00 02 00 93 fd e5 05 03 06 10 00 23 00 30 00 00 01 15 14 06 06 07 0e 02 15 14 16 16 33 32 36 36 37 33 06 06 04 23 22 26 26 35 34 36 36 37 3e 02 37 35 13 32 16 15 14 06 23 22 26 35 34 36 36 03 59 44 85 64 48 67 35 66 ab 6a 64 ac 6e 04 be 05 9b fe ff 9f a6 fd 8d 3f 7f 5f 5b 6a 2e 01 55 3c 54 54 3c 3b 55 27 42 03 b7 37 9d c7 88 40 2f 6c 7f 4e 6c a1 5a 57 a9 7c a4 f3 85 89 ee 98 66 a6 8c 3d 3c 76 97 6e 37 02 59 55 3b 3b 55 55 3b 28 41 27 00 03 00 77 ff f1 04 e7 08 1c 00 21 00 25 00 32 00 00 01 35 3e 02 37 36 36 35 34 26 26 23 22 06 06 07 23 36 36 24 33 32 16 16 15 14 06 07 0e 02 Data Ascii: n6U;<TT<'B'w`&55yw&51y#0326673#"&&54667>752#"&5466YDdHg5fjdn?_[j.U<TT<;U'B7@/lNlZW\|f=<vn7YU;;UU;(A'w!%25>76654&&#"#66$32
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 11 00 1f 00 31 00 3f 00 51 00 5f 00 71 00 7f 00 83 00 00 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 05 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 35 34 36 36 33 32 16 16 15 15 14 06 06 23 22 26 26 37 15 14 16 33 32 36 35 35 34 26 23 22 06 01 01 33 01 04 ed 63 b0 73 73 a4 59 59 a4 73 73 b0 63 9e 79 6f 6e 77 78 6d 6d 7b 02 15 5a a6 73 73 a6 59 58 a5 73 73 a7 5b 8b 7d 6d 6e 78 7b 6d 6d 7b f8 bd 5c aa 75 76 a8 5a 5b a8 75 77 a9 5b 9d 6f 6f 6c 6e 6c 6e 6d 71 08 be 59 a6 73 73 b0 63 62 ae 73 73 a7 5b 8a 7e 6d 6e 77 7a 6e 6d 7b f6 77 05 7f b1 fa 81 01 7c 5d 73 b9 Data Ascii: 1?Q_q546632#"&&7326554&#"546632#"&&7326554&#"546632#"&&7326554&#"546632#"&&7326554&#"3cssYYsscyonwxmm{ZssYXss[}mnx{mm{\uvZ[uw[oolnlnmqYsscbss[~mnwznm{w\|]s
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 04 ae c6 01 17 93 59 ac fe a5 4d 9f a3 54 36 34 7f 8e 97 4c 01 10 01 8b d7 cc fe 89 1c e1 01 a7 01 28 7d a5 1f dc fe c8 a5 c6 01 67 f0 82 c3 01 31 d4 6e 18 33 29 9e 20 33 23 13 f3 fe 40 fe ca 82 fe e3 fe 49 f9 ff ff 00 9c ff e4 06 f2 0a 08 02 26 04 21 00 00 00 07 06 68 00 66 02 00 00 01 00 f3 fd e7 06 d5 08 1c 00 29 00 00 01 35 36 36 35 26 26 27 25 26 24 02 35 35 10 12 24 33 32 04 12 17 23 26 26 23 26 04 02 15 15 14 16 16 17 05 16 16 15 14 06 06 05 31 48 52 01 4e 63 fe 4e cb fe e8 91 c3 01 67 f3 cb 01 2e b6 16 d2 24 fa d4 bb fe fb 89 6a ca 90 01 c3 ad a1 56 a3 fd e7 b0 08 49 3d 33 46 23 94 45 dc 01 3d d7 de 01 23 01 a9 e8 9d fe d8 d3 f8 f0 01 b6 fe a6 f5 db ad f8 a6 32 9d 3c 98 73 58 89 57 ff ff 00 94 00 00 06 61 08 00 02 26 01 99 00 00 00 07 07 fe 01 13 Data Ascii: YMT64L(}g1n3) 3#@I&!hf)5665&&'%&$55$32#&&#&1HRNcNg.$jVI=3F#E=#2<sXWa&
2024-03-29 15:11:15 UTC	15983	IN	Data Raw: fd 3c a0 fe 0f 01 e6 fd c6 01 e4 fe 1c a7 96 96 00 02 fb e4 fd c6 fd d5 ff aa 00 03 00 07 00 00 01 11 33 11 27 35 21 15 fb e4 9d 95 01 e9 fd c6 01 e4 fe 1c a7 96 96 ff ff fc 65 fd cd fe 6c ff 8f 00 07 09 df fb 80 fc d8 ff ff 00 8d fe 04 05 3d 06 00 02 26 04 d1 00 00 00 07 08 03 02 d4 ff f5 ff ff 00 77 00 00 05 2c 06 00 00 06 03 b1 ec 00 00 04 00 14 fd c0 05 64 08 5c 00 03 00 15 00 25 00 35 00 00 01 15 21 35 13 33 11 14 16 33 32 36 36 37 17 06 06 23 22 26 26 35 01 23 11 34 36 33 32 16 17 07 26 26 23 22 06 15 07 33 11 14 06 23 22 26 27 37 16 16 33 32 36 35 03 64 fc b0 fd ce 52 5e 20 47 3c 0f 07 1e 7d 4c 78 94 44 02 b2 cb f4 cf 29 56 2a 0f 1e 4a 22 78 90 cb cb f5 cf 2a 55 25 08 1d 4c 22 7b 8f 05 ca 9d 9d 01 66 fa 4f 80 6b 09 0d 03 a6 0b 18 63 b7 81 fe 36 06 Data Ascii: <3'5!el=&w,d\%5!5332667#"&&5#4632&&#"3#"&'73265dR^ G<}LxD)VJ"xU%L"{fOkc6
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 9b e8 9a 4e 4d b1 01 30 e4 25 a4 ea 95 46 6f bc 72 77 ae 5f 72 c1 04 84 a9 27 cc fe d7 b1 bd fe e2 a1 83 e3 01 26 a2 4f d3 01 70 01 28 cd 2f ab 26 9b e3 fe d6 b8 91 cb fe e7 93 6f cb 8a 9b e7 92 00 01 00 60 ff e4 05 19 08 58 00 26 00 00 01 37 16 04 12 15 14 02 04 23 22 26 26 02 35 35 34 12 12 00 37 17 06 06 02 02 15 15 14 12 16 33 32 36 36 35 34 26 26 02 a7 35 a9 01 02 92 8b fe f8 bb 9b e8 9b 4d 5a b6 01 15 ba 4c 90 e2 9c 50 70 bc 72 76 af 5f 72 c1 04 84 a9 27 cc fe d7 b1 bd fe e2 a1 83 e3 01 26 a2 4f d8 01 77 01 3e 01 05 65 97 51 d7 fe eb fe a8 d2 54 cb fe e7 93 6f cb 8a 9b e7 92 00 04 00 c1 ff e5 07 42 08 00 00 04 00 09 00 19 00 27 00 00 01 01 33 01 03 01 01 07 07 01 01 22 26 26 35 3e 02 33 32 16 16 15 16 06 06 27 32 36 36 35 26 26 23 22 06 06 15 14 16 Data Ascii: NM0%Forw_r'&Op(/&o`X&7#"&&5547326654&&5MZLPprv_r'&Ow>eQToB'3"&&5>32'2665&&#"
2024-03-29 15:11:15 UTC	16384	IN	Data Raw: 00 01 6c f3 00 01 6d 0d 00 01 6d 27 00 01 6d 41 00 01 6d 5b 00 01 6d 75 00 01 6d 8f 00 01 6d a9 00 01 6d c3 00 01 6d dd 00 01 6d f7 00 01 6e 11 00 01 6e 2b 00 01 6e 45 00 01 6e 5f 00 01 6e 79 00 01 6e 93 00 01 6e ad 00 01 6e c7 00 01 6e e1 00 01 6f 37 00 01 6f 4f 00 01 6f 67 00 01 6f 7f 00 01 6f 97 00 01 6f a7 00 01 6f ed 00 01 70 44 00 01 70 e3 00 01 70 fb 00 01 71 9d 00 01 71 b5 00 01 71 c5 00 01 71 d5 00 01 72 4f 00 01 72 67 00 01 72 e3 00 01 72 fb 00 01 73 75 00 01 74 19 00 01 74 31 00 01 74 66 00 01 74 7e 00 01 75 30 00 01 75 9d 00 01 76 5c 00 01 76 74 00 01 76 8c 00 01 76 b3 00 01 76 cb 00 01 76 fe 00 01 77 aa 00 01 78 51 00 01 78 ba 00 01 79 5a 00 01 7a 4d 00 01 7a dc 00 01 7a ec 00 01 7b 45 00 01 7b 9f 00 01 7b f9 00 01 7c 8e 00 01 7d 17 00 01 7d Data Ascii: lmm'mAm[mummmmmnn+nEn_nynnnno7oOogoooopDppqqqqrOrgrrsutt1tft~u0uv\vtvvvvwxQxyZzMzz{E{{\|}}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report securedoc_20240327T095809.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
securedoc_20240327T095809.html

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:15 UTC	1093	OUT	GET /s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com?su=&df=&tf=&lp=en&v=2&m=%7c1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688.corpmailsvcs.com&s=1&f=0&d=1711725073246&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1 Host: url.uk.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:15 UTC	2349	IN	HTTP/1.1 307 Temporary Redirect Date: Fri, 29 Mar 2024 15:11:15 GMT Content-Length: 0 Connection: close Location: https://url.uk.m.mimecastprotect.com/r/3F8MFGTLrjLNrGEuoJ9LZYq2CZHs77TvrbWgLybRWK5Cx1YIjrZ5X7EVrtiiQDXJHakcWoQ4l9X_WG_OuHJVgMxr-H05_K-Ch48tBOAAjef8TY7QwNOdendkOtQvA5_NAi1syjbf8k84asafJGw1g3vFMwvOHroINaroUbuwMo3g-pJA0nCTLqLnu1DLQMpuk1XcUDFdHQWwls_CUbLvNUHrVniYrlWnxmur2t3lYUjvpZcpUgJYWVBySL9h1rma7CW94Zwg9HzSCtI_gc7YNhwrhdyPiXSElVE_4ehqZMVehGJOFd-y9Bse49i8G6TLtJIRvbeE_TOefuWfqKTh6hHcIyC74aGYmL5umdWnR7_J2syUjan8A7lIo5T6j0rb25CW4ff7C1WA7kth-MIkisj8XzQOd9PABBu_Qb8LgIKa-_ETrtCC5asVHoidzw6yJQFM1gDw4IO4Rs_Np3U4bjzzRZBswec56uzuYOhxC5x-yukitpxuLqvzNW78STFsHf3D3Wbg7Pv2-nNVRxgXshxFzyls2aQ7UQp4dwIrpTAaW1cic3ZqSnjAM-HamFKdjeqZ-BzpdxoCbf7iMKWlxgc6KVDcarMKvHQQesDRfkE1epCtkLph5djuLReNdSSmosmAVMoOdA4Er9Dohn3UQu_KrG3fHPwaK36U9Lhl2HXsxNRalV5ab5kRrHNYHqp0tvbzKcC203MdXPwGjY4v3PbMYPg2a8BZMTgvji1-rM2gjefw1RCdKMUyhwQuKMLgp7IH3-GH6swleggNzCSaGbye_ZdWJPwNQz9zLP13TKhBNJq1EwArnH8XzPXRoiia2KGc7JHoVVD8dA2pXuDG8oW0I82iTSIiUT8XV5CkUH7ZzgtysD8e0EAlNmsng1S3x9McbYRsODUEvSycfqWEwrzywKWx6gGj-6MR1CtaEG_lLlgc9cbcigsqB_TWL2Y9wh7YuvirIgHHZidMHyuv_oUQgpFw_xH96IJH6esB7XuG-LhJ0c8NMb_1aKvLeK0ffRHo826doemavJ-7CfRGyXRUmjbT-jpl_ZJb_zucrHyr2zvbrtVm1Im89UhhcqkzLWPVWvtJxHoWcViy_20wh4mFzGdq_Ez2oGSy37UL2QSDEXrYKPf3IcYDEhjFPbT8gcjwORpffBDoDvNu-1aFUCUDojxNaDUHRSaPiJOMq6giNomlh8kz_kMvZ1hbOr7hk-9GzYxXI4TnAFas-5l57deKywNh_HLnUbR1kmFXk5uZFizRjZRVB_0PdF1q1lePp1ptcqd8r3OMpjBPfRcyLmLBuOekkwKYt8SH3QhkWmwS8lTffKyHwQvUnuKQc48AeoYgXOFNKLGYt45Uvgli98UDMrZs9HszyU3bhGLr-V1r0d6zwlAmjc7MJtIf5rsALq4OBfyUsICTF_80tMgGDKA4WyvOMq-QtTAVi8PcQIqOlmrVeqeS-UvOJEoI64ZZeuEyirX_Q3aRc61TTiGRho_06-e1GI9bia7Ymv9hO-B5Pn5_QW7W0CgE0nq9i24LeYR6j1i01ULjMzw3rpScPFl4woXB7dEeRO--icJHw-5pK23irtZEca7j8TcfAnCHmEMGr9CYv-O4ZNlbUIJR4qpWylU6rJCkyk50I2kEixU4DMXAVw6r8HamgjZW2e1pcLTxDGjvf_QhMyNs8OVqQGUuN1_ztZhKtL0LzgAEWj-uGwjK5djnCinShO6xiniF3fgwuFdsUesVi9_KRWUYYYhxtgErphsPd56Zu5cyTm8qykzXEAOeRZ0TTEWCISyh7iwkn6kYF4CDAF7GM9JH0KO4uVOxaDWTDj38V6NH4Q2YTtG-LiN3QLcdiplshI2S5IWD0d5gAzBLPq-hFgDNzt8RGqY6EcCsA8HQF5geFaDM2qGE3fFtYLscRRVoUD0jcV3mV70ANDW0CfuIXMS97_qcEQ9vqqBShRANccfwN_kxb-1pejuO59k1HUfYg8spqgbZpQDL-2bAd84L7Ml2Zorst8ofvQNf_wrtvqc9SH_jYHXuIkvfyb5CuA3nfDB7tVhQJXKXLTfuJjKYn2mnQgWj3cATCcrpP1NEYi1cbV2MQx0aMo1E8PERONAAQdQA Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:15 UTC	570	OUT	GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:16 UTC	541	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 309432 Connection: close Date: Fri, 29 Mar 2024 15:11:17 GMT Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT ETag: "1753a05196abeef95c32f10246bd6473" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 663f2425a3138c20ed99538fc8652f3c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: BjdHPzFEkdxi7ToYPGJVukrIQpLKaVM4skV0v6Ev5JZNO56AiY6f6A== Access-Control-Allow-Origin: *
2024-03-29 15:11:16 UTC	1542	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 44 98 00 00 04 12 47 50 4f 53 9b af 91 74 00 03 48 ac 00 01 2d 14 47 53 55 42 be 7f 66 78 00 04 75 c0 00 00 42 b4 4f 53 2f 32 23 5f 6e 62 00 02 77 ac 00 00 00 60 53 54 41 54 ef 79 d9 45 00 04 b8 74 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 78 0c 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 44 90 00 00 00 08 67 6c 79 66 6a 1b 9d 97 00 00 01 0c 00 02 26 86 68 65 61 64 2d c3 61 46 00 02 4f 84 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 77 88 00 00 00 24 68 6d 74 78 24 35 88 39 00 02 4f bc 00 00 27 ca 6c 6f 63 61 09 84 29 ed 00 02 27 b4 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 27 94 00 00 00 20 6e 61 6d 65 37 5c 60 0e 00 02 dd a0 00 00 02 50 70 6f 73 74 a7 a8 35 72 00 02 df f0 00 00 64 9e 70 72 65 Data Ascii: GDEF11DGPOStH-GSUBfxuBOS/2#_nbw`STATyEtDcmap/.xegaspDglyfj&head-aFO6hheaw$hmtx$59O'loca)''maxp' name7\`Ppost5rdpre
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 01 d1 fe 74 02 d1 01 ca 02 d2 fe 74 fd dd 10 fd eb 04 38 fb c8 fe cf 9f 01 26 fe be a6 3d 6d 48 72 3e 30 08 00 f8 00 06 5c fc c7 fe d6 04 35 1c 01 b6 1c fe 4a 01 d2 7d 53 8e 6e 24 6f 33 88 51 75 ff ff fe fa 00 00 07 b2 08 00 02 26 00 02 00 00 00 07 09 97 fe 08 00 00 00 04 ff d6 00 00 07 b2 09 4f 00 07 00 0b 00 23 00 2d 00 00 21 21 01 21 01 21 01 23 01 21 11 21 13 17 14 06 23 22 2e 02 23 22 06 15 27 34 36 33 32 1e 02 33 32 36 03 15 14 06 07 27 36 36 35 35 01 d1 fe 74 02 d1 01 ca 02 d2 fe 74 fd dd 10 fd eb 04 38 fb c8 84 9b 82 66 37 52 44 47 2e 2a 38 9b 7f 66 2e 50 4b 4e 2b 29 3c 73 6a 57 74 36 24 08 00 f8 00 06 5c fc c7 fe d6 07 56 2f 63 95 1d 25 1d 46 32 2b 63 9c 1d 27 1c 44 fe c5 69 5f a3 2f 5a 2b 72 3c 67 ff ff ff b8 00 00 07 b2 09 4f 02 26 00 02 00 00 Data Ascii: tt8&=mHr>0\5J}Sn$o3Qu&O#-!!!!#!!#".#"'4632326'6655tt8f7RDG.*8f.PKN+)<sjWt6$\V/c%F2+c'Di_/Z+r<gO&
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 8a fa fc fd 04 02 fc ff ff 00 3e 00 00 07 82 08 00 02 06 01 d5 00 00 ff ff 00 2e 00 00 09 86 08 8d 00 27 01 d5 02 04 00 00 00 07 06 67 ff 1d 00 00 ff ff 00 3e 00 00 07 82 0a 5b 02 06 01 d9 00 00 ff ff 00 5f 00 00 09 1e 08 00 00 27 01 d5 01 9d 00 00 00 07 09 a2 ff 6e 00 00 ff ff 00 54 00 00 0a d2 08 00 00 27 01 d5 03 51 00 00 00 06 09 95 91 00 ff ff 00 2b 00 00 0b 70 08 00 00 27 01 d5 03 ee 00 00 00 07 09 97 ff 39 00 00 ff ff 00 26 00 00 0a ae 09 4f 00 27 01 d5 03 2c 00 00 00 06 09 99 a1 30 ff ff 00 3e 00 00 07 82 0a 10 02 26 01 d5 00 00 00 07 06 6e 01 49 02 00 ff ff 00 3e 00 00 07 82 0a 00 02 26 01 d5 00 00 00 07 06 6d 00 fb 02 00 ff ff 00 5a 00 00 09 58 08 00 00 27 01 d5 01 d6 00 00 00 06 09 9e 9e 00 ff ff ff ef 00 00 09 3f 08 94 00 27 01 d5 01 be 00 00 Data Ascii: >.'g>[_'nT'Q+p'9&O',0>&nI>&mZX'?'
2024-03-29 15:11:16 UTC	2048	IN	Data Raw: 12 40 22 5b 5e fe 9c 01 64 15 1c 66 ae 87 b2 01 1f a9 a6 fe e2 b5 84 ae 69 1d 0f 07 55 a1 73 78 a2 53 52 a2 79 74 a2 53 06 00 cb be 0e 06 ff 00 05 0a 01 01 44 f7 7e 08 40 fe 38 7f 5b b5 fe 9f ff 00 fd fe 9e ba 58 7d 38 fc ce 05 40 95 e0 7d 81 e1 90 8f de 7e 7a dc ff ff 00 ba fd c0 06 64 08 93 02 26 03 3b 00 00 00 07 06 64 01 06 00 00 ff ff 00 ba fd c0 06 64 08 63 02 26 03 3b 00 00 00 07 06 70 02 2d 00 00 ff ff 00 ba fd c0 06 64 06 14 02 06 03 3b 00 00 00 02 00 7b fd c0 06 26 06 14 00 16 00 26 00 00 01 11 23 0e 02 23 22 24 02 35 10 12 24 33 32 16 16 17 33 35 21 11 01 32 36 36 35 34 26 26 23 22 06 06 15 14 16 16 04 bb 0f 1c 6a ae 84 b5 fe e2 a6 a9 01 20 b1 87 ae 66 1c 16 01 64 fd 33 73 a2 54 53 a1 75 79 a2 52 53 a3 fd c0 03 32 38 7d 58 ba 01 62 fd 01 00 01 Data Ascii: @"[^dfiUsxSRytSD~@8[X}8@}~zd&;ddc&;p-d;{&&##"$5$3235!26654&&#"j fd3sTSuyRS28}Xb
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: ff ff 00 ba 00 00 04 72 08 63 02 26 03 56 00 00 00 07 06 70 00 e6 00 00 ff ff 00 9e fd d7 04 72 06 16 02 26 03 56 00 00 00 07 06 8b 04 89 00 00 ff ff 00 86 fd d7 04 72 08 00 02 26 03 56 00 00 00 27 06 8b 04 89 00 00 00 06 06 6d 82 00 ff ff ff 8e fe 25 04 72 06 16 02 26 03 56 00 00 00 07 08 62 04 bc 00 00 00 01 00 76 ff e2 05 99 06 14 00 2a 00 00 01 05 2e 02 23 22 06 17 06 16 17 05 16 16 17 06 06 04 23 20 24 27 25 16 16 33 32 36 35 34 26 27 25 26 26 37 26 36 24 33 20 04 05 78 fe b6 0e 45 74 54 71 99 01 01 65 75 01 06 da d5 01 01 a7 fe d8 c0 fe e6 fe a8 21 01 61 18 9c 7d 81 9d 65 6a fe fa dd d4 01 01 9d 01 19 b8 01 0e 01 37 04 6a 24 32 58 36 62 4e 43 54 1b 38 2f cc a5 91 dd 7c ed d4 22 68 6a 6a 4e 42 56 17 37 2e db a8 8e d1 73 e6 00 02 00 76 fd f7 05 99 06 Data Ascii: rc&Vpr&Vr&V'm%r&Vbv*.#"# $'%32654&'%&&7&6$3 xEtTqeu!a}ej7j$2X6bNCT8/\|"hjjNBV7.sv
2024-03-29 15:11:16 UTC	1024	IN	Data Raw: 41 5e 4f 72 be 72 a1 fe cc db e2 fe c4 a6 01 76 41 93 7a 73 8a 3e 01 01 3e 8c 75 77 91 42 04 6d fc dd 02 d8 20 cf 01 49 c0 0e 4d 57 1b 28 aa eb 8a 1c bf fe c2 bf c7 01 56 f7 20 7e d0 7d 7d d0 7e 20 74 c4 77 77 c4 02 64 fe d7 01 29 00 02 00 4d ff e4 05 8d 06 00 00 03 00 14 00 00 01 11 21 11 21 21 11 14 16 16 33 32 36 37 13 06 06 23 22 26 35 05 8d fa c0 01 dd 01 63 26 3f 26 2b 3d 1e 31 41 7a 4c c6 d8 06 00 fe d9 01 27 fb b2 45 45 17 12 0a fe ef 22 16 e3 f1 00 01 00 b9 ff e4 05 bd 06 00 00 1b 00 00 13 21 11 14 16 16 33 32 36 36 35 26 02 02 27 21 16 16 12 15 14 02 06 04 23 20 00 13 ba 01 62 3f 67 3a 6c a0 58 03 2a 44 2a 01 58 2b 48 2d 50 a7 fe f9 b8 fe f8 fe ba 01 06 00 fc 40 74 88 3a 91 ea 87 78 01 07 01 03 72 54 f6 fe e4 8e a5 fe da de 7f 01 24 01 3c ff ff Data Ascii: A^OrrvAzs>>uwBm IMW(V ~}}~ twwd)M!!!3267#"&5c&?&+=1AzL'EE"!32665&'!# b?g:lXDX+H-P@t:xrT$<
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: a4 06 00 fd 2a c9 ed 67 94 f7 94 56 ba bd b6 51 3d a0 bc cf 6c a5 fe d2 ec 89 af 01 74 01 27 02 d2 f7 70 00 02 00 ce ff e4 09 08 06 00 00 18 00 32 00 00 01 21 06 02 06 15 14 12 33 32 36 35 11 21 11 14 02 06 23 22 24 02 13 36 12 25 21 16 12 15 12 02 04 23 22 26 02 35 11 21 11 14 16 33 32 36 36 35 34 26 02 01 b4 01 61 55 64 2a 8a 7c 6d 84 01 0d 77 f0 b2 b7 fe f7 8f 01 01 75 05 7b 01 61 70 75 02 8f fe f7 b7 b2 f0 78 01 0e 85 6c 53 74 3e 2a 63 06 00 9b fe f9 ed 77 e6 fe fa cd c3 02 04 fe 18 e0 fe ba b0 b6 01 62 01 04 d3 01 83 aa aa fe 7d d3 fe fc fe 9e b6 b0 01 46 e0 01 e8 fd fc c3 cd 76 dc 9a 77 ed 01 07 ff ff 00 ce ff e4 09 08 08 98 02 26 04 9d 00 00 00 07 08 cd 03 66 00 0b ff ff 00 ce ff e4 09 08 08 b0 02 26 04 9d 00 00 00 07 09 88 03 c7 00 a8 ff ff 00 ce Data Ascii: gVQ=lt'p2!3265!#"$6%!#"&5!326654&aUd\|mwu{apuxlSt>*cwb}Fvw&f&
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 06 5f 06 35 00 09 00 00 01 01 11 01 07 35 17 01 11 01 06 5f fa a8 03 cc 0b 0b fc 34 05 58 02 9d fd 88 01 63 01 a1 13 2e 13 01 a1 01 63 fd 88 00 02 01 07 00 53 06 5f 06 48 00 03 00 0d 00 00 25 21 11 21 01 11 01 11 05 37 15 27 05 11 06 5f fa a8 05 58 fa a8 05 58 fc 69 0b 0b 03 97 53 01 2d 02 10 01 20 01 98 fe d4 f8 13 2e 13 f8 fe d4 00 02 01 07 00 53 06 5f 06 48 00 03 00 0d 00 00 25 11 21 11 11 01 11 25 07 35 17 25 11 01 01 07 05 58 fa a8 03 97 0b 0b fc 69 05 58 53 01 2d fe d3 03 3d fe 68 01 2c f8 13 2e 13 f8 01 2c fe 68 00 02 01 1a 01 52 06 4d 05 07 00 03 00 07 00 00 01 11 21 11 01 11 21 11 01 1a 05 33 fa cd 05 33 03 d2 01 35 fe cb fd 80 01 35 fe cb 00 03 01 1a 00 40 06 4d 06 1a 00 03 00 07 00 0b 00 00 01 21 01 21 03 11 21 11 01 11 21 11 04 38 01 42 fd b9 Data Ascii: _55_4Xc.cS_H%!!7'_XXiS- .S_H%!%5%XiXS-=h,.,hRM!!3355@M!!!!8B
2024-03-29 15:11:16 UTC	2048	IN	Data Raw: ce 02 fe fd 02 ce 03 ca f3 b6 0b 17 fe dc f6 0d 09 f3 01 24 4a cc 02 fe 02 fd cd fc 36 fe 6c 01 22 fe de 02 06 01 22 fe de 00 01 02 48 01 e7 08 60 08 00 00 08 00 00 01 11 21 13 21 01 07 01 13 02 48 05 17 02 fc dc 04 23 d3 fb dd 02 02 e8 05 18 fe de fb dc d3 04 24 fc dd 00 01 02 20 01 e7 08 38 08 00 00 08 00 00 01 27 01 21 13 21 11 21 13 02 f3 d3 04 23 fc dc 02 05 17 fe dc 02 01 e7 d3 04 24 01 22 fa e8 03 23 00 01 02 20 00 00 08 38 06 19 00 08 00 00 01 11 21 03 21 01 37 01 03 08 38 fa e9 02 03 24 fb dd d3 04 23 02 05 18 fa e8 01 22 04 24 d3 fb dc 03 23 00 01 02 48 00 00 08 60 06 19 00 08 00 00 01 17 01 21 03 21 11 21 03 07 8d d3 fb dd 03 24 02 fa e9 01 24 02 06 19 d3 fb dc fe de 05 18 fc dd 00 01 01 16 ff e6 0d aa 07 1a 00 0d 00 00 05 01 01 17 01 21 01 37 Data Ascii: $J6l""H`!!H#$ 8'!!!#$"# 8!!78$#"$#H`!!!$$!7
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: fa 48 08 00 f8 00 01 24 05 b8 00 02 01 08 00 00 09 08 08 00 00 0f 00 1f 00 00 21 22 26 35 11 34 36 33 21 32 16 15 11 14 06 23 01 21 32 36 35 11 34 26 23 21 22 06 15 11 14 16 02 48 9c a4 a4 9c 05 80 9c a4 a4 9c fa a8 05 30 2c 18 18 2c fa d0 2c 18 18 a4 9c 05 80 9c a4 a4 9c fa 80 9c a4 01 24 18 2c 05 30 2c 18 18 2c fa d0 2c 18 00 03 01 08 00 00 09 08 08 00 00 03 00 13 00 23 00 00 01 21 11 21 13 22 26 35 11 34 36 33 21 32 16 15 11 14 06 23 01 21 32 36 35 11 34 26 23 21 22 06 15 11 14 16 01 93 06 e4 f9 1c b5 9c a4 a4 9c 05 80 9c a4 a4 9c fa a8 05 30 2c 18 18 2c fa d0 2c 18 18 05 7f fe fb fb 86 a4 9c 05 80 9c a4 a4 9c fa 80 9c a4 01 24 18 2c 05 30 2c 18 18 2c fa d0 2c 18 00 03 01 08 00 00 09 08 08 00 00 03 00 13 00 23 00 00 01 21 11 21 13 22 26 35 11 34 36 33 Data Ascii: H$!"&5463!2#!2654&#!"H0,,,$,0,,,#!!"&5463!2#!2654&#!"0,,,$,0,,,#!!"&5463

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:16 UTC	566	OUT	GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1 Host: static.cres-aws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://static.cres-aws.com/postx.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:16 UTC	547	IN	HTTP/1.1 200 OK Content-Type: font/ttf Content-Length: 309772 Connection: close Last-Modified: Fri, 22 Sep 2023 08:10:20 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Fri, 29 Mar 2024 15:11:17 GMT ETag: "d17c0274915408cee0308d5476df9f45" Vary: Accept-Encoding X-Cache: RefreshHit from cloudfront Via: 1.1 5e5b56398a1fcf5517d27e383d71ef9a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD12-P2 X-Amz-Cf-Id: IKJgMr5mKYc1oIlc9Jz9mUKYvxnWuJ8pSHsvl-Qtdjaw9kXZOyI3TA== Access-Control-Allow-Origin: *
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 47 44 45 46 31 cb 31 1c 00 03 46 04 00 00 04 12 47 50 4f 53 ab ef 32 2f 00 03 4a 18 00 01 2c fc 47 53 55 42 be 7f 66 78 00 04 77 14 00 00 42 b4 4f 53 2f 32 23 c3 6e 42 00 02 79 50 00 00 00 60 53 54 41 54 ef dd d9 47 00 04 b9 c8 00 00 00 44 63 6d 61 70 2f 2e e9 9d 00 02 79 b0 00 00 65 8a 67 61 73 70 00 00 00 10 00 03 45 fc 00 00 00 08 67 6c 79 66 05 f3 35 d8 00 00 01 0c 00 02 28 2b 68 65 61 64 2d c4 61 46 00 02 51 28 00 00 00 36 68 68 65 61 1e f5 19 bf 00 02 79 2c 00 00 00 24 68 6d 74 78 37 f0 22 d7 00 02 51 60 00 00 27 ca 6c 6f 63 61 09 88 86 18 00 02 29 58 00 00 27 d0 6d 61 78 70 0a 0c 01 06 00 02 29 38 00 00 00 20 6e 61 6d 65 30 30 54 df 00 02 df 44 00 00 02 18 70 6f 73 74 a7 a8 35 72 00 02 e1 5c 00 00 64 9e 70 72 65 Data Ascii: GDEF11FGPOS2/J,GSUBfxwBOS/2#nByP`STATGDcmap/.yegaspEglyf5(+head-aFQ(6hheay,$hmtx7"Q`'loca)X'maxp)8 name00TDpost5r\dpre
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 00 00 00 07 06 76 02 6f 00 02 ff ff 00 b2 ff e3 07 54 0a 7e 02 26 01 a5 00 00 00 07 06 73 00 ee 02 00 ff ff 00 b2 ff e3 07 54 0c 00 02 26 01 a5 00 00 00 07 08 0e 07 70 00 00 ff ff 00 b2 ff e3 07 54 0b e9 02 26 01 a5 00 00 00 07 08 08 06 23 00 00 ff ff 00 b2 ff e3 07 54 0b 78 02 26 01 a5 00 00 00 07 08 0a 07 8e 02 38 ff ff 00 b2 ff e3 07 54 0b 17 02 26 01 a5 00 00 00 07 08 0c 07 84 02 38 ff ff 00 b2 ff e3 07 54 0a 8d 02 26 01 a5 00 00 00 07 06 7b 06 fd 02 00 ff ff 00 b2 ff e3 07 54 0a 96 02 26 01 a5 00 00 00 07 06 7f 07 6a 02 c2 ff ff 00 b2 fd bd 07 54 08 00 02 26 01 a5 00 00 00 07 06 8d 08 42 ff fc ff ff 00 b2 fd d7 07 54 08 00 02 26 01 a5 00 00 00 07 06 90 07 c1 ff fc ff ff 00 b2 fd b6 07 54 08 00 02 26 01 a5 00 00 00 07 06 89 07 70 ff fc ff ff 00 b2 ff Data Ascii: voT~&sT&pT&#Tx&8T&8T&{T&jT&BT&T&p
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 00 02 26 03 07 00 00 00 06 06 6d 45 00 ff ff 00 6c ff e2 06 54 08 18 02 26 03 07 00 00 00 07 06 6e 00 b9 00 00 ff ff 00 6c ff e2 06 54 08 50 02 26 03 07 00 00 00 07 06 65 01 5d 00 10 ff ff 00 6c ff e2 06 54 08 7e 02 26 03 07 00 00 00 06 06 73 4b 00 00 03 00 6c fd c2 06 54 06 14 00 0f 00 1f 00 34 00 00 05 22 24 02 35 34 12 24 33 32 04 12 15 14 02 04 03 32 36 36 35 34 26 26 23 22 06 06 15 14 16 16 13 22 26 27 26 36 36 37 05 06 06 15 14 16 33 32 36 37 17 06 06 03 60 e9 fe ad b8 b8 01 53 e9 e9 01 53 b8 b8 fe ad e7 6a 8e 49 49 8e 6a 6b 91 49 49 91 75 85 b3 16 10 23 6a 57 01 3d 5e 77 31 30 22 33 14 2d 25 73 1e c7 01 65 ec ee 01 65 c7 c7 fe 9b ee ec fe 9b c7 01 4a 79 d2 86 86 d2 7a 7a d2 86 86 d2 79 fc 96 89 7f 52 a6 8a 27 73 2c 66 48 30 34 11 07 dc 15 27 ff ff Data Ascii: &mElT&nlTP&e]lT~&sKlT4"$54$3226654&&#""&'&6673267`SSjIIjkIIu#jW=^w10"3-%seeJyzzyR's,fH04'
2024-03-29 15:11:16 UTC	14808	IN	Data Raw: 04 12 15 14 02 04 23 22 26 27 07 11 14 16 16 33 32 36 36 35 34 26 26 23 23 13 32 1e 02 15 14 02 04 23 23 11 33 32 36 36 35 34 26 23 22 06 06 15 11 21 11 36 12 24 02 f9 c1 d5 01 26 99 a8 fe e2 b1 67 c6 57 0d 4b 8c 62 5f 8b 4c 55 8e 56 83 61 86 f0 bb 6b 90 fe ee c3 98 5a 64 73 30 8b 75 4f 7d 48 fe 64 01 b8 01 38 04 a0 a3 fe f0 a3 b3 fe ee 9a 3b 4a 06 02 18 53 8c 53 4c 82 50 56 7c 42 04 9a 4c 90 cb 7f 8e fe f2 b0 01 0d 4f 75 38 6c 8a 42 7f 5b f8 33 07 e7 c1 01 1a 9a 00 01 00 30 fd c0 05 d4 06 00 00 08 00 00 13 21 01 01 21 01 11 21 11 30 01 af 01 2b 01 1d 01 ad fd f9 fe 6c 06 00 fb da 04 26 fa 0d fd b3 02 4d 00 02 00 c0 ff e4 06 73 08 5d 00 25 00 37 00 00 01 26 24 21 32 16 17 11 26 26 23 22 06 15 14 16 16 17 04 00 11 15 14 02 04 23 22 24 02 35 35 34 36 36 37 Data Ascii: #"&'326654&&##2##326654&#"!6$&gWKb_LUVakZds0uO}Hd8;JSSLPV\|BLOu8lB[30!!!0+l&Ms]%7&$!2&&#"#"$554667
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 33 32 36 36 35 34 26 26 27 22 06 07 25 13 21 11 21 03 33 36 36 33 32 04 12 07 16 02 04 03 92 d4 fe b5 c2 04 01 a4 07 ba 80 66 9d 59 5b a0 67 5a a9 2f fe 7f 61 04 e4 fc 81 35 0c 36 da 87 b9 01 22 a8 01 01 c1 fe a7 1c 9c 01 12 b1 77 94 5b a3 6a 6c a4 5c 01 4a 40 45 04 38 fe 9e fd ff 4c 64 ae fe d1 c5 cf fe bf b7 00 02 00 63 ff e4 06 c0 08 00 00 03 00 28 00 00 01 11 21 11 01 22 24 02 27 21 16 16 33 32 36 36 35 34 26 26 27 22 06 07 25 13 21 11 21 03 33 36 36 33 32 04 12 07 16 02 04 02 1f fe 44 03 5f d4 fe b5 c2 04 01 a4 07 ba 80 66 9d 59 5b a0 67 5a a9 2f fe 7f 61 04 e4 fc 81 35 0c 36 da 87 b9 01 22 a8 01 01 c1 fe a7 08 00 fe 9e 01 62 f7 e4 9c 01 12 b1 77 94 5b a3 6a 6c a4 5c 01 4a 40 45 04 38 fe 9e fd ff 4c 64 ae fe d1 c5 cf fe bf b7 00 02 00 86 ff e3 06 b6 Data Ascii: 326654&&'"%!!36632fY[gZ/a56"w[jl\J@E8Ldc(!"$'!326654&&'"%!!36632D_fY[gZ/a56"bw[jl\J@E8Ld
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 21 15 05 35 37 11 21 11 4b 01 fb be 6e fe d0 02 df fe 58 04 01 05 ae de 02 b4 fe d6 fe 83 09 e2 ae f1 65 02 ea fb c0 00 01 00 63 ff f0 03 fe 04 40 00 22 00 00 05 22 26 26 27 21 16 16 33 32 36 35 34 26 23 22 06 07 27 13 21 15 21 07 33 36 36 33 32 16 16 15 14 06 06 02 2b 83 cc 76 03 01 0f 07 70 42 54 6f 70 59 32 68 1a f7 3c 03 00 fd e8 1c 06 20 82 4c 70 b1 67 78 d2 10 57 97 5e 33 3d 57 46 45 5f 25 1f 2d 02 4a e4 de 28 35 5e a4 68 71 ad 63 00 02 00 4b ff f0 04 1a 04 54 00 1e 00 2b 00 00 05 22 2e 02 35 34 12 36 33 32 16 17 21 26 26 23 22 06 15 33 36 36 33 32 16 16 15 14 06 06 27 32 36 35 34 26 23 22 06 06 07 06 16 02 42 5c b3 91 57 85 e9 95 b8 f5 17 fe ea 11 5f 3e 72 80 0a 2e a4 5f 6f af 65 76 d5 8f 55 76 71 55 36 5a 39 06 07 76 10 34 7c d1 9c c6 01 02 7f be Data Ascii: !57!KnXec@""&&'!32654&#"'!!36632+vpBTopY2h< LpgxW^3=WFE_%-J(5^hqcKT+".54632!&&#"36632'2654&#"B\W_>r._oevUvqU6Z9v4\|
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 3b fb ff 06 1c fd 65 d8 01 43 b4 80 e9 fe c1 c0 f0 fe 81 e4 94 74 b0 62 87 e9 94 a7 f2 83 01 3a 02 1d 10 01 6b fe c8 fd 8e 14 12 d5 fe a0 e1 c2 fe bb ef 83 c2 01 54 ff ff 00 64 fd a1 07 26 0a 7e 02 26 07 8c 00 00 00 07 06 73 00 b2 02 00 00 01 00 66 fd a1 07 28 08 00 00 23 00 00 25 06 02 04 23 22 24 26 02 35 34 12 24 37 35 01 11 21 11 21 15 01 11 23 22 06 06 15 14 16 16 33 32 36 36 37 07 28 07 e4 fe 82 f1 c0 fe c1 e9 80 b4 01 44 d7 fd 65 06 1c fb ff 02 3b de 8f de 7f 66 c0 85 71 ba 71 06 94 dd fe ac c2 83 ef 01 45 c2 e1 01 60 d5 12 14 02 72 01 38 fe 95 10 fd e3 fe c6 83 f2 a7 94 e9 87 62 b0 74 ff ff ff 96 00 00 06 01 08 00 02 26 03 da 00 00 00 07 07 fe fe df 00 0b 00 01 00 d5 ff e6 06 8a 05 ec 00 26 00 00 01 11 06 06 04 23 22 24 02 35 35 34 12 24 33 32 04 Data Ascii: ;eCtb:kTd&~&sf(#%#"$&54$75!!#"32667(De;fqqE`r8bt&&#"$554$32
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 76 77 28 01 27 77 78 7f 7c 03 fe 75 03 a2 01 20 bd ea 01 3a 9e 01 a1 fe c6 e7 b8 fe df a7 02 0a 42 5f 33 79 c3 70 2c 68 ca 85 9f 86 ca 01 19 91 ca fe a2 de 2c db fe a6 c9 8c f8 00 03 00 d9 ff e4 09 3a 07 d4 00 07 00 1b 00 2e 00 00 01 21 35 21 17 21 15 21 07 21 11 14 02 04 23 22 24 02 35 11 21 11 14 16 33 32 36 37 01 21 11 14 02 04 23 22 00 13 11 21 11 06 16 33 32 36 35 04 4f fe 48 04 8e 06 fe 25 fe ff 12 01 56 96 fe fb ab b7 fe e4 a1 01 a6 62 6c 7a 75 01 03 56 01 a7 a2 fe e4 b9 ff fe c8 01 01 54 01 6c 77 6c 64 07 16 be be ac 9a fc aa d8 fe d9 97 96 01 27 d9 03 56 fc aa 9b ac a7 a0 03 56 fc aa d8 fe d9 97 01 52 01 44 03 56 fc aa a0 a7 a7 a0 ff ff 00 24 08 2a 05 65 09 6d 00 07 05 a9 00 26 09 6d 00 02 f9 ee 08 15 fe f6 0a 75 00 03 00 07 00 00 01 15 21 35 01 Data Ascii: vw('wx\|u :B_3yp,h,:.!5!!!!#"$5!3267!#"!3265OH%VblzuVTlwld'VVRDV$*em&mu!5
2024-03-29 15:11:16 UTC	630	IN	Data Raw: 23 26 26 23 22 06 07 15 16 16 33 32 36 37 35 23 35 21 11 06 06 fc 88 aa db 01 01 d7 a5 a3 bc 0d db 0c 42 43 4c 51 01 01 52 54 44 45 11 9c 01 78 25 b1 06 68 b9 93 ac 93 b9 86 88 37 29 57 4d a1 48 5c 0e 0c 69 94 fe b6 2b 4f 00 03 fb 47 06 74 fe 30 0a bc 00 03 00 09 00 0d 00 00 01 11 23 11 01 01 07 27 37 37 13 03 37 01 fc 26 df 02 c7 fe ac b0 50 90 c4 24 e0 9c 01 42 0a bc fb b8 04 48 fe b0 fe 7f b0 9a b4 e3 fd 08 01 5d 7c fe 27 00 01 fc 23 06 74 fd 02 0a b2 00 03 00 00 01 33 11 23 fc 23 df df 0a b2 fb c2 00 02 fb 9c 06 74 fd d6 09 a8 00 03 00 07 00 00 01 15 21 35 13 11 23 11 fd d6 fe 5a 49 dd 07 25 b1 b1 02 83 fc cc 03 34 00 03 fa a2 06 74 fe 58 09 a8 00 06 00 0a 00 0e 00 00 01 13 33 01 23 01 33 23 11 23 11 01 11 33 11 fc 7a c8 b4 fe d3 9d fe d3 b3 34 dc 02 Data Ascii: #&&#"32675#5!BCLQRTDEx%h7)WMH\i+OGt0#'777&P$BH]\|'#t3##t!5#ZI%4tX3#3##3z4
2024-03-29 15:11:16 UTC	16384	IN	Data Raw: 01 64 0b fe 9c 0b 00 01 fb 31 06 61 fd d7 09 75 00 27 00 00 01 26 26 27 2e 02 35 34 36 33 32 16 15 23 26 26 23 22 06 17 06 16 17 16 16 15 14 06 23 22 26 26 35 33 14 16 33 32 36 fc fe 01 3b 64 50 7c 48 a9 93 98 b8 dc 03 35 3c 2d 3a 01 01 39 5f 8b 95 ba 95 6f 99 4f d1 54 38 37 38 07 44 19 2f 15 10 37 5a 46 61 8c 8b 6a 29 31 27 21 1e 2b 12 1b 6b 67 66 83 4d 77 3d 39 2e 27 00 01 fc 1e 06 74 fd b2 0a c8 00 0f 00 00 01 23 11 34 36 33 32 16 17 07 26 26 23 22 06 15 fc fd df a0 83 1f 37 1b 05 0d 1f 14 31 3f 06 74 03 46 82 8c 08 04 ab 05 03 30 2f 00 03 fb 41 06 74 fd cd 09 6c 00 03 00 09 00 0d 00 00 01 15 21 35 01 01 23 35 01 33 23 15 21 35 fd cd fd ad 02 46 fe 15 94 01 f0 8f 4a fd d6 07 25 b1 b1 01 c5 fd 8a 83 02 75 b1 b1 00 03 fa f6 06 66 fe 0f 09 7a 00 10 00 1f Data Ascii: d1au'&&'.54632#&&#"#"&&53326;dP\|H5<-:9_oOT878D/7ZFaj)1'!+kgfMw=9.'t#4632&&#"71?tF0/Atl!5#53#!5FJ%ufz

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:16 UTC	2606	OUT	GET /r/3F8MFGTLrjLNrGEuoJ9LZYq2CZHs77TvrbWgLybRWK5Cx1YIjrZ5X7EVrtiiQDXJHakcWoQ4l9X_WG_OuHJVgMxr-H05_K-Ch48tBOAAjef8TY7QwNOdendkOtQvA5_NAi1syjbf8k84asafJGw1g3vFMwvOHroINaroUbuwMo3g-pJA0nCTLqLnu1DLQMpuk1XcUDFdHQWwls_CUbLvNUHrVniYrlWnxmur2t3lYUjvpZcpUgJYWVBySL9h1rma7CW94Zwg9HzSCtI_gc7YNhwrhdyPiXSElVE_4ehqZMVehGJOFd-y9Bse49i8G6TLtJIRvbeE_TOefuWfqKTh6hHcIyC74aGYmL5umdWnR7_J2syUjan8A7lIo5T6j0rb25CW4ff7C1WA7kth-MIkisj8XzQOd9PABBu_Qb8LgIKa-_ETrtCC5asVHoidzw6yJQFM1gDw4IO4Rs_Np3U4bjzzRZBswec56uzuYOhxC5x-yukitpxuLqvzNW78STFsHf3D3Wbg7Pv2-nNVRxgXshxFzyls2aQ7UQp4dwIrpTAaW1cic3ZqSnjAM-HamFKdjeqZ-BzpdxoCbf7iMKWlxgc6KVDcarMKvHQQesDRfkE1epCtkLph5djuLReNdSSmosmAVMoOdA4Er9Dohn3UQu_KrG3fHPwaK36U9Lhl2HXsxNRalV5ab5kRrHNYHqp0tvbzKcC203MdXPwGjY4v3PbMYPg2a8BZMTgvji1-rM2gjefw1RCdKMUyhwQuKMLgp7IH3-GH6swleggNzCSaGbye_ZdWJPwNQz9zLP13TKhBNJq1EwArnH8XzPXRoiia2KGc7JHoVVD8dA2pXuDG8oW0I82iTSIiUT8XV5CkUH7ZzgtysD8e0EAlNmsng1S3x9McbYRsODUEvSycfqWEwrzywKWx6gGj-6MR1CtaEG_lLlgc9cbcigsqB_TWL2Y9wh7YuvirIgHHZidMHyuv_oUQgpFw_xH96IJH6esB7XuG-LhJ0c8NMb_1aKvLeK0ffRHo826doemavJ-7CfRGyXRUmjbT-jpl_ZJb_zucrHyr2zvbrtVm1Im89UhhcqkzLWPVWvtJxHoWcViy_20wh4mFzGdq_Ez2oGSy37UL2QSDEXrYKPf3IcYDEhjFPbT8gcjwORpffBDoDvNu-1aFUCUDojxNaDUHRSaPiJOMq6giNomlh8kz_kMvZ1hbOr7hk-9GzYxXI4TnAFas-5l57deKywNh_HLnUbR1kmFXk5uZFizRjZRVB_0PdF1q1lePp1ptcqd8r3OMpjBPfRcyLmLBuOekkwKYt8SH3QhkWmwS8lTffKyHwQvUnuKQc48AeoYgXOFNKLGYt45Uvgli98UDMrZs9HszyU3bhGLr-V1r0d6zwlAmjc7MJtIf5rsALq4OBfyUsICTF_80tMgGDKA4WyvOMq-QtTAVi8PcQIqOlmrVeqeS-UvOJEoI64ZZeuEyirX_Q3aRc61TTiGRho_06-e1GI9bia7Ymv9hO-B5Pn5_QW7W0CgE0nq9i24LeYR6j1i01ULjMzw3rpScPFl4woXB7dEeRO--icJHw-5pK23irtZEca7j8TcfAnCHmEMGr9CYv-O4ZNlbUIJR4qpWylU6rJCkyk50I2kEixU4DMXAVw6r8HamgjZW2e1pcLTxDGjvf_QhMyNs8OVqQGUuN1_ztZhKtL0LzgAEWj-uGwjK5djnCinShO6xiniF3fgwuFdsUesVi9_KRWUYYYhxtgErphsPd56Zu5cyTm8qykzXEAOeRZ0TTEWCISyh7iwkn6kYF4CDAF7GM9JH0KO4uVOxaDWTDj38V6NH4Q2YTtG-LiN3QLcdiplshI2S5IWD0d5gAzBLPq-hFgDNzt8RGqY6EcCsA8HQF5geFaDM2qGE3fFtYLscRRVoUD0jcV3mV70ANDW0CfuIXMS97_qcEQ9vqqBShRANccfwN_kxb-1pejuO59k1HUfYg8spqgbZpQDL-2bAd84L7Ml2Zorst8ofvQNf_wrtvqc9SH_jYHXuIkvfyb5CuA3nfDB7tVhQJXKXLTfuJjKYn2mnQgWj3cATCcrpP1NEYi1cbV2MQx0aMo1E8PERONAAQdQA HTTP/1.1 Host: url.uk.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:18 UTC	316	IN	HTTP/1.1 307 Temporary Redirect Date: Fri, 29 Mar 2024 15:11:18 GMT Content-Length: 0 Connection: close Location: https://res.cisco.com:443/keyserver/keyserver Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Cache-control: no-store Pragma: no-cache X-Robots-Tag: noindex, nofollow

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:18 UTC	496	OUT	GET /keyserver/keyserver HTTP/1.1 Host: res.cisco.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:11:19 UTC	504	IN	HTTP/1.1 200 OK Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 221 Connection: close Date: Fri, 29 Mar 2024 15:11:18 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: policyref=https://res.cisco.com/websafe/p3p/p3p.xml, CP="ALL CURa ADMa TAIa OUR BUS ONL UNI COM NAV INT" Set-Cookie: JSESSIONID=166F704533480A76963711EF2A7321A8; Path=/keyserver; Secure; HttpOnly; samesite=None
2024-03-29 15:11:19 UTC	221	IN	Data Raw: 73 74 61 74 75 73 3d 33 0d 0a 73 74 61 74 65 3d 2d 31 0d 0a 73 65 73 73 69 6f 6e 49 44 3d 31 36 36 46 37 30 34 35 33 33 34 38 30 41 37 36 39 36 33 37 31 31 45 46 32 41 37 33 32 31 41 38 0d 0a 6d 65 73 73 61 67 65 3d 43 61 6e 6e 6f 74 25 32 30 6f 70 65 6e 25 32 30 65 6e 76 65 6c 6f 70 65 25 32 30 2d 25 32 30 4d 61 6c 66 6f 72 6d 65 64 25 32 30 72 65 71 75 65 73 74 25 32 30 73 65 6e 74 25 32 30 74 6f 25 32 30 74 68 65 25 32 30 73 65 72 76 65 72 2e 0d 0a 74 72 61 66 66 69 63 6b 65 79 3d 25 43 39 25 42 46 25 32 33 25 42 32 25 44 45 76 25 46 33 25 45 36 25 38 38 25 39 35 25 43 39 25 38 41 31 25 33 45 25 32 46 25 31 37 25 45 31 25 41 42 25 31 38 25 42 30 0d 0a Data Ascii: status=3state=-1sessionID=166F704533480A76963711EF2A7321A8message=Cannot%20open%20envelope%20-%20Malformed%20request%20sent%20to%20the%20server.traffickey=%C9%BF%23%B2%DEv%F3%E6%88%95%C9%8A1%3E%2F%17%E1%AB%18%B0

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:21 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5Bus8xRHxnHaSd&MD=TKPwXKu2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-29 15:11:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 5929d0cf-6be7-4f91-ae48-89a6076e289b MS-RequestId: 444511a3-51c1-4e57-85e2-f929923c0a73 MS-CV: +yKcFOhbQ0ey2DfQ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Mar 2024 15:11:21 GMT Connection: close Content-Length: 24490
2024-03-29 15:11:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-29 15:11:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:25 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 15:11:25 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=143524 Date: Fri, 29 Mar 2024 15:11:25 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 15:11:25 UTC	774	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=143504 Date: Fri, 29 Mar 2024 15:11:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-29 15:11:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:11:28 UTC	577	OUT	GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1 HTTP/1.1 Host: res.cisco.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-29 15:13:14 UTC	403	IN	HTTP/1.1 200 OK Content-Type: image/gif Transfer-Encoding: chunked Connection: close Date: Fri, 29 Mar 2024 15:13:13 GMT Server: unknown Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private
2024-03-29 15:13:14 UTC	4	IN	Data Raw: 63 37 0d 0a Data Ascii: c7
2024-03-29 15:13:14 UTC	199	IN	Data Raw: 47 49 46 38 39 61 82 00 1e 00 f0 00 00 00 81 bf ff ff ff 2c 00 00 00 00 82 00 1e 00 40 08 a6 00 01 08 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 17 06 08 50 70 e3 40 8f 02 41 8a e4 98 b1 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 95 20 3f 72 9c 39 33 e4 46 92 00 3c e2 7c c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 2f de bc 99 b4 a9 d2 a5 36 65 4a cd 49 32 a6 d3 a3 4b 75 e2 b4 0a 35 ea d5 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ed 50 ab 6e c1 c2 65 4a b5 aa 5d 9b 3b e3 9e 9c bb b5 af 57 b8 7a 4d f2 9d 4a f5 6f de c0 88 13 2b 5e cc b8 b1 e3 c7 90 cf 06 04 00 3b Data Ascii: GIF89a,@H*\#JHPp@A(S\ ?r93F<\|@JH/6eJI2Ku5`Kh]PneJ];WzMJo+^;
2024-03-29 15:13:14 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-03-29 15:13:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-03-29 15:12:00 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5Bus8xRHxnHaSd&MD=TKPwXKu2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-29 15:12:00 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 955ba110-faf1-4408-9df0-8638a56f5a62 MS-RequestId: 8972fd18-6224-4384-8c69-4041c4661ada MS-CV: STmqcH9+2UKZ4fJV.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Mar 2024 15:12:00 GMT Connection: close Content-Length: 25457
2024-03-29 15:12:00 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-29 15:12:00 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq