Windows Analysis Report
ELECTRONIC RECEIPT_Augustahealth.html

Overview

General Information

Sample name:	ELECTRONIC RECEIPT_Augustahealth.html
Analysis ID:	1446243
MD5:	2bfe1f1c4512a7f58bf4dd78dcd030be
SHA1:	0fc1342a71a452fdd3eed4977bc06156e30249d0
SHA256:	b1e35d18448641e98ba06c34330e81963b04a970a17607ab31134c26a2aac157
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected suspicious javascript

Detected javascript redirector / loader

HTML IFrame injector detected

HTML document with suspicious name

HTML document with suspicious title

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

AI detected phishing page

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

LLM: Score: 8 brands: Microsoft Reasons: The URL is highly suspicious as it contains a long, random-looking subdomain and query parameters, which is a common technique used in phishing attacks. The domain 'consultingexpertiseinc.com' does not match the legitimate domain associated with Microsoft login pages, which is typically 'microsoft.com' or 'live.com'. The page mimics the Microsoft login interface, which is a social engineering technique to trick users into providing their credentials. Therefore, this site is highly likely to be a phishing site. DOM: 2.7.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 2.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.8.pages.csv, type: HTML

AI detected suspicious javascript

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com	LLM: Score: 8 Reasons: The code appears to be obfuscated, which is a common technique used to hide malicious intent. It includes references to various HTML elements and functions that could be used to manipulate the DOM or capture user input. Additionally, the presence of terms like 'send', 'requestIdleCallback', and 'setImmediate' suggests potential for data exfiltration or unauthorized actions. The obfuscation and the nature of the functions used indicate a high risk of malicious activity. DOM: 1.1.pages.csv
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	LLM: Score: 8 Reasons: The provided JavaScript code is heavily obfuscated, making it difficult to understand its true functionality. Obfuscation is a common technique used by malicious actors to hide malicious behavior. Additionally, the code includes complex logic and function calls that could potentially be used to execute harmful actions. While obfuscation alone does not confirm malicious intent, it significantly increases the risk score due to the potential for hidden malicious activities. DOM: 2.4.pages.csv

Detected javascript redirector / loader

Source: ELECTRONIC RECEIPT_Augustahealth.html

HTTP Parser: Low number of body elements: 0

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/ELECTRONIC%20RECEIPT_Augustahealth.html

HTTP Parser: New IFrame, src: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/ELECTRONIC%20RECEIPT_Augustahealth.html

Tab title: ELECTRONIC RECEIPT_Augustahealth.html

Phishing site detected (based on image similarity)

Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

HTTP Parser: dsmallwood@augustahealth.com

Found iframes

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: Title: Microsoft Online Password Reset does not match URL

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com	HTTP Parser: No favicon
Source: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51832 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:51786 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: EONIX-COMMUNICATIONS-ASBLOCK-62904US EONIX-COMMUNICATIONS-ASBLOCK-62904US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: 2a14037b-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="Sec-WebSocket-Key: jxFnxlD2ftKMpD6qizu9NA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O9NkNMGtwl4YTdm&MD=1ab3ylzp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_9oft0ybq1qhuafkqh5wryq2.css HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_T2EBBtMmyv072RjbQwNpoQ2.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: sqBTPMDGG2SQFdV6uTX0GA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: f4438677-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: iNJ+caebs2nvQg2uRV0h9g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /augustahealth.com/winauth/ssoprobe?client-request-id=a05bfd4e-559a-45db-94fe-9ed59c80ae60&_=1716421137728 HTTP/1.1Host: 6b520068-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_4d39c0367444c533fcd7.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: dCm1kqxfYKUqMPu3ef7qWg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-eqo6yjrfa5hekkbmeiz0owo0oildavd3fvhq-cjoox0/logintenantbranding/0/bannerlogo?ts=637625620200194437 HTTP/1.1Host: a135181d-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-eqo6yjrfa5hekkbmeiz0owo0oildavd3fvhq-cjoox0/logintenantbranding/0/bannerlogo?ts=637625620200194437 HTTP/1.1Host: a135181d-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: sdRlW0yOHvcEhcgKHLxEXg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O9NkNMGtwl4YTdm&MD=1ab3ylzp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: JaQZnA4x+OyB/V8zWw9Pfw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: Zcsv2Ee12WhC33HMiS90hQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Common.js HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /css/Style.css?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /css/ltrStyle.css?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Webtrends.js HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=BJpRDuqCy8jKS1v_6vKOsxh3zE9lNKLrb8Rec-McG1BnwzCMCel1Lki8ufhpZ9kpfF0T7ubBHr71K6vXrYXFsT8KynRLodT1775_Kua5AKVjVezjf91fiudAF-jbQ88I0CDKjTbbF8cc40JG6Ibc4A2&t=638509456396079063 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Button.js?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-3.6.0.min.js HTTP/1.1Host: fa3fa60b-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=1RRuBCtn1pIwYcY2WZlNa4e_HloL4buZFH35qBoQ9gtTR3Bj98Ss70nEWS3THvHgsWAxzdPElF6u1PcwBxbjiWty2HGhUFLJUMOECOAeAh8V_KFol6xmO5pphI7DC_9CAfXnLz4OLdL0Qv84wgBB78KwjfVr1nz_qKKKGIXucZ4XfICk1aGXvA88ahj3MGtVoRC44jJBbo6DNP5GCHaEXQ2&t=ffffffffa8ad04d3 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=tTJUxd2-Xwg7Goikjksgas1CBbaMQW1SXLue4MyLo9hOSTFpkQKegmUZyWqYW3mCn19pIRQzwAzhFijSDowlcy21ZevxUeXfy7Wf40VwBuJpmPzYuhxx7I8_iZR-PGbFRv_dj-wIiIZHSpMNNsE7uKNMz84kKxHocyYAgb3m50X_eNq6_nwNNueWDbB7aY7UG7pu4C_ItRdwhJuCwEFhPrgIW4y6ym7GnXOBN7a-QXU1&t=74258c30 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=Q6KfLgtY_7Q5kOyfhAUzWE0vCdVQo3kZxqR3cTMo5Mg0tMsIc261SR70usehkeBRh0jTgwJ1BghiKqvZgOgWXpln99BuKR084eYdyobk7XfLz2NWx9ze3MSPCDADB4ZOij8skrm2NRSvzHex2vMzyN9Kql5T-kSDr1yu1Zl3memjTswFUk8hRTVibYv2aKMeMz4xJI7cbcNIk1WkD9hAcnpvHizua5ADZiqkCY7g_Zg1&t=74258c30 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: MwyEEy3m8kx/FGVyI15NyQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=noQ-NRy2ZIz1bUHme5MeuhamNa6C_BwqixBCCGo0wgmzbIebj3ZYEOeWoUytJr12gWPsDGW3S955m8mGkzQ5T5MX5DQRbCnh5mcNaiHzQHvTtvkFomZVHF4_KTNLClgSPdEEJwIJ_FIMQ4aWig1_1g2&t=638509456396079063 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Images/hipaudioplay.png?vv=100 HTTP/1.1Host: bcf693cc-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/wait_animation.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_speaker.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_text.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_reload.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/footer_logo_grey_bg.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Default.aspx/GetCaptchaChallenge HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Images/hipaudioplay.png?vv=100 HTTP/1.1Host: bcf693cc-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_speaker.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/wait_animation.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_reload.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_text.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_Microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/footer_logo_grey_bg.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: pYFUMBnwzeRx8xQiikKotw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /images/header_Microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: OIfOBA06thCUbMt8MFO2fQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: 3O9bL9nVXBRat6ybR4dQzQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: clO6JOlFWY8EjGz3KrkwzQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: ybr6GCOJuynZDPZP3LuQiA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: SHfU/1e+mfJ0cysMRweI7A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: TNZczjoeGh9tQbV0XIFN1g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: n7s7ltpc9rSOIu6zp26MPQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 2a14037b-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 44069f49-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: f4438677-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 6b520068-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: a135181d-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 97d79e89-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: fa3fa60b-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: bcf693cc-04bafa98.consultingexpertiseinc.com

Source: unknown

HTTP traffic detected: POST /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-aliveContent-Length: 4916Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 443ce08b-326d-487f-8cbd-183c64982b00x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: b262cc6d-0d5b-4b99-9ebf-51c76e8af67cx-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: B22065ED3E5040E9B2E51D4D3D86AEC7 Ref B: DFW311000106045 Ref C: 2024-05-22T23:38:53Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3df2755e-8313-4e0b-a297-18ba00622200x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 11273388-0531-4f58-968f-34fdbfcf2500x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ed91fb0b-220b-4aef-ab3c-a61302a02300x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 222f1287-3e3c-49c4-b120-9aded5e12000x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 35d0b984-5ac4-453c-b312-fcf260a01f00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 78a9d696-bbf6-472e-9271-1f8d015a2200x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 553f0b96-fe84-42d6-b7f1-ddadd2d71d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6487bae1-f51d-404d-bb74-70f43f9d2200x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a5c01f0b-d928-42c9-8aff-bddb533a1d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 57d85dfe-eaf6-43c4-8c6f-1a2970351f00x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ee086e9c-97b0-4439-866e-820314a11600x-ms-ests-server: 2.1.18105.6 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 5802fca3-919d-4672-bc35-fd12939b1d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 1edaed9e-6e8c-4982-8a53-1fe1c8272300x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 33bd9be8-6cea-40f6-8147-107653c62200x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_172.2.dr	String found in binary or memory: https://61b0b76c-04bafa98.consultingexpertiseinc.com/en-US/privacystatement
Source: chromecache_172.2.dr	String found in binary or memory: https://account.consultingexpertiseinc.com/resetpassword.aspx
Source: chromecache_182.2.dr, chromecache_172.2.dr	String found in binary or memory: https://bcf693cc-04bafa98.consultingexpertiseinc.com:443/Images/hipaudioplay.png?vv=100
Source: chromecache_172.2.dr	String found in binary or memory: https://wwwms.consultingexpertiseinc.com/en-US/servicesagreement/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51824
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51825
Source: unknown	Network traffic detected: HTTP traffic on port 51866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51826
Source: unknown	Network traffic detected: HTTP traffic on port 51828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51820
Source: unknown	Network traffic detected: HTTP traffic on port 51805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51829
Source: unknown	Network traffic detected: HTTP traffic on port 51852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51839
Source: unknown	Network traffic detected: HTTP traffic on port 51848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51837
Source: unknown	Network traffic detected: HTTP traffic on port 51875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51796
Source: unknown	Network traffic detected: HTTP traffic on port 51861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51844
Source: unknown	Network traffic detected: HTTP traffic on port 51849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51849
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51848
Source: unknown	Network traffic detected: HTTP traffic on port 51868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51841
Source: unknown	Network traffic detected: HTTP traffic on port 51807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51840
Source: unknown	Network traffic detected: HTTP traffic on port 51835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 51854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 51812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51859
Source: unknown	Network traffic detected: HTTP traffic on port 51804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51853
Source: unknown	Network traffic detected: HTTP traffic on port 51821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51851
Source: unknown	Network traffic detected: HTTP traffic on port 51863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 51815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 51832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51867
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51866
Source: unknown	Network traffic detected: HTTP traffic on port 51876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51863
Source: unknown	Network traffic detected: HTTP traffic on port 51824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51862
Source: unknown	Network traffic detected: HTTP traffic on port 51809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51876
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51877
Source: unknown	Network traffic detected: HTTP traffic on port 51865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51871
Source: unknown	Network traffic detected: HTTP traffic on port 51827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51874
Source: unknown	Network traffic detected: HTTP traffic on port 51806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51873
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51881
Source: unknown	Network traffic detected: HTTP traffic on port 51864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51880
Source: unknown	Network traffic detected: HTTP traffic on port 51858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51809
Source: unknown	Network traffic detected: HTTP traffic on port 51816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51808
Source: unknown	Network traffic detected: HTTP traffic on port 51850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51810
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51811
Source: unknown	Network traffic detected: HTTP traffic on port 51819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51817
Source: unknown	Network traffic detected: HTTP traffic on port 51873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51815
Source: unknown	Network traffic detected: HTTP traffic on port 51867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51819
Source: unknown	Network traffic detected: HTTP traffic on port 51796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51811 -> 443

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51832 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: ELECTRONIC RECEIPT_Augustahealth.html

Initial sample: receipt

Source: classification engine

Classification label: mal84.phis.winHTML@34/94@34/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ELECTRONIC RECEIPT_Augustahealth.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2188,i,11909889322955057231,7924698504520723390,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2188,i,11909889322955057231,7924698504520723390,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
170.130.165.102	bcf693cc-04bafa98.consultingexpertiseinc.com	United States	62904	EONIX-COMMUNICATIONS-ASBLOCK-62904US	true
172.217.16.132	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
bcf693cc-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com	170.130.165.102	true
a135181d-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
2a14037b-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
www.google.com	142.250.184.228	true
fa3fa60b-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
f4438677-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
44069f49-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
6b520068-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
97d79e89-04bafa98.consultingexpertiseinc.com	170.130.165.102	true
l1ve.consultingexpertiseinc.com	170.130.165.102	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/ELECTRONIC%20RECEIPT_Augustahealth.html	true	Avira URL Cloud: safe	unknown

Phishing

AI detected phishing page

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

Yara detected HtmlPhish54

Source: Yara match	File source: 2.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.8.pages.csv, type: HTML

AI detected suspicious javascript

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com	LLM: Score: 8 Reasons: The code appears to be obfuscated, which is a common technique used to hide malicious intent. It includes references to various HTML elements and functions that could be used to manipulate the DOM or capture user input. Additionally, the presence of terms like 'send', 'requestIdleCallback', and 'setImmediate' suggests potential for data exfiltration or unauthorized actions. The obfuscation and the nature of the functions used indicate a high risk of malicious activity. DOM: 1.1.pages.csv
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	LLM: Score: 8 Reasons: The provided JavaScript code is heavily obfuscated, making it difficult to understand its true functionality. Obfuscation is a common technique used by malicious actors to hide malicious behavior. Additionally, the code includes complex logic and function calls that could potentially be used to execute harmful actions. While obfuscation alone does not confirm malicious intent, it significantly increases the risk score due to the potential for hidden malicious activities. DOM: 2.4.pages.csv

Detected javascript redirector / loader

Source: ELECTRONIC RECEIPT_Augustahealth.html

HTTP Parser: Low number of body elements: 0

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/ELECTRONIC%20RECEIPT_Augustahealth.html

HTTP Parser: New IFrame, src: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/ELECTRONIC%20RECEIPT_Augustahealth.html

Tab title: ELECTRONIC RECEIPT_Augustahealth.html

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz	Matcher: Template: microsoft matched

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

HTTP Parser: dsmallwood@augustahealth.com

Found iframes

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Iframe src: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: Title: Microsoft Online Password Reset does not match URL

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com	HTTP Parser: No favicon
Source: https://f4438677-04bafa98.consultingexpertiseinc.com/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found

Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51832 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:51786 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: EONIX-COMMUNICATIONS-ASBLOCK-62904US EONIX-COMMUNICATIONS-ASBLOCK-62904US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: 2a14037b-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="Sec-WebSocket-Key: jxFnxlD2ftKMpD6qizu9NA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.com&sso_reload=true HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/?v4hgHT=pUepMZ&username=dsmallwood%40augustahealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O9NkNMGtwl4YTdm&MD=1ab3ylzp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_9oft0ybq1qhuafkqh5wryq2.css HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_T2EBBtMmyv072RjbQwNpoQ2.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: sqBTPMDGG2SQFdV6uTX0GA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: f4438677-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: iNJ+caebs2nvQg2uRV0h9g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /augustahealth.com/winauth/ssoprobe?client-request-id=a05bfd4e-559a-45db-94fe-9ed59c80ae60&_=1716421137728 HTTP/1.1Host: 6b520068-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_4d39c0367444c533fcd7.js HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: dCm1kqxfYKUqMPu3ef7qWg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-eqo6yjrfa5hekkbmeiz0owo0oildavd3fvhq-cjoox0/logintenantbranding/0/bannerlogo?ts=637625620200194437 HTTP/1.1Host: a135181d-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-eqo6yjrfa5hekkbmeiz0owo0oildavd3fvhq-cjoox0/logintenantbranding/0/bannerlogo?ts=637625620200194437 HTTP/1.1Host: a135181d-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 44069f49-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: sdRlW0yOHvcEhcgKHLxEXg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O9NkNMGtwl4YTdm&MD=1ab3ylzp HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: JaQZnA4x+OyB/V8zWw9Pfw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; brcap=0Sec-WebSocket-Key: Zcsv2Ee12WhC33HMiS90hQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Common.js HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /css/Style.css?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /css/ltrStyle.css?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Webtrends.js HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=BJpRDuqCy8jKS1v_6vKOsxh3zE9lNKLrb8Rec-McG1BnwzCMCel1Lki8ufhpZ9kpfF0T7ubBHr71K6vXrYXFsT8KynRLodT1775_Kua5AKVjVezjf91fiudAF-jbQ88I0CDKjTbbF8cc40JG6Ibc4A2&t=638509456396079063 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /js/Button.js?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-3.6.0.min.js HTTP/1.1Host: fa3fa60b-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=1RRuBCtn1pIwYcY2WZlNa4e_HloL4buZFH35qBoQ9gtTR3Bj98Ss70nEWS3THvHgsWAxzdPElF6u1PcwBxbjiWty2HGhUFLJUMOECOAeAh8V_KFol6xmO5pphI7DC_9CAfXnLz4OLdL0Qv84wgBB78KwjfVr1nz_qKKKGIXucZ4XfICk1aGXvA88ahj3MGtVoRC44jJBbo6DNP5GCHaEXQ2&t=ffffffffa8ad04d3 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=tTJUxd2-Xwg7Goikjksgas1CBbaMQW1SXLue4MyLo9hOSTFpkQKegmUZyWqYW3mCn19pIRQzwAzhFijSDowlcy21ZevxUeXfy7Wf40VwBuJpmPzYuhxx7I8_iZR-PGbFRv_dj-wIiIZHSpMNNsE7uKNMz84kKxHocyYAgb3m50X_eNq6_nwNNueWDbB7aY7UG7pu4C_ItRdwhJuCwEFhPrgIW4y6ym7GnXOBN7a-QXU1&t=74258c30 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=Q6KfLgtY_7Q5kOyfhAUzWE0vCdVQo3kZxqR3cTMo5Mg0tMsIc261SR70usehkeBRh0jTgwJ1BghiKqvZgOgWXpln99BuKR084eYdyobk7XfLz2NWx9ze3MSPCDADB4ZOij8skrm2NRSvzHex2vMzyN9Kql5T-kSDr1yu1Zl3memjTswFUk8hRTVibYv2aKMeMz4xJI7cbcNIk1WkD9hAcnpvHizua5ADZiqkCY7g_Zg1&t=74258c30 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: MwyEEy3m8kx/FGVyI15NyQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=noQ-NRy2ZIz1bUHme5MeuhamNa6C_BwqixBCCGo0wgmzbIebj3ZYEOeWoUytJr12gWPsDGW3S955m8mGkzQ5T5MX5DQRbCnh5mcNaiHzQHvTtvkFomZVHF4_KTNLClgSPdEEJwIJ_FIMQ4aWig1_1g2&t=638509456396079063 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Images/hipaudioplay.png?vv=100 HTTP/1.1Host: bcf693cc-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/wait_animation.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_speaker.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_text.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_reload.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/footer_logo_grey_bg.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Default.aspx/GetCaptchaChallenge HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /Images/hipaudioplay.png?vv=100 HTTP/1.1Host: bcf693cc-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_speaker.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/wait_animation.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_reload.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/hip_text.gif HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/header_Microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://97d79e89-04bafa98.consultingexpertiseinc.com/?ru=https%3a%2f%2fb7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT8_kYvmBV623XKv3lX5zSsS1jFqEzYCP0LjIwvGBknMcmkFOcm5uSU5-enOCSWppcWlyRmpCbmlGSAVN1iEvQvSvdMCS92S01JLUosyczPe8SMV8sFFoFXLDwGzFYcHFwCDBIMCgw_WBgXsQLdmbNik9nxHcd9WgUePPhiL8lwilU_ySzUy7kkO8XP1MNA28IsPMwkIs2gMjgiKtzJ3K0q2yfTMc9SPzQs3Mc51NbEynACm9AENqZTbAwf2Bg72BlmsTMc4GQ8wMvwg69ld1Nz6_V57zxe8etEGVflm1UkVVlWBXlGmFkaBacl-RWb-XiXFpj4JmZY5Lo7Fnn5R3m4GBgE2m4QYAAA0&mkt=en-US&hosted=0&device_platform=Windows+10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /images/footer_logo_grey_bg.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: pYFUMBnwzeRx8xQiikKotw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /images/header_Microsoft.png HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=1342177280 HTTP/1.1Host: 97d79e89-04bafa98.consultingexpertiseinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: OIfOBA06thCUbMt8MFO2fQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: 3O9bL9nVXBRat6ybR4dQzQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: clO6JOlFWY8EjGz3KrkwzQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: ybr6GCOJuynZDPZP3LuQiA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: SHfU/1e+mfJ0cysMRweI7A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: TNZczjoeGh9tQbV0XIFN1g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /04bafa9866804dfcbb53a6a58d087998/ HTTP/1.1Host: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: coc1Wu="MDRiYWZhOTgtNjY4MC00ZGZjLWJiNTMtYTZhNThkMDg3OTk4OmJkNGNlNzQ4LWY0MTEtNDg2NS1hNDIxLWRmOGY1YWJjYmU0YQ=="; AADSSO=NA\|NoExtension; brcap=0Sec-WebSocket-Key: n7s7ltpc9rSOIu6zp26MPQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: b7lgkqdvzd4e4e72xtvpo7isqvjo1kzps0evdmzdhrdvc4qpcn2vlea3qo9nv2.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 2a14037b-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 44069f49-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: f4438677-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 6b520068-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: a135181d-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: 97d79e89-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: fa3fa60b-04bafa98.consultingexpertiseinc.com
Source: global traffic	DNS traffic detected: DNS query: bcf693cc-04bafa98.consultingexpertiseinc.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 443ce08b-326d-487f-8cbd-183c64982b00x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: b262cc6d-0d5b-4b99-9ebf-51c76e8af67cx-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: B22065ED3E5040E9B2E51D4D3D86AEC7 Ref B: DFW311000106045 Ref C: 2024-05-22T23:38:53Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3df2755e-8313-4e0b-a297-18ba00622200x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:38:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 11273388-0531-4f58-968f-34fdbfcf2500x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ed91fb0b-220b-4aef-ab3c-a61302a02300x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 222f1287-3e3c-49c4-b120-9aded5e12000x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 35d0b984-5ac4-453c-b312-fcf260a01f00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 78a9d696-bbf6-472e-9271-1f8d015a2200x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:39:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 553f0b96-fe84-42d6-b7f1-ddadd2d71d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6487bae1-f51d-404d-bb74-70f43f9d2200x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a5c01f0b-d928-42c9-8aff-bddb533a1d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 57d85dfe-eaf6-43c4-8c6f-1a2970351f00x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:40:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ee086e9c-97b0-4439-866e-820314a11600x-ms-ests-server: 2.1.18105.6 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 5802fca3-919d-4672-bc35-fd12939b1d00x-ms-ests-server: 2.1.18105.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 1edaed9e-6e8c-4982-8a53-1fe1c8272300x-ms-ests-server: 2.1.18105.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 23:41:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 33bd9be8-6cea-40f6-8147-107653c62200x-ms-ests-server: 2.1.18105.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://212c9372-04bafa98.consultingexpertiseinc.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_172.2.dr	String found in binary or memory: https://61b0b76c-04bafa98.consultingexpertiseinc.com/en-US/privacystatement
Source: chromecache_172.2.dr	String found in binary or memory: https://account.consultingexpertiseinc.com/resetpassword.aspx
Source: chromecache_182.2.dr, chromecache_172.2.dr	String found in binary or memory: https://bcf693cc-04bafa98.consultingexpertiseinc.com:443/Images/hipaudioplay.png?vv=100
Source: chromecache_172.2.dr	String found in binary or memory: https://wwwms.consultingexpertiseinc.com/en-US/servicesagreement/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51824
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51825
Source: unknown	Network traffic detected: HTTP traffic on port 51866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51826
Source: unknown	Network traffic detected: HTTP traffic on port 51828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51820
Source: unknown	Network traffic detected: HTTP traffic on port 51805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51829
Source: unknown	Network traffic detected: HTTP traffic on port 51852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51839
Source: unknown	Network traffic detected: HTTP traffic on port 51848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51837
Source: unknown	Network traffic detected: HTTP traffic on port 51875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51796
Source: unknown	Network traffic detected: HTTP traffic on port 51861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51844
Source: unknown	Network traffic detected: HTTP traffic on port 51849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51849
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51848
Source: unknown	Network traffic detected: HTTP traffic on port 51868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51841
Source: unknown	Network traffic detected: HTTP traffic on port 51807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51840
Source: unknown	Network traffic detected: HTTP traffic on port 51835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 51854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 51812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51859
Source: unknown	Network traffic detected: HTTP traffic on port 51804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51853
Source: unknown	Network traffic detected: HTTP traffic on port 51821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51851
Source: unknown	Network traffic detected: HTTP traffic on port 51863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 51815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 51832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51867
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51866
Source: unknown	Network traffic detected: HTTP traffic on port 51876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51863
Source: unknown	Network traffic detected: HTTP traffic on port 51824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51862
Source: unknown	Network traffic detected: HTTP traffic on port 51809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51876
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51877
Source: unknown	Network traffic detected: HTTP traffic on port 51865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51871
Source: unknown	Network traffic detected: HTTP traffic on port 51827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51874
Source: unknown	Network traffic detected: HTTP traffic on port 51806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51873
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51881
Source: unknown	Network traffic detected: HTTP traffic on port 51864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51880
Source: unknown	Network traffic detected: HTTP traffic on port 51858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51809
Source: unknown	Network traffic detected: HTTP traffic on port 51816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51808
Source: unknown	Network traffic detected: HTTP traffic on port 51850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51810
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51811
Source: unknown	Network traffic detected: HTTP traffic on port 51819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51817
Source: unknown	Network traffic detected: HTTP traffic on port 51873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51815
Source: unknown	Network traffic detected: HTTP traffic on port 51867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51819
Source: unknown	Network traffic detected: HTTP traffic on port 51796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51811 -> 443

Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:51832 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: ELECTRONIC RECEIPT_Augustahealth.html

Initial sample: receipt

Source: classification engine

Classification label: mal84.phis.winHTML@34/94@34/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ELECTRONIC RECEIPT_Augustahealth.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2188,i,11909889322955057231,7924698504520723390,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2188,i,11909889322955057231,7924698504520723390,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1446243
Product:	CloudBasic
Start time:	01:37:35
Start date:	23.05.2024
Sample:	ELECTRONIC RECEIPT_Augustahealth.html
Cookbook:	defaultwindowshtmlcookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2bfe1f1c4512a7f58bf4dd78dcd030be
SHA1:	0fc1342a71a452fdd3eed4977bc06156e30249d0
SHA256:	b1e35d18448641e98ba06c34330e81963b04a970a17607ab31134c26a2aac157
Filetype:	HyperText Markup Language (13003/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 22:38:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F3F9DB9C63CADD664B62515ABD5B8AF7	C6B85D9DB94C9A3F8D786ACE87FC1D4F4265EBB2	B85D97ECB44199C1B9A05BF90EC10B6DFDCB804DA61BDAEB18E0D9C5410BAB7F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 22:38:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	600295D562B22390AED61B32052E4DAC	A60AC1F620FB8E60CC37CC8FCBD8E3FBD7148D55	3203388663AA6480A0592B02AE9F7E4095BDEBFE84E582588D4882134DBCEB37
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6F5C5A6DFB6D8D7A21EF5A3B79982892	B25F34469862D6930110D273D977FDFE17D737A7	BEC300D322C992E2F88FB7DF580BBEDA4D9CCFD9EB96D6FB93EDE30DA1D7AAA5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 22:38:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C22D3636C8C274507C300919674D266A	341FD8D3D81FA84C474268E7261BDF7740DDEC75	73A4B26A8246E892BD1F5FFCA3D8A47A0911DEE16BCFC186B1BD2E36125598DA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 22:38:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A55C0DDBC926676847CE38EBE83694EF	096E3E7344E787759C2201F03270B9E9C8BB7F40	1BDB255E2F30AF506F721C98925C0E57830B95093C9C55AE60D3EAED35476876
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 22:38:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1A793B46DA88C20CF70E969A574160A9	A8F6DD7C924B6B0F4E2D94DE7D3AF829321C8522	9FC4E8F822A2861B964D90475170311A00A308EAE34B120C9F0899B74280EFDC
Chrome Cache Entry: 172	HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators	7E44FA744FD52EBB6B03F4519E56A5E6	2DF683EFB622AAA13084E100F1A83551EC35DA35	19D40BDDE471BF7227F2A307233E5EF24128B987EB9A795416DAAFF1BCEC7F5E
Chrome Cache Entry: 173	PNG image data, 167 x 60, 8-bit/color RGBA, non-interlaced	1C8D4FFACE57819A02B44BF8A5C83CE6	8352127AC8434ADECD5D55C794EAB94A55C1E1E0	DB1C02DB253FFBE85DAD96EEDDC1AB5238F3ABB12A9F073C5A7146E29C5920C0
Chrome Cache Entry: 174	gzip compressed data, from Unix, original size modulo 2^32 15731	5E0C9121310DD54644D80792EC983EA1	15469E7EBA075ED45057C17A6BCA80B02B294DD8	71A15B50464DA72BE9DE5116FC82AC2A3844C6E5ADAA6951802376C21BB4EB9B
Chrome Cache Entry: 175	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 176	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced	36AFB641BECFAD75FED5F4E6E8C39268	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
Chrome Cache Entry: 177	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced	C651D60A08FF0F579E2EB9BE6043A3C6	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
Chrome Cache Entry: 178	gzip compressed data, from Unix, original size modulo 2^32 26954	AA2C434CD228F2F66475A3DE6563810C	D973E6EA552AD17B5379CB44A0AEE3EBFBCA0EE7	F86E52667175BF496752323AE014CAAA4DF7C6982727815BDAD5633CFF68BCA2
Chrome Cache Entry: 179	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	8DC34013E911C5F68FC2BCA0400CB06F	16BAFA91AF100D65C4945F04E0C6E1643B98CF00	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
Chrome Cache Entry: 180	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 181	MS Windows icon resource - 5 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	ABC085EC44C02C0B349E93D9355C78EA	416D2489D3B1B45484649C9CC66FB64E52CB384C	2BE1245726043730B5ECFA1ED423A3B039B77903923074D084711AC673E43338
Chrome Cache Entry: 182	HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators	8434BABC9F535E44CE265A7BA38A54C2	604DABF44FBD9EAB4E2C9F76FEC930121C40D787	5B74F35D90C37B8EA744EC9C8A202228B8AC20FBADACF68212DE31A3DFC85CC6
Chrome Cache Entry: 183	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	ACA0F1B02DC406E76DDC5F2BDEBEC6CE	594C930BE86B8843377565E349D2A10F1755A13A	0446C6FD9AEB7DCD7CC089FA25323B1AE9AFA77B4CF8D4449F7D2D1B2467393A
Chrome Cache Entry: 184	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced	D4FFE61373F6AA32EEB8CA7CD41AB980	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
Chrome Cache Entry: 185	ASCII text, with CRLF line terminators	6F1D8C0AEC35E7C9F98FA30897AC85C6	FEB50130CB8EAA6689D0875E5D6AF935A18A0A86	F4BEB2992CF4BB9C95A194B4C4AC24E418CB98DA35AD4C33983AFBB858AD5CF3
Chrome Cache Entry: 186	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 187	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 188	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
Chrome Cache Entry: 189	ASCII text, with no line terminators	83ECEDC097388E43F538879B44917021	02D6D59675B34BD0AD4221DDA65DCBD0BAE4B975	8F62A87918F858544CF63EDA2A7DF74179757D72864C299785CD1D1FF04ED6E1
Chrome Cache Entry: 190	GIF image data, version 89a, 22 x 22	309B41EE7A44BD51E5D1B52CCC620E5B	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
Chrome Cache Entry: 191	gzip compressed data, from Unix, original size modulo 2^32 55363	41F57EC4D451A8C587D12E7A39D985FC	204F349223D9DD83CEC5ABEF63885BE281B0A972	A764CC875AE64C91F61B698F0F4C787FD7EA985C6EA20551EF153EB5F3FE456C
Chrome Cache Entry: 192	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced	D4FFE61373F6AA32EEB8CA7CD41AB980	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
Chrome Cache Entry: 193	gzip compressed data, from Unix, original size modulo 2^32 141568	2B680548D3C1676A5EF5DC688EB0D146	D9D17911C803C0CDB762F9722B228B1FF91C96B9	734C698BC2696A968DADBAA04FA063242B9A3111637204FE5D24933607F51EEC
Chrome Cache Entry: 194	gzip compressed data, from Unix, original size modulo 2^32 444961	FC9135A598D01A7A463BFA31364ABEA9	9D27C6D3E77226569C56FD9580DE459F7A5E68C6	A03323824560F94E2BEE6BE23B6CBF50B552DD329BE458F636386C5AC9476B28
Chrome Cache Entry: 195	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced	36AFB641BECFAD75FED5F4E6E8C39268	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
Chrome Cache Entry: 196	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced	C651D60A08FF0F579E2EB9BE6043A3C6	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
Chrome Cache Entry: 197	ASCII text, with CRLF line terminators	11FE4E6509513DB245F1F97E37C5D3AB	05322C35B6BFAE84CE8C626BD7B1F8C4A6F15A6D	78D437B40A85299F96ED9D02E35F23FD3D3EF63D844D8D2523A15516F7E1D09C
Chrome Cache Entry: 198	ASCII text, with CRLF line terminators	A17520454D4A65A399B863B5CC46D3FC	0A02C72D7AFCD5198C590108E7F2302A1F75544D	62E5E7DC19D018BEDB24E2C89ED41271B9D94A6DDE3359CC9CABBC315385C0E5
Chrome Cache Entry: 199	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 200	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 201	GIF image data, version 89a, 22 x 22	309B41EE7A44BD51E5D1B52CCC620E5B	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
Chrome Cache Entry: 202	gzip compressed data, from Unix, original size modulo 2^32 2628	1B4F92B769B401E0A211CB6BA86FBE26	FC8024806CE9302D9662E1879D8E4ECA644A8DC3	682A1BE754BC578D2505F53E3F60F8AF14607493EEC262AF1D7A2203CD008C2A
Chrome Cache Entry: 203	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 204	gzip compressed data, from Unix, original size modulo 2^32 40329	1F2EFD65E8F5FAB8BDB4C5C58B5266CD	DC0CF6C1245542368256F2BC455834F2BD2D82C2	B5ACEFB479F59D7954C3BD57DD769C4D489248C846186B7CBC3FDED601C3FD95
Chrome Cache Entry: 205	GIF image data, version 89a, 24 x 24	93DE6FB07C1382459E473381DA5D0E7E	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
Chrome Cache Entry: 206	PNG image data, 167 x 60, 8-bit/color RGBA, non-interlaced	1C8D4FFACE57819A02B44BF8A5C83CE6	8352127AC8434ADECD5D55C794EAB94A55C1E1E0	DB1C02DB253FFBE85DAD96EEDDC1AB5238F3ABB12A9F073C5A7146E29C5920C0
Chrome Cache Entry: 207	gzip compressed data, from Unix, original size modulo 2^32 26690	A2EE469FE6E7688F619E8E9FB4F2E640	048D83599B16DBD54591F5EEC900DE1DC1777CB6	A1C198FF3A93D2603F2A217C2DDDC40F9FBE9554D831D047BE19CCD63EC03E84
Chrome Cache Entry: 208	gzip compressed data, from Unix, original size modulo 2^32 113124	09519204FE1472294CD8FB2D6B10C7AB	D172FBE0B5A19FD04D27291CD13B00331E6E15E6	E0C681C273C20F70B6CEA1D4907543A06E134E456BD961B21E2EFD17E6B9CD8F
Chrome Cache Entry: 209	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	8EDFCD3F7A179CFF6B123DFF50F29770	7A2D9BB4B9F6072AB3049E6421021A5BA0A3DADF	D0B747C7F7414A08B0D5107832B2F4BB44A9BB4A3AAD28390F58EDE8BBEA6AE1
Chrome Cache Entry: 210	GIF image data, version 89a, 24 x 24	93DE6FB07C1382459E473381DA5D0E7E	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
Chrome Cache Entry: 211	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 212	gzip compressed data, from Unix, original size modulo 2^32 102833	7192C7B1121191E5B41212EF2CA0AC7F	EC0536023CFC4895DF5C8DBB2D1AB1322A21CF81	209D4C7C8C1C117C4EBF288180A388372AD6836CBE84584797A8BBD05BDDDE7C
Chrome Cache Entry: 213	ASCII text, with CRLF line terminators	A870B45AC5D6B0D4E18C4829C7B660B4	2D3CA0E1F19EFDEB9B2DD3DCFFB17F8ABA118AA0	144524233F795D6A425B76F7AE5C0BB622B5F67E2E6AE73532AD526528CA07CF
Chrome Cache Entry: 214	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 215	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 216	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 217	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 218	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 219	gzip compressed data, from Unix, original size modulo 2^32 89501	08DF9F54C9E2E91DB3AADC1BAFF368A5	A8E6C9343489D3C36CF262A10F59D22540248C49	417453D1FCABA01D9543B7649FC12EE865E118714D5F86A8316216E9BB4FDD20
Chrome Cache Entry: 220	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	8DC34013E911C5F68FC2BCA0400CB06F	16BAFA91AF100D65C4945F04E0C6E1643B98CF00	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
Chrome Cache Entry: 221	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 222	MS Windows icon resource - 5 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	ABC085EC44C02C0B349E93D9355C78EA	416D2489D3B1B45484649C9CC66FB64E52CB384C	2BE1245726043730B5ECFA1ED423A3B039B77903923074D084711AC673E43338
Chrome Cache Entry: 223	gzip compressed data, from Unix, original size modulo 2^32 223896	E34EBEDCFC1460F43FC7CFA21061BD9A	0BBECB70BED83DCD01E77A94EE5E20BA1B669253	87E848BC0569D5E8C107B0F2426B2C07FA7FFE4DD6E381FE891DDE02DAF7B910

Windows Analysis Report
ELECTRONIC RECEIPT_Augustahealth.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report ELECTRONIC RECEIPT_Augustahealth.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
ELECTRONIC RECEIPT_Augustahealth.html