Edit tour

Windows Analysis Report
https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfe

Overview

General Information

Sample URL:	https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-
Analysis ID:	1541048
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Very long command line found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2036,i,8948025775392093946,11875748271062080802,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW-RUZlqmDnxxITNZ0E6A4yDZcAN6fIj3BdkHfM7nln6BjdOiZABN4O1R72o9PLvDFHUgGF4Xcq5UsXRkO4GpjVuL42O3Jz-pKL9VranwdYeQ5rgnP7ienRSMRZjiidKObVbcyPQ6H5KCcdJq-BxXGFZWUvsoJKX5CIo2Z8NAcx5B1_LAwif1lWs3i9AH9kopwjbCp6DGspBSxwy86guR8jAXZ2Wk1TAAn5OztNpCofxxfZSIJCZbK_CWToRqpvibrMfy3ZE0__XUgJCplxf4tsZnquCca55DauOxVKTEmiO4QPmCZ_aVhJcLrlmi4kgFxy0fYBacPN5CUNnRFEFCZd3k10zs1ru7CvuzhDf-RdytcxM4J5TLApRT1pkjBROwEEb6BrO5XcLQ9JQsaV0IqTTzvto37VyOnbculrKv1CJUWWp81ACcgmwU_t5hM69S6gQbGjlT10SSse33claFiYvzAnpqJkRD9hiydOxY2rHmbV-l6Z-ikBBwazAY8EVpWydekK3If_6GKbHLjcjNPDcOB8u7fFNqIytXZqjYhIYZzq5vaZmJ62lR_VntoGLh4kzoHaCJfI0R4BHTbLujm1MjXph8ePJnuhAyKfu07moFaaK2FhzRQnPKgTS6rmCBCiTc4k_VUXGMKS_rxHZukcRZzGQafexVV7QbWyHaGSh5AR3UfB8gXMAYeEm6IncwIQKwLNAEIyPNjQJFygCioFLxW6mnOjtxftARNbudbNy__SpIH1gbvFcqZfHromJkY9BhKoKewT0SCS_GviJRnRm2jNLZ3SMSebLFjZUQiT03rpEqhFf0ST5DBxrawkILtzw66_LnCWl8BfdN-pEGd0qO9E1y__IJ9UlfskklLIkKLUDq81JJi-YqYm8Yw3JAbJUKfMpM4cMtiC9jIjhZchsz9ajn5ubk4LAExwmil_5CwIH7WXIiZYIafo3FtF0x0uSFUiBQas_HorQ0rnU6WrJlRa" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /_blazor/negotiate?negotiateVersion=1 HTTP/1.1Host: links.us1.defend.egress.comConnection: keep-aliveContent-Length: 0Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-SignalR-User-Agent: Microsoft SignalR/0.0 (0.0.0-DEV_BUILD; Unknown OS; Browser; Unknown Runtime Version)sec-ch-ua-platform: "Windows"Accept: */*Origin: https://links.us1.defend.egress.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW-RUZlqmDnxxITNZ0E6A4yDZcAN6fIj3BdkHfM7nln6BjdOiZABN4O1R72o9PLvDFHUgGF4Xcq5UsXRkO4GpjVuL42O3Jz-pKL9VranwdYeQ5rgnP7ienRSMRZjiidKObVbcyPQ6H5KCcdJq-BxXGFZWUvsoJKX5CIo2Z8NAcx5B1_LAwif1lWs3i9AH9kopwjbCp6DGspBSxwy86guR8jAXZ2Wk1TAAn5OztNpCofxxfZSIJCZbK_CWToRqpvibrMfy3ZE0__XUgJCplxf4tsZnquCca55DauOxVKTEmiO4QPmCZ_aVhJcLrlmi4kgFxy0fYBacPN5CUNnRFEFCZd3k10zs1ru7CvuzhDf-RdytcxM4J5TLApRT1pkjBROwEEb6BrO5XcLQ9JQsaV0IqTTzvto37VyOnbculrKv1CJUWWp81ACcgmwU_t5hM69S6gQbGjlT10SSse33claFiYvzAnpqJkRD9hiydOxY2rHmbV-l6Z-ikBBwazAY8EVpWydekK3If_6GKbHLjcjNPDcOB8u7fFNqIytXZqjYhIYZzq5vaZmJ62lR_VntoGLh4kzoHaCJfI0R4BHTbLujm1MjXph8ePJnuhAyKfu07moFaaK2FhzRQnPKgTS6rmCBCiTc4k_VUXGMKS_rxHZukcRZzGQafexVV7QbWyHaGSh5AR3UfB8gXMAYeEm6IncwIQKwLNAEIyPNjQJFygCioFLxW6mnOjtxftARNbudbNy__SpIH1gbvFcqZfHromJkY9BhKoKewT0SCS_GviJRnRm2jNLZ3SMSebLFjZUQiT03rpEqhFf0ST5DBxrawkILtzw66_LnCWl8BfdN-pEGd0qO9E1y__IJ9UlfskklLIkKLUDq81JJi-YqYm8Yw3JAbJUKfMpM4cMtiC9jIjhZchsz9ajn5ubk4LAExwmil_5CwIH7WXIiZYIafo3FtF0x0uSFUiBQas_HorQ0rnU6WrJlRaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=pZnLT31hIhbPUlIwOblqJ46qC

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 08:57:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: AWSALB=EjPGFPOBfMPHOiyi9iDfDAO4IqdCVErJPrmRJGhWEBW8Y2uDaLtM6HNaVngIuEoehrucGc67Zzw2xkYKZZdQ/ipBotKcFCGdjelNFBSjjcIqjQjUM+Q2lhnxmUXz; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/Set-Cookie: AWSALBCORS=EjPGFPOBfMPHOiyi9iDfDAO4IqdCVErJPrmRJGhWEBW8Y2uDaLtM6HNaVngIuEoehrucGc67Zzw2xkYKZZdQ/ipBotKcFCGdjelNFBSjjcIqjQjUM+Q2lhnxmUXz; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/; SameSite=None; SecureCache-Control: no-cache, no-store, max-age=0Pragma: no-cacheX-Robots-Tag: noindexX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: same-originX-Content-Type-Options: nosniffContent-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none'Strict-Transport-Security: max-age=2592000; preloadblazor-enhanced-nav: allow

Source: chromecache_75.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBBc4.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfCBc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfCRc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfChc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfCxc4EsA.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_71.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49781 version: TLS 1.2

Source: unknown

Process created: Commandline size = 2058

Source: classification engine

Classification label: clean1.win@16/28@6/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2036,i,8948025775392093946,11875748271062080802,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW-RUZlqmDnxxITNZ0E6A4yDZcAN6fIj3BdkHfM7nln6BjdOiZABN4O1R72o9PLvDFHUgGF4Xcq5UsXRkO4GpjVuL42O3Jz-pKL9VranwdYeQ5rgnP7ienRSMRZjiidKObVbcyPQ6H5KCcdJq-BxXGFZWUvsoJKX5CIo2Z8NAcx5B1_LAwif1lWs3i9AH9kopwjbCp6DGspBSxwy86guR8jAXZ2Wk1TAAn5OztNpCofxxfZSIJCZbK_CWToRqpvibrMfy3ZE0__XUgJCplxf4tsZnquCca55DauOxVKTEmiO4QPmCZ_aVhJcLrlmi4kgFxy0fYBacPN5CUNnRFEFCZd3k10zs1ru7CvuzhDf-RdytcxM4J5TLApRT1pkjBROwEEb6BrO5XcLQ9JQsaV0IqTTzvto37VyOnbculrKv1CJUWWp81ACcgmwU_t5hM69S6gQbGjlT10SSse33claFiYvzAnpqJkRD9hiydOxY2rHmbV-l6Z-ikBBwazAY8EVpWydekK3If_6GKbHLjcjNPDcOB8u7fFNqIytXZqjYhIYZzq5vaZmJ62lR_VntoGLh4kzoHaCJfI0R4BHTbLujm1MjXph8ePJnuhAyKfu07moFaaK2FhzRQnPKgTS6rmCBCiTc4k_VUXGMKS_rxHZukcRZzGQafexVV7QbWyHaGSh5AR3UfB8gXMAYeEm6IncwIQKwLNAEIyPNjQJFygCioFLxW6mnOjtxftARNbudbNy__SpIH1gbvFcqZfHromJkY9BhKoKewT0SCS_GviJRnRm2jNLZ3SMSebLFjZUQiT03rpEqhFf0ST5DBxrawkILtzw66_LnCWl8BfdN-pEGd0qO9E1y__IJ9UlfskklLIkKLUDq81JJi-YqYm8Yw3JAbJUKfMpM4cMtiC9jIjhZchsz9ajn5ubk4LAExwmil_5CwIH7WXIiZYIafo3FtF0x0uSFUiBQas_HorQ0rnU6WrJlRa"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2036,i,8948025775392093946,11875748271062080802,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.186.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
links.us1.defend.egress.com	99.83.228.139	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://links.us1.defend.egress.com/images/egress-logo-dark.svg	false	unknown
https://links.us1.defend.egress.com/_blazor/initializers	false	unknown
https://links.us1.defend.egress.com/_blazor?id=vDQ8W2Jd_iTxgG5lUTuMcw	false	unknown
https://links.us1.defend.egress.com/_blazor?id=hieRnTZHgQ45O-BAH-H2cw&_=1729760257859	false	unknown
https://links.us1.defend.egress.com/_blazor?id=hieRnTZHgQ45O-BAH-H2cw&_=1729760257007	false	unknown
https://links.us1.defend.egress.com/~/js/JsInteropFuncions.js	false	unknown
https://links.us1.defend.egress.com/_framework/blazor.server.js	false	unknown
https://links.us1.defend.egress.com/images/egress-icon.png	false	unknown
https://links.us1.defend.egress.com/_blazor/negotiate?negotiateVersion=1	false	unknown
https://links.us1.defend.egress.com/_framework/blazor.polyfill.min.js	false	unknown
https://links.us1.defend.egress.com/css/site.css	false	unknown
https://links.us1.defend.egress.com/_blazor?id=hieRnTZHgQ45O-BAH-H2cw	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
99.83.228.139	links.us1.defend.egress.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.8
192.168.2.5
192.168.2.14

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541048
Start date and time:	2024-10-24 10:56:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW-RUZlqmDnxxITNZ0E6A4yDZcAN6fIj3BdkHfM7nln6BjdOiZABN4O1R72o9PLvDFHUgGF4Xcq5UsXRkO4GpjVuL42O3Jz-pKL9VranwdYeQ5rgnP7ienRSMRZjiidKObVbcyPQ6H5KCcdJq-BxXGFZWUvsoJKX5CIo2Z8NAcx5B1_LAwif1lWs3i9AH9kopwjbCp6DGspBSxwy86guR8jAXZ2Wk1TAAn5OztNpCofxxfZSIJCZbK_CWToRqpvibrMfy3ZE0__XUgJCplxf4tsZnquCca55DauOxVKTEmiO4QPmCZ_aVhJcLrlmi4kgFxy0fYBacPN5CUNnRFEFCZd3k10zs1ru7CvuzhDf-RdytcxM4J5TLApRT1pkjBROwEEb6BrO5XcLQ9JQsaV0IqTTzvto37VyOnbculrKv1CJUWWp81ACcgmwU_t5hM69S6gQbGjlT10SSse33claFiYvzAnpqJkRD9hiydOxY2rHmbV-l6Z-ikBBwazAY8EVpWydekK3If_6GKbHLjcjNPDcOB8u7fFNqIytXZqjYhIYZzq5vaZmJ62lR_VntoGLh4kzoHaCJfI0R4BHTbLujm1MjXph8ePJnuhAyKfu07moFaaK2FhzRQnPKgTS6rmCBCiTc4k_VUXGMKS_rxHZukcRZzGQafexVV7QbWyHaGSh5AR3UfB8gXMAYeEm6IncwIQKwLNAEIyPNjQJFygCioFLxW6mnOjtxftARNbudbNy__SpIH1gbvFcqZfHromJkY9BhKoKewT0SCS_GviJRnRm2jNLZ3SMSebLFjZUQiT03rpEqhFf0ST5DBxrawkILtzw66_LnCWl8BfdN-pEGd0qO9E1y__IJ9UlfskklLIkKLUDq81JJi-YqYm8Yw3JAbJUKfMpM4cMtiC9jIjhZchsz9ajn5ubk4LAExwmil_5CwIH7WXIiZYIafo3FtF0x0uSFUiBQas_HorQ0rnU6WrJlRa
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/28@6/6

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.184.206, 74.125.206.84, 34.104.35.123, 216.58.206.74, 142.250.74.195, 88.221.110.91, 192.229.221.95, 52.165.164.15, 172.217.18.3
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaE

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:57:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9726375522814013
Encrypted:	false
SSDEEP:	48:8ddfTXTfH0idAKZdA19ehwiZUklqehTy+3:8vvKgy
MD5:	11138008F63670E9974FAFEA56A3EEFF
SHA1:	373ECC5DD761617519B3D1D1BC67092E143083A3
SHA-256:	3306941A0146CD590AE8AE68C7E05D22DC2F6FB001A03642651BB3D18CEEDD2C
SHA-512:	2015834DEA4697EDD483998AC3B6297D41DD555B726C6E15E6439ACCCD9589504998A3F0047EE58FA813E9683CF608C362E9FB8FE660A315F275ADC7E48B5317
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IXY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY0G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.@u.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72

Source: global traffic	DNS traffic detected: DNS query: links.us1.defend.egress.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 10:57:30.373682976 CEST	53	50380	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:30.444071054 CEST	53	52716	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:31.419236898 CEST	51720	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:31.419353962 CEST	55070	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:31.437901974 CEST	53	51720	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:31.456012964 CEST	53	55070	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:31.759529114 CEST	53	58211	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:32.604229927 CEST	53	56703	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:33.457276106 CEST	53869	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:33.457505941 CEST	53952	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:33.473973989 CEST	53	53952	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:33.479995966 CEST	53	53869	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:34.304667950 CEST	53385	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:34.304846048 CEST	51809	53	192.168.2.5	1.1.1.1
Oct 24, 2024 10:57:34.312056065 CEST	53	51809	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:34.312513113 CEST	53	53385	1.1.1.1	192.168.2.5
Oct 24, 2024 10:57:48.829513073 CEST	53	55968	1.1.1.1	192.168.2.5
Oct 24, 2024 10:58:07.767281055 CEST	53	58275	1.1.1.1	192.168.2.5
Oct 24, 2024 10:58:30.093390942 CEST	53	53443	1.1.1.1	192.168.2.5
Oct 24, 2024 10:58:30.637518883 CEST	53	52398	1.1.1.1	192.168.2.5

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 24, 2024 10:57:46.351496935 CEST	13.107.253.72	443	192.168.2.5	49775	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 19 17:30:52 CEST 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Sep 14 17:30:52 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:32 UTC	2634	OUT	GET /Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW-RUZlqmDnxxITNZ0E6A4yDZcAN6fIj3BdkHfM7nl [TRUNCATED] Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 08:57:32 UTC	1325	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:32 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; Expires=Thu, 31 Oct 2024 08:57:32 GMT; Path=/ Set-Cookie: AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; Expires=Thu, 31 Oct 2024 08:57:32 GMT; Path=/; SameSite=None; Secure Cache-Control: no-cache, no-store, max-age=0 Pragma: no-cache Set-Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; path=/; samesite=strict; httponly X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload blazor-enhanced-nav: allow
2024-10-24 08:57:32 UTC	2623	IN	Data Raw: 61 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 67 72 65 73 73 20 44 65 66 65 6e 64 20 55 72 6c 20 53 63 61 6e 6e 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 69 74 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 61 73 Data Ascii: a38<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Egress Defend Url Scanner</title> <base href="/"> <link href="css/site.css" rel="stylesheet" as
2024-10-24 08:57:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:32 UTC	3000	OUT	GET /css/site.css HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg
2024-10-24 08:57:32 UTC	1064	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:32 GMT Content-Type: text/css Content-Length: 3664 Connection: close Set-Cookie: AWSALB=5QWKb31prX4/EK62GBhF01Igk+Z86BfFKUU55FkBHuMK3EMpWEYu8s+P+kRGKCHDJ2jY7OO2XW5Bx+56e/ivwqJDi3j3xS0KIarstQ3ggOyDEnioBFgq0VXkhTbl; Expires=Thu, 31 Oct 2024 08:57:32 GMT; Path=/ Set-Cookie: AWSALBCORS=5QWKb31prX4/EK62GBhF01Igk+Z86BfFKUU55FkBHuMK3EMpWEYu8s+P+kRGKCHDJ2jY7OO2XW5Bx+56e/ivwqJDi3j3xS0KIarstQ3ggOyDEnioBFgq0VXkhTbl; Expires=Thu, 31 Oct 2024 08:57:32 GMT; Path=/; SameSite=None; Secure Accept-Ranges: bytes ETag: "1db1988f8ebaf50" Last-Modified: Tue, 08 Oct 2024 13:50:02 GMT X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:32 UTC	3664	IN	Data Raw: 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 76 65 6e 69 72 27 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 27 2f 66 6f 6e 74 73 2f 41 76 65 6e 69 72 4c 54 53 74 64 2d 42 6f 6f 6b 5f 30 2e 6f 74 66 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 3b 0a 7d 0a 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 76 65 6e 69 72 27 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6c 69 67 68 74 3b 0a 20 20 20 20 73 72 63 3a 20 75 72 Data Ascii: @font-face { font-family: 'Avenir'; font-style: normal; font-weight: bold; src: url('/fonts/AvenirLTStd-Book_0.otf') format('truetype');}@font-face { font-family: 'Avenir'; font-style: normal; font-weight: light; src: ur

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:33 UTC	2999	OUT	GET /~/js/JsInteropFuncions.js HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg
2024-10-24 08:57:33 UTC	1092	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 08:57:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=EjPGFPOBfMPHOiyi9iDfDAO4IqdCVErJPrmRJGhWEBW8Y2uDaLtM6HNaVngIuEoehrucGc67Zzw2xkYKZZdQ/ipBotKcFCGdjelNFBSjjcIqjQjUM+Q2lhnxmUXz; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/ Set-Cookie: AWSALBCORS=EjPGFPOBfMPHOiyi9iDfDAO4IqdCVErJPrmRJGhWEBW8Y2uDaLtM6HNaVngIuEoehrucGc67Zzw2xkYKZZdQ/ipBotKcFCGdjelNFBSjjcIqjQjUM+Q2lhnxmUXz; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/; SameSite=None; Secure Cache-Control: no-cache, no-store, max-age=0 Pragma: no-cache X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload blazor-enhanced-nav: allow
2024-10-24 08:57:33 UTC	2580	IN	Data Raw: 61 30 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 67 72 65 73 73 20 44 65 66 65 6e 64 20 55 72 6c 20 53 63 61 6e 6e 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 69 74 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 61 73 Data Ascii: a0d<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Egress Defend Url Scanner</title> <base href="/"> <link href="css/site.css" rel="stylesheet" as
2024-10-24 08:57:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:33 UTC	3061	OUT	GET /images/egress-logo-dark.svg HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg
2024-10-24 08:57:33 UTC	1070	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:33 GMT Content-Type: image/svg+xml Content-Length: 29277 Connection: close Set-Cookie: AWSALB=cZ+nznZ95M4uEtDPvWguc6p6iC/Ao5gH1XqGUzU+zWSiPxtw2CtVsTbRoBmhEw6I2p0hUULKX7vnHeHOVpqw8F+bNC0bFOaf8wXTagChV7n1J0BNOdUk7Mpy7QDM; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/ Set-Cookie: AWSALBCORS=cZ+nznZ95M4uEtDPvWguc6p6iC/Ao5gH1XqGUzU+zWSiPxtw2CtVsTbRoBmhEw6I2p0hUULKX7vnHeHOVpqw8F+bNC0bFOaf8wXTagChV7n1J0BNOdUk7Mpy7QDM; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/; SameSite=None; Secure Accept-Ranges: bytes ETag: "1db1988f8ebd35d" Last-Modified: Tue, 08 Oct 2024 13:50:02 GMT X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:33 UTC	15314	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 35 31 22 20 68 65 69 67 68 74 3d 22 35 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 35 31 20 35 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 32 37 2e 30 34 37 31 20 36 2e 30 36 35 31 39 4c 31 34 2e 33 33 33 39 20 31 33 2e 38 37 31 39 4c 31 36 2e 36 36 38 34 20 31 37 2e 36 37 33 31 4c 32 39 2e 33 38 31 36 20 39 2e 38 36 37 33 37 4c 32 37 2e 30 34 37 31 20 36 2e 30 36 36 31 39 56 36 2e 30 36 35 31 39 5a 22 20 66 69 6c 6c 3d 22 23 46 37 46 37 34 31 22 2f 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 32 35 2e 31 33 30 34 20 31 37 2e 32 36 37 33 43 32 34 2e 38 31 31 33 20 31 39 2e 32 34 34 Data Ascii: <svg width="151" height="54" viewBox="0 0 151 54" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M27.0471 6.06519L14.3339 13.8719L16.6684 17.6731L29.3816 9.86737L27.0471 6.06619V6.06519Z" fill="#F7F741"/><path d="M25.1304 17.2673C24.8113 19.244
2024-10-24 08:57:33 UTC	13963	IN	Data Raw: 35 2e 36 32 37 32 20 31 32 38 2e 33 32 32 20 34 35 2e 34 30 31 37 20 31 32 38 2e 30 39 31 20 34 35 2e 32 33 32 36 43 31 32 37 2e 38 37 20 34 35 2e 30 35 36 34 20 31 32 37 2e 35 36 20 34 34 2e 39 36 38 38 20 31 32 37 2e 31 36 31 20 34 34 2e 39 36 38 38 43 31 32 36 2e 37 38 37 20 34 34 2e 39 36 38 38 20 31 32 36 2e 34 38 31 20 34 35 2e 30 35 36 34 20 31 32 36 2e 32 34 33 20 34 35 2e 32 33 32 36 43 31 32 36 2e 30 31 35 20 34 35 2e 34 30 38 37 20 31 32 35 2e 38 34 31 20 34 35 2e 36 33 34 32 20 31 32 35 2e 37 32 37 20 34 35 2e 39 31 30 31 43 31 32 35 2e 36 32 20 34 36 2e 31 37 37 38 20 31 32 35 2e 35 35 39 20 34 36 2e 34 35 33 37 20 31 32 35 2e 35 34 33 20 34 36 2e 37 33 36 35 43 31 32 35 2e 35 33 36 20 34 36 2e 38 35 39 33 20 31 32 35 2e 35 33 32 20 34 37 2e Data Ascii: 5.6272 128.322 45.4017 128.091 45.2326C127.87 45.0564 127.56 44.9688 127.161 44.9688C126.787 44.9688 126.481 45.0564 126.243 45.2326C126.015 45.4087 125.841 45.6342 125.727 45.9101C125.62 46.1778 125.559 46.4537 125.543 46.7365C125.536 46.8593 125.532 47.

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:33 UTC	3007	OUT	GET /_framework/blazor.polyfill.min.js HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg
2024-10-24 08:57:33 UTC	1082	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:33 GMT Content-Type: application/javascript Content-Length: 2397 Connection: close Set-Cookie: AWSALB=xJeVELoRQhl5GIg4k13C4aNfmNpnEri3tmo/AzE/xesqQJLrfJ6b1gTLQ5MRiZWZme0kr0RKS2QP4YAuUhbK7UTQFXSFE+xCddYA8cjEMY3zmmo+sEKxbpkXUI+H; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/ Set-Cookie: AWSALBCORS=xJeVELoRQhl5GIg4k13C4aNfmNpnEri3tmo/AzE/xesqQJLrfJ6b1gTLQ5MRiZWZme0kr0RKS2QP4YAuUhbK7UTQFXSFE+xCddYA8cjEMY3zmmo+sEKxbpkXUI+H; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/; SameSite=None; Secure Cache-Control: no-cache ETag: 8b41f523cc9870bf36be7927991b7a2694e4c9f24414a16f1aa27f6a8ce1fc35 X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:33 UTC	2397	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 69 6d 70 6f 72 74 5f 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 66 69 6c 65 4e 61 6d 65 2c 20 77 65 62 52 6f 6f 74 50 61 74 68 29 20 7b 0d 0a 0d 0a 20 20 20 20 69 66 20 28 77 65 62 52 6f 6f 74 50 61 74 68 20 3d 3d 3d 20 75 6e 64 65 66 69 6e 65 64 20 7c 7c 20 77 65 62 52 6f 6f 74 50 61 74 68 20 3d 3d 3d 20 6e 75 6c 6c 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 65 62 52 6f 6f 74 50 61 74 68 20 3d 20 22 22 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 70 61 74 68 4a 6f 69 6e 28 70 61 74 68 31 2c 20 70 61 74 68 32 29 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 70 61 74 68 31 20 3d 3d 3d 20 6e 75 6c 6c 20 7c 7c 20 70 61 74 68 31 20 3d 3d 3d 20 75 6e 64 65 66 69 6e 65 64 29 20 7b 0d 0a 20 20 20 20 20 20 Data Ascii: window._import_ = function (fileName, webRootPath) { if (webRootPath === undefined \|\| webRootPath === null) { webRootPath = ""; } function pathJoin(path1, path2) { if (path1 === null \|\| path1 === undefined) {

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:33 UTC	3001	OUT	GET /_framework/blazor.server.js HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; AWSALBCORS=fcq2qTUoQpeC2BQ1amH9Bdk3MHHf6o3UiraZed0EiNYrwzK1P6GEQYfw2EEV/lEHM/Rt1f2hnaHUOp9lpVKnRlDomfYqE0o2osrJzXl2PRbkCgD2CCa33c55R7fx; .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg
2024-10-24 08:57:33 UTC	1098	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:33 GMT Content-Type: text/javascript Content-Length: 151912 Connection: close Set-Cookie: AWSALB=7EB9+ucJUQDUQ/rB18JySNZIrv19RYJN4BzSwv+tPOXyXaQSRJypOUN1dLTGP19M2l9+s373qCwIuHSgILY6JRhVGyXtdbI82KdFSc42rwEGGj600bnVv9oHxNAS; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/ Set-Cookie: AWSALBCORS=7EB9+ucJUQDUQ/rB18JySNZIrv19RYJN4BzSwv+tPOXyXaQSRJypOUN1dLTGP19M2l9+s373qCwIuHSgILY6JRhVGyXtdbI82KdFSc42rwEGGj600bnVv9oHxNAS; Expires=Thu, 31 Oct 2024 08:57:33 GMT; Path=/; SameSite=None; Secure Accept-Ranges: bytes Cache-Control: no-cache ETag: "1dada2bd14359e8" Last-Modified: Fri, 19 Jul 2024 22:34:29 GMT X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:33 UTC	15286	IN	Data Raw: 28 28 29 3d 3e 7b 76 61 72 20 65 3d 7b 37 37 38 3a 28 29 3d 3e 7b 7d 2c 37 37 3a 28 29 3d 3e 7b 7d 2c 32 30 33 3a 28 29 3d 3e 7b 7d 2c 32 30 30 3a 28 29 3d 3e 7b 7d 2c 36 32 38 3a 28 29 3d 3e 7b 7d 2c 33 32 31 3a 28 29 3d 3e 7b 7d 7d 2c 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 76 61 72 20 6f 3d 74 5b 72 5d 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 6f 29 72 65 74 75 72 6e 20 6f 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 73 3d 74 5b 72 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 28 73 2c 73 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 73 2e 65 78 70 6f 72 74 73 7d 6e 2e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 29 72 65 74 75 72 6e 20 67 Data Ascii: (()=>{var e={778:()=>{},77:()=>{},203:()=>{},200:()=>{},628:()=>{},321:()=>{}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var s=t[r]={exports:{}};return e[r](s,s.exports,n),s.exports}n.g=function(){if("object"==typeof globalThis)return g
2024-10-24 08:57:33 UTC	16384	IN	Data Raw: 6b 28 65 29 7b 74 68 69 73 2e 61 66 74 65 72 43 6c 69 63 6b 43 61 6c 6c 62 61 63 6b 73 2e 70 75 73 68 28 65 29 2c 74 68 69 73 2e 65 76 65 6e 74 49 6e 66 6f 53 74 6f 72 65 2e 61 64 64 47 6c 6f 62 61 6c 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 29 7d 73 65 74 53 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 74 68 69 73 2e 67 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 49 6e 66 6f 73 46 6f 72 45 6c 65 6d 65 6e 74 28 65 2c 21 30 29 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 74 2c 6e 29 7d 73 65 74 50 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 65 2c 74 2c 6e 29 7b 74 68 69 73 2e 67 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 49 6e 66 6f 73 46 6f 72 45 6c 65 6d 65 6e 74 28 65 2c 21 30 29 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 Data Ascii: k(e){this.afterClickCallbacks.push(e),this.eventInfoStore.addGlobalListener("click")}setStopPropagation(e,t,n){this.getEventHandlerInfosForElement(e,!0).stopPropagation(t,n)}setPreventDefault(e,t,n){this.getEventHandlerInfosForElement(e,!0).preventDefault
2024-10-24 08:57:33 UTC	430	IN	Data Raw: 70 6c 61 63 65 28 65 29 7d 65 6c 73 65 20 74 3f 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 65 29 3a 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 65 7d 28 65 2c 74 2e 72 65 70 6c 61 63 65 48 69 73 74 6f 72 79 45 6e 74 72 79 29 3b 65 6c 73 65 20 69 66 28 22 63 6c 69 65 6e 74 73 69 64 65 2d 72 6f 75 74 65 72 22 3d 3d 3d 6f 29 42 65 28 72 2c 21 31 2c 74 2e 72 65 70 6c 61 63 65 48 69 73 74 6f 72 79 45 6e 74 72 79 2c 74 2e 68 69 73 74 6f 72 79 45 6e 74 72 79 53 74 61 74 65 2c 6e 29 3b 65 6c 73 65 7b 69 66 28 22 73 65 72 76 65 72 73 69 64 65 2d 65 6e 68 61 6e 63 65 64 22 21 3d 3d 6f 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 60 55 6e 73 75 70 70 6f 72 74 65 64 20 70 61 67 65 20 6c 6f 61 64 20 6d 65 63 68 61 6e 69 73 6d 3a 20 24 7b 6f 7d 60 29 3b 43 Data Ascii: place(e)}else t?location.replace(e):location.href=e}(e,t.replaceHistoryEntry);else if("clientside-router"===o)Be(r,!1,t.replaceHistoryEntry,t.historyEntryState,n);else{if("serverside-enhanced"!==o)throw new Error(`Unsupported page load mechanism: ${o}`);C
2024-10-24 08:57:33 UTC	16384	IN	Data Raw: 70 61 74 68 6e 61 6d 65 26 26 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3d 3d 3d 74 2e 73 65 61 72 63 68 7d 28 65 29 29 72 65 74 75 72 6e 20 4c 65 28 65 2c 6e 2c 72 29 2c 76 6f 69 64 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 6f 6e 73 74 20 74 3d 65 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 74 21 3d 3d 65 2e 6c 65 6e 67 74 68 2d 31 26 26 53 65 28 65 2e 73 75 62 73 74 72 69 6e 67 28 74 2b 31 29 29 7d 28 65 29 3b 63 6f 6e 73 74 20 73 3d 57 65 28 29 3b 28 6f 7c 7c 21 28 6e 75 6c 6c 3d 3d 73 3f 76 6f 69 64 20 30 3a 73 2e 68 61 73 4c 6f 63 61 74 69 6f 6e 43 68 61 6e 67 69 6e 67 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 29 7c 7c 61 77 61 69 74 20 46 65 28 65 2c 72 2c 74 2c 73 29 29 26 26 28 5f 65 3d 21 30 2c 4c 65 28 65 2c 6e 2c 72 29 2c 61 77 61 69 74 20 48 Data Ascii: pathname&&location.search===t.search}(e))return Le(e,n,r),void function(e){const t=e.indexOf("#");t!==e.length-1&&Se(e.substring(t+1))}(e);const s=We();(o\|\|!(null==s?void 0:s.hasLocationChangingEventListeners)\|\|await Fe(e,r,t,s))&&(_e=!0,Le(e,n,r),await H
2024-10-24 08:57:33 UTC	16384	IN	Data Raw: 69 73 2e 5f 6e 65 78 74 52 65 63 65 69 76 69 6e 67 53 65 71 75 65 6e 63 65 49 64 3d 31 2c 74 68 69 73 2e 5f 6c 61 74 65 73 74 52 65 63 65 69 76 65 64 53 65 71 75 65 6e 63 65 49 64 3d 30 2c 74 68 69 73 2e 5f 62 75 66 66 65 72 65 64 42 79 74 65 43 6f 75 6e 74 3d 30 2c 74 68 69 73 2e 5f 72 65 63 6f 6e 6e 65 63 74 49 6e 50 72 6f 67 72 65 73 73 3d 21 31 2c 74 68 69 73 2e 5f 70 72 6f 74 6f 63 6f 6c 3d 65 2c 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 3d 74 2c 74 68 69 73 2e 5f 62 75 66 66 65 72 53 69 7a 65 3d 6e 7d 61 73 79 6e 63 20 5f 73 65 6e 64 28 65 29 7b 63 6f 6e 73 74 20 74 3d 74 68 69 73 2e 5f 70 72 6f 74 6f 63 6f 6c 2e 77 72 69 74 65 4d 65 73 73 61 67 65 28 65 29 3b 6c 65 74 20 6e 3d 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 3b 69 66 28 74 Data Ascii: is._nextReceivingSequenceId=1,this._latestReceivedSequenceId=0,this._bufferedByteCount=0,this._reconnectInProgress=!1,this._protocol=e,this._connection=t,this._bufferSize=n}async _send(e){const t=this._protocol.writeMessage(e);let n=Promise.resolve();if(t
2024-10-24 08:57:34 UTC	16384	IN	Data Raw: 65 63 74 69 6f 6e 20 6d 6f 76 65 64 20 74 6f 20 74 68 65 20 27 24 7b 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 7d 27 20 66 72 6f 6d 20 74 68 65 20 72 65 63 6f 6e 6e 65 63 74 69 6e 67 20 73 74 61 74 65 20 64 75 72 69 6e 67 20 72 65 63 6f 6e 6e 65 63 74 20 61 74 74 65 6d 70 74 2e 20 44 6f 6e 65 20 72 65 63 6f 6e 6e 65 63 74 69 6e 67 2e 60 29 2c 76 6f 69 64 28 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 3d 3d 3d 71 74 2e 44 69 73 63 6f 6e 6e 65 63 74 69 6e 67 26 26 74 68 69 73 2e 5f 63 6f 6d 70 6c 65 74 65 43 6c 6f 73 65 28 29 29 3b 72 3d 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 65 3a 6e 65 77 20 45 72 72 6f 72 28 65 2e 74 6f 53 74 72 69 6e 67 28 29 29 2c 6f 3d 74 68 69 73 2e 5f 67 65 74 4e 65 78 74 52 Data Ascii: ection moved to the '${this._connectionState}' from the reconnecting state during reconnect attempt. Done reconnecting.`),void(this._connectionState===qt.Disconnecting&&this._completeClose());r=e instanceof Error?e:new Error(e.toString()),o=this._getNextR
2024-10-24 08:57:34 UTC	2182	IN	Data Raw: 73 2e 5f 77 65 62 53 6f 63 6b 65 74 3d 76 6f 69 64 20 30 29 2c 74 68 69 73 2e 5f 6c 6f 67 67 65 72 2e 6c 6f 67 28 5f 74 2e 54 72 61 63 65 2c 22 28 57 65 62 53 6f 63 6b 65 74 73 20 74 72 61 6e 73 70 6f 72 74 29 20 73 6f 63 6b 65 74 20 63 6c 6f 73 65 64 2e 22 29 2c 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 26 26 28 21 74 68 69 73 2e 5f 69 73 43 6c 6f 73 65 45 76 65 6e 74 28 65 29 7c 7c 21 31 21 3d 3d 65 2e 77 61 73 43 6c 65 61 6e 26 26 31 65 33 3d 3d 3d 65 2e 63 6f 64 65 3f 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 3f 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 28 65 29 3a 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 28 29 3a 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 28 6e 65 77 20 45 72 72 6f 72 28 60 57 65 62 53 6f 63 6b 65 74 20 63 6c 6f 73 65 64 20 77 69 74 68 20 73 74 Data Ascii: s._webSocket=void 0),this._logger.log(_t.Trace,"(WebSockets transport) socket closed."),this.onclose&&(!this._isCloseEvent(e)\|\|!1!==e.wasClean&&1e3===e.code?e instanceof Error?this.onclose(e):this.onclose():this.onclose(new Error(`WebSocket closed with st
2024-10-24 08:57:34 UTC	16384	IN	Data Raw: 77 20 24 74 28 65 29 29 7d 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 72 74 65 64 3d 21 30 7d 73 65 6e 64 28 65 29 7b 72 65 74 75 72 6e 22 43 6f 6e 6e 65 63 74 65 64 22 21 3d 3d 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 3f 50 72 6f 6d 69 73 65 2e 72 65 6a 65 63 74 28 6e 65 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 73 65 6e 64 20 64 61 74 61 20 69 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6e 6f 74 20 69 6e 20 74 68 65 20 27 43 6f 6e 6e 65 63 74 65 64 27 20 53 74 61 74 65 2e 22 29 29 3a 28 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 75 65 7c 7c 28 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 75 65 3d 6e 65 77 20 66 6e 28 74 68 69 73 2e 74 72 61 6e 73 70 6f 72 74 29 29 2c 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 Data Ascii: w $t(e))}this._connectionStarted=!0}send(e){return"Connected"!==this._connectionState?Promise.reject(new Error("Cannot send data if the connection is not in the 'Connected' State.")):(this._sendQueue\|\|(this._sendQueue=new fn(this.transport)),this._sendQue
2024-10-24 08:57:34 UTC	16384	IN	Data Raw: 28 6e 75 6c 6c 3d 3d 3d 28 53 6e 3d 6e 75 6c 6c 3d 3d 3d 70 72 6f 63 65 73 73 7c 7c 76 6f 69 64 20 30 3d 3d 3d 70 72 6f 63 65 73 73 3f 76 6f 69 64 20 30 3a 70 72 6f 63 65 73 73 2e 65 6e 76 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 53 6e 3f 76 6f 69 64 20 30 3a 53 6e 2e 54 45 58 54 5f 44 45 43 4f 44 45 52 29 3f 32 30 30 3a 30 3a 45 6e 2c 4d 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 2e 74 79 70 65 3d 65 2c 74 68 69 73 2e 64 61 74 61 3d 74 7d 2c 42 6e 3d 28 50 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 50 6e 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e Data Ascii: (null===(Sn=null===process\|\|void 0===process?void 0:process.env)\|\|void 0===Sn?void 0:Sn.TEXT_DECODER)?200:0:En,Mn=function(e,t){this.type=e,this.data=t},Bn=(Pn=function(e,t){return Pn=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.
2024-10-24 08:57:34 UTC	16384	IN	Data Raw: 28 65 29 7b 75 28 61 5b 30 5d 5b 33 5d 2c 65 29 7d 76 61 72 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 68 28 65 29 7b 6c 28 22 6e 65 78 74 22 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 6c 28 22 74 68 72 6f 77 22 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 2c 74 29 7b 65 28 74 29 2c 61 2e 73 68 69 66 74 28 29 2c 61 2e 6c 65 6e 67 74 68 26 26 6c 28 61 5b 30 5d 5b 30 5d 2c 61 5b 30 5d 5b 31 5d 29 7d 7d 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 64 6f 44 65 63 6f 64 65 53 79 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 65 3a 66 6f 72 28 3b 3b 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 72 65 61 64 48 65 61 64 42 79 74 65 28 29 2c 74 3d 76 6f 69 64 20 30 3b 69 66 28 65 3e 3d 32 32 34 29 74 3d 65 2d 32 35 36 3b 65 Data Ascii: (e){u(a[0][3],e)}var n}function h(e){l("next",e)}function d(e){l("throw",e)}function u(e,t){e(t),a.shift(),a.length&&l(a[0][0],a[0][1])}}(this,arguments)},e.prototype.doDecodeSync=function(){e:for(;;){var e=this.readHeadByte(),t=void 0;if(e>=224)t=e-256;e

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	29277
Entropy (8bit):	3.7985237958721045
Encrypted:	false
SSDEEP:	384:0sIO2wPIZRGV1psAr4WP6hARX5CcfjrF2OFHdjSlU34zkyBF99otuZXLdqDn:LM8GAX6Q5CcfPF2OylU3mo8G
MD5:	D4DF3E6C8CEF1295CE0B42D46112FB9C
SHA1:	D55207E3A0A0C159AE720B1B6DF7A46614C99A3F
SHA-256:	7862B224E2B1AF20DE0354B6FD530A79D57C8C9856BD5E5091A2234D233E8C99
SHA-512:	537E989AD02093B62EEF3D3DC4212F57E64D63E431734FC908641F0955E76135AC17F4ACE72F236F73FFB3F2F839B04CA24BF4A5B82989265937A2AC72B3F07A
Malicious:	false
Reputation:	low
Preview:	<svg width="151" height="54" viewBox="0 0 151 54" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M27.0471 6.06519L14.3339 13.8719L16.6684 17.6731L29.3816 9.86737L27.0471 6.06619V6.06519Z" fill="#F7F741"/>.<path d="M25.1304 17.2673C24.8113 19.2444 23.8882 21.0756 22.4879 22.507C21.0877 23.9395 19.2777 24.9029 17.3086 25.2663C15.3386 25.6297 13.3051 25.374 11.4851 24.5365C9.66602 23.6979 8.15099 22.3178 7.14734 20.5843C6.14369 18.8508 5.70076 16.8496 5.87995 14.8544C6.05913 12.8591 6.85037 10.9686 8.14696 9.44151C9.44254 7.9144 11.18 6.82518 13.1189 6.32386C15.0587 5.82254 17.1053 5.93328 18.9787 6.64197L21.2286 2.73812C18.4965 1.54522 15.4584 1.24523 12.5461 1.88044C9.63381 2.51564 6.99634 4.05484 5.01019 6.27756C3.02403 8.50028 1.79087 11.2938 1.48585 14.2594C1.18083 17.2251 1.82006 20.2108 3.31194 22.7909C4.80382 25.372 7.07285 27.4155 9.79488 28.6306C12.5169 29.8456 15.553 30.1708 18.4703 29.5587C21.3876 28.9467 24.0372 27.4286 26.0415 25.222C28.0457 23.0154 29.3011 20.232

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2397
Entropy (8bit):	4.394669784185688
Encrypted:	false
SSDEEP:	48:U9Jxw3tMa8zXAld5TODjyrr9lSPsx5k3i9TOr36:emtManJlSP0Ky9036
MD5:	44D6688FE873BE9D6FDC0E36A4ED5F81
SHA1:	0878322986B3782BB6FCEE75D0F7FD2D34271F0A
SHA-256:	8B41F523CC9870BF36BE7927991B7A2694E4C9F24414A16F1AA27F6A8CE1FC35
SHA-512:	C2CFF9BB648EA7486C0A557CD280BC242E284494373A187E13826D303F0C6340529CBA12C46F24B786177E544184F870A723A8E0994955233032D59F651CA887
Malicious:	false
Reputation:	low
Preview:	window._import_ = function (fileName, webRootPath) {.... if (webRootPath === undefined \|\| webRootPath === null) {.. webRootPath = "";.. }.... function pathJoin(path1, path2) {.... if (path1 === null \|\| path1 === undefined) {.. path1 = "";.. }.... if (path2 === null \|\| path2 === undefined) {.. path2 = "";.. }.... var needTrail = true;.. var path1hasTrail = false;.. var path2hasTrail = false;.... if (path1.length - 1 >= 0 && (path1[path1.length - 1] == '/' \|\| path1[path1.length - 1] == '\\')) {.. needTrail = false;.. path1hasTrail = true;.. }.... if (path2.length > 0 && (path2[0] == '/' \|\| path2[0] == '\\')) {.. needTrail = false;.. path2hasTrail = true;.. }.... if (needTrail) {.. return path1 + "/" + path2;.. }.. else {.. if (path1hasTrail && path2hasTrail) {.. return path1

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3664
Entropy (8bit):	4.78089961431119
Encrypted:	false
SSDEEP:	96:NfHur1Au1dyQ18VA94hJL3Qk9JUqh22b3:QryyQVA94rgk9JUqh203
MD5:	68B16274AE2C036DC0204120AF59EB47
SHA1:	965F7B1C9CC792E194E5BA0F3A587065483B636F
SHA-256:	C8E7F8730BF9DF98C746782E0AEA2FC60E4A5DC1041F455BA750E7D47442D974
SHA-512:	D1A6290D81A7EE72A6AC719DC7F9FE7AD4E515C7E9FADFEED3B42F76DBD49554A61318A00D57337330F9BBA20B1B8718CFBF58EF917FDAA6B42A5EB217A0F6B8
Malicious:	false
Reputation:	low
URL:	https://links.us1.defend.egress.com/css/site.css
Preview:	@font-face {. font-family: 'Avenir';. font-style: normal;. font-weight: bold;. src: url('/fonts/AvenirLTStd-Book_0.otf') format('truetype');.}..@font-face {. font-family: 'Avenir';. font-style: normal;. font-weight: light;. src: url('/fonts/AvenirLTStd-Light_0.otf') format('truetype');.}..@font-face {. font-family: 'Avenir';. font-style: normal;. font-weight: normal;. src: url('/fonts/AvenirLTStd-Medium_0.otf') format('truetype');.}..html, body {. height: 100%;.}..html, body, dialog {. margin: 0;. font-weight: 100;. font-family: 'Rubik', sans-serif;.}..body, dialog {. background-color: white;.}..h2 {. font-family: 'Avenir', sans-serif;. font-weight: bold;. font-size: 1.8em;. margin-top: 0;.}..h1 {. font-size: 2.2em;. font-family: 'Avenir', sans-serif;. font-weight: bold;. margin-top: 0;. margin-bottom: 10px;.}..b {. font-weight: 500;.}...ajax-background {. position: relative;. z-index: 1;. height:

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2397
Entropy (8bit):	4.394669784185688
Encrypted:	false
SSDEEP:	48:U9Jxw3tMa8zXAld5TODjyrr9lSPsx5k3i9TOr36:emtManJlSP0Ky9036
MD5:	44D6688FE873BE9D6FDC0E36A4ED5F81
SHA1:	0878322986B3782BB6FCEE75D0F7FD2D34271F0A
SHA-256:	8B41F523CC9870BF36BE7927991B7A2694E4C9F24414A16F1AA27F6A8CE1FC35
SHA-512:	C2CFF9BB648EA7486C0A557CD280BC242E284494373A187E13826D303F0C6340529CBA12C46F24B786177E544184F870A723A8E0994955233032D59F651CA887
Malicious:	false
Reputation:	low
URL:	https://links.us1.defend.egress.com/_framework/blazor.polyfill.min.js
Preview:	window._import_ = function (fileName, webRootPath) {.... if (webRootPath === undefined \|\| webRootPath === null) {.. webRootPath = "";.. }.... function pathJoin(path1, path2) {.... if (path1 === null \|\| path1 === undefined) {.. path1 = "";.. }.... if (path2 === null \|\| path2 === undefined) {.. path2 = "";.. }.... var needTrail = true;.. var path1hasTrail = false;.. var path2hasTrail = false;.... if (path1.length - 1 >= 0 && (path1[path1.length - 1] == '/' \|\| path1[path1.length - 1] == '\\')) {.. needTrail = false;.. path1hasTrail = true;.. }.... if (path2.length > 0 && (path2[0] == '/' \|\| path2[0] == '\\')) {.. needTrail = false;.. path2hasTrail = true;.. }.... if (needTrail) {.. return path1 + "/" + path2;.. }.. else {.. if (path1hasTrail && path2hasTrail) {.. return path1

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:35 UTC	849	OUT	GET /_framework/blazor.server.js HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG; AWSALBCORS=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG
2024-10-24 08:57:35 UTC	1098	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:35 GMT Content-Type: text/javascript Content-Length: 151912 Connection: close Set-Cookie: AWSALB=Q7rlO4nVO6PIYVSekVQgH/mkk+DZxTeI7oAIzvZYX4Zpfm6VPZ54Eu94S9H6IN9ZCLW/opQA1vMY/hQxIlUsvz212vkrqI9JcpdJIBKYIdvvX4hujlpau1LTTBkC; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/ Set-Cookie: AWSALBCORS=Q7rlO4nVO6PIYVSekVQgH/mkk+DZxTeI7oAIzvZYX4Zpfm6VPZ54Eu94S9H6IN9ZCLW/opQA1vMY/hQxIlUsvz212vkrqI9JcpdJIBKYIdvvX4hujlpau1LTTBkC; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/; SameSite=None; Secure Accept-Ranges: bytes Cache-Control: no-cache ETag: "1dada2bd14359e8" Last-Modified: Fri, 19 Jul 2024 22:34:29 GMT X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:35 UTC	15286	IN	Data Raw: 28 28 29 3d 3e 7b 76 61 72 20 65 3d 7b 37 37 38 3a 28 29 3d 3e 7b 7d 2c 37 37 3a 28 29 3d 3e 7b 7d 2c 32 30 33 3a 28 29 3d 3e 7b 7d 2c 32 30 30 3a 28 29 3d 3e 7b 7d 2c 36 32 38 3a 28 29 3d 3e 7b 7d 2c 33 32 31 3a 28 29 3d 3e 7b 7d 7d 2c 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 76 61 72 20 6f 3d 74 5b 72 5d 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 6f 29 72 65 74 75 72 6e 20 6f 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 73 3d 74 5b 72 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 28 73 2c 73 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 73 2e 65 78 70 6f 72 74 73 7d 6e 2e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 29 72 65 74 75 72 6e 20 67 Data Ascii: (()=>{var e={778:()=>{},77:()=>{},203:()=>{},200:()=>{},628:()=>{},321:()=>{}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var s=t[r]={exports:{}};return e[r](s,s.exports,n),s.exports}n.g=function(){if("object"==typeof globalThis)return g
2024-10-24 08:57:35 UTC	16384	IN	Data Raw: 6b 28 65 29 7b 74 68 69 73 2e 61 66 74 65 72 43 6c 69 63 6b 43 61 6c 6c 62 61 63 6b 73 2e 70 75 73 68 28 65 29 2c 74 68 69 73 2e 65 76 65 6e 74 49 6e 66 6f 53 74 6f 72 65 2e 61 64 64 47 6c 6f 62 61 6c 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 29 7d 73 65 74 53 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 74 68 69 73 2e 67 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 49 6e 66 6f 73 46 6f 72 45 6c 65 6d 65 6e 74 28 65 2c 21 30 29 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 74 2c 6e 29 7d 73 65 74 50 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 65 2c 74 2c 6e 29 7b 74 68 69 73 2e 67 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 49 6e 66 6f 73 46 6f 72 45 6c 65 6d 65 6e 74 28 65 2c 21 30 29 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 Data Ascii: k(e){this.afterClickCallbacks.push(e),this.eventInfoStore.addGlobalListener("click")}setStopPropagation(e,t,n){this.getEventHandlerInfosForElement(e,!0).stopPropagation(t,n)}setPreventDefault(e,t,n){this.getEventHandlerInfosForElement(e,!0).preventDefault
2024-10-24 08:57:35 UTC	430	IN	Data Raw: 70 6c 61 63 65 28 65 29 7d 65 6c 73 65 20 74 3f 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 65 29 3a 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 65 7d 28 65 2c 74 2e 72 65 70 6c 61 63 65 48 69 73 74 6f 72 79 45 6e 74 72 79 29 3b 65 6c 73 65 20 69 66 28 22 63 6c 69 65 6e 74 73 69 64 65 2d 72 6f 75 74 65 72 22 3d 3d 3d 6f 29 42 65 28 72 2c 21 31 2c 74 2e 72 65 70 6c 61 63 65 48 69 73 74 6f 72 79 45 6e 74 72 79 2c 74 2e 68 69 73 74 6f 72 79 45 6e 74 72 79 53 74 61 74 65 2c 6e 29 3b 65 6c 73 65 7b 69 66 28 22 73 65 72 76 65 72 73 69 64 65 2d 65 6e 68 61 6e 63 65 64 22 21 3d 3d 6f 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 60 55 6e 73 75 70 70 6f 72 74 65 64 20 70 61 67 65 20 6c 6f 61 64 20 6d 65 63 68 61 6e 69 73 6d 3a 20 24 7b 6f 7d 60 29 3b 43 Data Ascii: place(e)}else t?location.replace(e):location.href=e}(e,t.replaceHistoryEntry);else if("clientside-router"===o)Be(r,!1,t.replaceHistoryEntry,t.historyEntryState,n);else{if("serverside-enhanced"!==o)throw new Error(`Unsupported page load mechanism: ${o}`);C
2024-10-24 08:57:35 UTC	11977	IN	Data Raw: 70 61 74 68 6e 61 6d 65 26 26 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3d 3d 3d 74 2e 73 65 61 72 63 68 7d 28 65 29 29 72 65 74 75 72 6e 20 4c 65 28 65 2c 6e 2c 72 29 2c 76 6f 69 64 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 6f 6e 73 74 20 74 3d 65 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 74 21 3d 3d 65 2e 6c 65 6e 67 74 68 2d 31 26 26 53 65 28 65 2e 73 75 62 73 74 72 69 6e 67 28 74 2b 31 29 29 7d 28 65 29 3b 63 6f 6e 73 74 20 73 3d 57 65 28 29 3b 28 6f 7c 7c 21 28 6e 75 6c 6c 3d 3d 73 3f 76 6f 69 64 20 30 3a 73 2e 68 61 73 4c 6f 63 61 74 69 6f 6e 43 68 61 6e 67 69 6e 67 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 29 7c 7c 61 77 61 69 74 20 46 65 28 65 2c 72 2c 74 2c 73 29 29 26 26 28 5f 65 3d 21 30 2c 4c 65 28 65 2c 6e 2c 72 29 2c 61 77 61 69 74 20 48 Data Ascii: pathname&&location.search===t.search}(e))return Le(e,n,r),void function(e){const t=e.indexOf("#");t!==e.length-1&&Se(e.substring(t+1))}(e);const s=We();(o\|\|!(null==s?void 0:s.hasLocationChangingEventListeners)\|\|await Fe(e,r,t,s))&&(_e=!0,Le(e,n,r),await H
2024-10-24 08:57:35 UTC	16384	IN	Data Raw: 69 6e 74 38 41 72 72 61 79 28 65 29 3b 6c 65 74 20 6e 3d 22 22 3b 72 65 74 75 72 6e 20 74 2e 66 6f 72 45 61 63 68 28 28 65 3d 3e 7b 6e 2b 3d 60 30 78 24 7b 65 3c 31 36 3f 22 30 22 3a 22 22 7d 24 7b 65 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 7d 20 60 7d 29 29 2c 6e 2e 73 75 62 73 74 72 28 30 2c 6e 2e 6c 65 6e 67 74 68 2d 31 29 7d 28 65 29 7d 27 60 29 29 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 6e 3d 60 53 74 72 69 6e 67 20 64 61 74 61 20 6f 66 20 6c 65 6e 67 74 68 20 24 7b 65 2e 6c 65 6e 67 74 68 7d 60 2c 74 26 26 28 6e 2b 3d 60 2e 20 43 6f 6e 74 65 6e 74 3a 20 27 24 7b 65 7d 27 60 29 29 2c 6e 7d 66 75 6e 63 74 69 6f 6e 20 6b 74 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 41 Data Ascii: int8Array(e);let n="";return t.forEach((e=>{n+=`0x${e<16?"0":""}${e.toString(16)} `})),n.substr(0,n.length-1)}(e)}'`)):"string"==typeof e&&(n=`String data of length ${e.length}`,t&&(n+=`. Content: '${e}'`)),n}function kt(e){return e&&"undefined"!=typeof A
2024-10-24 08:57:36 UTC	16384	IN	Data Raw: 72 65 63 65 69 76 69 6e 67 20 61 20 6d 65 73 73 61 67 65 20 66 72 6f 6d 20 74 68 65 20 73 65 72 76 65 72 2e 22 29 29 7d 61 73 79 6e 63 20 5f 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 4d 65 74 68 6f 64 28 65 29 7b 63 6f 6e 73 74 20 74 3d 65 2e 74 61 72 67 65 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 74 68 69 73 2e 5f 6d 65 74 68 6f 64 73 5b 74 5d 3b 69 66 28 21 6e 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 6c 6f 67 67 65 72 2e 6c 6f 67 28 5f 74 2e 57 61 72 6e 69 6e 67 2c 60 4e 6f 20 63 6c 69 65 6e 74 20 6d 65 74 68 6f 64 20 77 69 74 68 20 74 68 65 20 6e 61 6d 65 20 27 24 7b 74 7d 27 20 66 6f 75 6e 64 2e 60 29 2c 76 6f 69 64 28 65 2e 69 6e 76 6f 63 61 74 69 6f 6e 49 64 26 26 28 74 68 69 73 2e 5f 6c 6f 67 67 65 72 2e 6c 6f 67 28 5f 74 2e 57 61 72 6e 69 Data Ascii: receiving a message from the server."))}async _invokeClientMethod(e){const t=e.target.toLowerCase(),n=this._methods[t];if(!n)return this._logger.log(_t.Warning,`No client method with the name '${t}' found.`),void(e.invocationId&&(this._logger.log(_t.Warni
2024-10-24 08:57:36 UTC	6589	IN	Data Raw: 63 6c 6f 73 65 29 7b 6c 65 74 20 65 3d 22 28 4c 6f 6e 67 50 6f 6c 6c 69 6e 67 20 74 72 61 6e 73 70 6f 72 74 29 20 46 69 72 69 6e 67 20 6f 6e 63 6c 6f 73 65 20 65 76 65 6e 74 2e 22 3b 74 68 69 73 2e 5f 63 6c 6f 73 65 45 72 72 6f 72 26 26 28 65 2b 3d 22 20 45 72 72 6f 72 3a 20 22 2b 74 68 69 73 2e 5f 63 6c 6f 73 65 45 72 72 6f 72 29 2c 74 68 69 73 2e 5f 6c 6f 67 67 65 72 2e 6c 6f 67 28 5f 74 2e 54 72 61 63 65 2c 65 29 2c 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 28 74 68 69 73 2e 5f 63 6c 6f 73 65 45 72 72 6f 72 29 7d 7d 7d 63 6c 61 73 73 20 64 6e 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 2c 74 2c 6e 2c 72 29 7b 74 68 69 73 2e 5f 68 74 74 70 43 6c 69 65 6e 74 3d 65 2c 74 68 69 73 2e 5f 61 63 63 65 73 73 54 6f 6b 65 6e 3d 74 2c 74 68 69 73 2e 5f 6c 6f 67 67 65 72 Data Ascii: close){let e="(LongPolling transport) Firing onclose event.";this._closeError&&(e+=" Error: "+this._closeError),this._logger.log(_t.Trace,e),this.onclose(this._closeError)}}}class dn{constructor(e,t,n,r){this._httpClient=e,this._accessToken=t,this._logger
2024-10-24 08:57:36 UTC	16384	IN	Data Raw: 77 20 24 74 28 65 29 29 7d 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 72 74 65 64 3d 21 30 7d 73 65 6e 64 28 65 29 7b 72 65 74 75 72 6e 22 43 6f 6e 6e 65 63 74 65 64 22 21 3d 3d 74 68 69 73 2e 5f 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 3f 50 72 6f 6d 69 73 65 2e 72 65 6a 65 63 74 28 6e 65 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 73 65 6e 64 20 64 61 74 61 20 69 66 20 74 68 65 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 69 73 20 6e 6f 74 20 69 6e 20 74 68 65 20 27 43 6f 6e 6e 65 63 74 65 64 27 20 53 74 61 74 65 2e 22 29 29 3a 28 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 75 65 7c 7c 28 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 75 65 3d 6e 65 77 20 66 6e 28 74 68 69 73 2e 74 72 61 6e 73 70 6f 72 74 29 29 2c 74 68 69 73 2e 5f 73 65 6e 64 51 75 65 Data Ascii: w $t(e))}this._connectionStarted=!0}send(e){return"Connected"!==this._connectionState?Promise.reject(new Error("Cannot send data if the connection is not in the 'Connected' State.")):(this._sendQueue\|\|(this._sendQueue=new fn(this.transport)),this._sendQue
2024-10-24 08:57:36 UTC	16384	IN	Data Raw: 28 6e 75 6c 6c 3d 3d 3d 28 53 6e 3d 6e 75 6c 6c 3d 3d 3d 70 72 6f 63 65 73 73 7c 7c 76 6f 69 64 20 30 3d 3d 3d 70 72 6f 63 65 73 73 3f 76 6f 69 64 20 30 3a 70 72 6f 63 65 73 73 2e 65 6e 76 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 53 6e 3f 76 6f 69 64 20 30 3a 53 6e 2e 54 45 58 54 5f 44 45 43 4f 44 45 52 29 3f 32 30 30 3a 30 3a 45 6e 2c 4d 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 2e 74 79 70 65 3d 65 2c 74 68 69 73 2e 64 61 74 61 3d 74 7d 2c 42 6e 3d 28 50 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 50 6e 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e Data Ascii: (null===(Sn=null===process\|\|void 0===process?void 0:process.env)\|\|void 0===Sn?void 0:Sn.TEXT_DECODER)?200:0:En,Mn=function(e,t){this.type=e,this.data=t},Bn=(Pn=function(e,t){return Pn=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.
2024-10-24 08:57:36 UTC	16384	IN	Data Raw: 28 65 29 7b 75 28 61 5b 30 5d 5b 33 5d 2c 65 29 7d 76 61 72 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 68 28 65 29 7b 6c 28 22 6e 65 78 74 22 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 6c 28 22 74 68 72 6f 77 22 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 2c 74 29 7b 65 28 74 29 2c 61 2e 73 68 69 66 74 28 29 2c 61 2e 6c 65 6e 67 74 68 26 26 6c 28 61 5b 30 5d 5b 30 5d 2c 61 5b 30 5d 5b 31 5d 29 7d 7d 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 64 6f 44 65 63 6f 64 65 53 79 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 65 3a 66 6f 72 28 3b 3b 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 72 65 61 64 48 65 61 64 42 79 74 65 28 29 2c 74 3d 76 6f 69 64 20 30 3b 69 66 28 65 3e 3d 32 32 34 29 74 3d 65 2d 32 35 36 3b 65 Data Ascii: (e){u(a[0][3],e)}var n}function h(e){l("next",e)}function d(e){l("throw",e)}function u(e,t){e(t),a.shift(),a.length&&l(a[0][0],a[0][1])}}(this,arguments)},e.prototype.doDecodeSync=function(){e:for(;;){var e=this.readHeadByte(),t=void 0;if(e>=224)t=e-256;e

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:35 UTC	3016	OUT	GET /_blazor/initializers HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG; AWSALBCORS=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG
2024-10-24 08:57:35 UTC	1000	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:35 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=Yf/TX24uIayrjyCou1cARPow0g4M5xy/gZyCsgk5pF7cOyb3AvVSfElBGJONO/453KelVW+MnK40nTVV8KZAkJvxz1kUZRf6AX3tlU4geWN2bNSkBU6snUSLHuPB; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/ Set-Cookie: AWSALBCORS=Yf/TX24uIayrjyCou1cARPow0g4M5xy/gZyCsgk5pF7cOyb3AvVSfElBGJONO/453KelVW+MnK40nTVV8KZAkJvxz1kUZRf6AX3tlU4geWN2bNSkBU6snUSLHuPB; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/; SameSite=None; Secure X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:35 UTC	7	IN	Data Raw: 32 0d 0a 5b 5d 0d 0a Data Ascii: 2[]
2024-10-24 08:57:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:35 UTC	3056	OUT	GET /images/egress-icon.png HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG; AWSALBCORS=UGGHJ4FtPuE167fNuVEx6MhQj1wGFTzYGa0WdQNsI6SDmnUgnNFvvZ61ZrvjmwehuX09fopb8+UG0l/5uTKL9vkcu/IY6Fw8vWrQ74/Lb0BqFn2inpYItsADNCpG
2024-10-24 08:57:35 UTC	1065	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:35 GMT Content-Type: image/png Content-Length: 4436 Connection: close Set-Cookie: AWSALB=pZnLT31hIhbPUlIwOblqJ46qCw95cTGCMdeNkaf9jMuysOYCVAbU9XOgw2Qvc3AYFqzBKWJCmDov91EJOaIVnTcV6JOOqFuZCA/3OTNzGP+bFLVM20T3HOEGhwVz; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/ Set-Cookie: AWSALBCORS=pZnLT31hIhbPUlIwOblqJ46qCw95cTGCMdeNkaf9jMuysOYCVAbU9XOgw2Qvc3AYFqzBKWJCmDov91EJOaIVnTcV6JOOqFuZCA/3OTNzGP+bFLVM20T3HOEGhwVz; Expires=Thu, 31 Oct 2024 08:57:35 GMT; Path=/; SameSite=None; Secure Accept-Ranges: bytes ETag: "1db1988f8ebb054" Last-Modified: Tue, 08 Oct 2024 13:50:02 GMT X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:35 UTC	4436	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 74 00 00 00 74 08 06 00 00 00 54 9a 16 27 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 10 e9 49 44 41 54 78 5e ed 9d 0b 94 54 75 1d c7 7f ff 7b 67 57 70 85 d4 44 8c 79 2c a8 28 22 a0 e2 a3 44 3d 29 a6 9e 42 cd ac c0 e3 11 76 66 d1 88 d2 d4 3a 9a 95 16 be 32 3b 9e f2 11 15 0a 33 bb 20 a6 52 f9 44 2d cb 67 64 a4 59 e6 5b e4 b1 33 b3 2b 49 59 0a 8b fb 98 b9 ff be bf 7b ff 2b bb ec 6b 76 ee ff ce bd 33 ec 87 73 67 7e ff df 70 76 1e df fb 7f ff fe ff bf a0 4a 20 d9 1c 25 23 3f 81 a4 88 e0 1a 0b 4f 98 0c 39 96 24 ed e6 fc 07 aa 21 21 ab 89 44 1b 7c 1f 10 49 5c e2 7d f8 b6 90 34 d2 24 f2 1b 48 5a Data Ascii: PNGIHDRttT'sRGBgAMAapHYsodIDATx^Tu{gWpDy,("D=)Bvf:2;3 RD-gdY[3+IY{+kv3sg~pvJ %#?O9$!!D\|I\}4$HZ

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:36 UTC	3240	OUT	POST /_blazor/negotiate?negotiateVersion=1 HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive Content-Length: 0 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 X-SignalR-User-Agent: Microsoft SignalR/0.0 (0.0.0-DEV_BUILD; Unknown OS; Browser; Unknown Runtime Version) sec-ch-ua-platform: "Windows" Accept: / Origin: https://links.us1.defend.egress.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=pZnLT31hIhbPUlIwOblqJ46qCw95cTGCMdeNkaf9jMuysOYCVAbU9XOgw2Qvc3AYFqzBKWJCmDov91EJOaIVnTcV6JOOqFuZCA/3OTNzGP+bFLVM20T3HOEGhwVz; AWSALBCORS=pZnLT31hIhbPUlIwOblqJ46qCw95cTGCMdeNkaf9jMuysOYCVAbU9XOgw2Qvc3AYFqzBKWJCmDov91EJOaIVnTcV6JOOqFuZCA/3OTNzGP+bFLVM20T3HOEGhwVz
2024-10-24 08:57:36 UTC	978	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:36 GMT Content-Type: application/json Content-Length: 316 Connection: close Set-Cookie: AWSALB=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD; Expires=Thu, 31 Oct 2024 08:57:36 GMT; Path=/ Set-Cookie: AWSALBCORS=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD; Expires=Thu, 31 Oct 2024 08:57:36 GMT; Path=/; SameSite=None; Secure X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload
2024-10-24 08:57:36 UTC	316	IN	Data Raw: 7b 22 6e 65 67 6f 74 69 61 74 65 56 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 6e 65 63 74 69 6f 6e 49 64 22 3a 22 49 41 62 52 43 32 4c 79 46 36 68 45 76 4d 6d 4f 32 30 57 6d 48 77 22 2c 22 63 6f 6e 6e 65 63 74 69 6f 6e 54 6f 6b 65 6e 22 3a 22 76 44 51 38 57 32 4a 64 5f 69 54 78 67 47 35 6c 55 54 75 4d 63 77 22 2c 22 61 76 61 69 6c 61 62 6c 65 54 72 61 6e 73 70 6f 72 74 73 22 3a 5b 7b 22 74 72 61 6e 73 70 6f 72 74 22 3a 22 57 65 62 53 6f 63 6b 65 74 73 22 2c 22 74 72 61 6e 73 66 65 72 46 6f 72 6d 61 74 73 22 3a 5b 22 54 65 78 74 22 2c 22 42 69 6e 61 72 79 22 5d 7d 2c 7b 22 74 72 61 6e 73 70 6f 72 74 22 3a 22 53 65 72 76 65 72 53 65 6e 74 45 76 65 6e 74 73 22 2c 22 74 72 61 6e 73 66 65 72 46 6f 72 6d 61 74 73 22 3a 5b 22 54 65 78 74 22 5d 7d 2c 7b 22 74 72 Data Ascii: {"negotiateVersion":1,"connectionId":"IAbRC2LyF6hEvMmO20WmHw","connectionToken":"vDQ8W2Jd_iTxgG5lUTuMcw","availableTransports":[{"transport":"WebSockets","transferFormats":["Text","Binary"]},{"transport":"ServerSentEvents","transferFormats":["Text"]},{"tr

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:36 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 08:57:36 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=28050 Date: Thu, 24 Oct 2024 08:57:36 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:37 UTC	858	OUT	GET /_blazor/negotiate?negotiateVersion=1 HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD; AWSALBCORS=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD
2024-10-24 08:57:37 UTC	986	IN	HTTP/1.1 405 Method Not Allowed Date: Thu, 24 Oct 2024 08:57:37 GMT Content-Type: text/plain Content-Length: 0 Connection: close Set-Cookie: AWSALB=xTbgEcsBd8k/ORDByyRjzJWcwHEQ0RxKQp6opbM6IYhEPy7u2Mu3JsWEH9rK9gaKi2gV/lTCGlpRvS1AWtQJwMY2d/SmhNyTOAD3HRjWlSyfLOqngf0CMtEIAxpq; Expires=Thu, 31 Oct 2024 08:57:37 GMT; Path=/ Set-Cookie: AWSALBCORS=xTbgEcsBd8k/ORDByyRjzJWcwHEQ0RxKQp6opbM6IYhEPy7u2Mu3JsWEH9rK9gaKi2gV/lTCGlpRvS1AWtQJwMY2d/SmhNyTOAD3HRjWlSyfLOqngf0CMtEIAxpq; Expires=Thu, 31 Oct 2024 08:57:37 GMT; Path=/; SameSite=None; Secure X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:37 UTC	1022	OUT	GET /_blazor?id=vDQ8W2Jd_iTxgG5lUTuMcw HTTP/1.1 Host: links.us1.defend.egress.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://links.us1.defend.egress.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD; AWSALBCORS=P5sPCYeBEr8RQJveYnbMkcUyJG1cYqVj2PygARDjU5eExdcHn4BAz4iVOA3BFuL3pB6bnrVcJlGSv/K35GN20KrJtz9g/dyoutzzhX8SzSrxdFbuOOrR4UuGD1jD Sec-WebSocket-Key: 74yFbjxAtNWPTp9ic8rjFw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-10-24 08:57:37 UTC	1077	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:37 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Set-Cookie: AWSALB=EA1tXS2jbraPwDuBu+sU6q9dggRBjjP/56gvwIYfMsiPGEaW/gMyozDwAovbB7eHuNE23IDUbAqb7i+/N9XeLwdGCDkipg6ToeR9lqkbRXixlYmhEvdIMvkrRvSK; Expires=Thu, 31 Oct 2024 08:57:37 GMT; Path=/ Set-Cookie: AWSALBCORS=EA1tXS2jbraPwDuBu+sU6q9dggRBjjP/56gvwIYfMsiPGEaW/gMyozDwAovbB7eHuNE23IDUbAqb7i+/N9XeLwdGCDkipg6ToeR9lqkbRXixlYmhEvdIMvkrRvSK; Expires=Thu, 31 Oct 2024 08:57:37 GMT; Path=/; SameSite=None; Secure Cache-Control: no-cache, no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 08:57:37 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=28129 Date: Thu, 24 Oct 2024 08:57:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-24 08:57:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:38 UTC	3188	OUT	GET /_blazor?id=hieRnTZHgQ45O-BAH-H2cw&_=1729760257007 HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 X-SignalR-User-Agent: Microsoft SignalR/0.0 (0.0.0-DEV_BUILD; Unknown OS; Browser; Unknown Runtime Version) sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=xNAhiArRg+JrXUaQyHXVGDjxB6qKMa4G6v6NOpo6wMavUj42wTU5NfIr2cZul1HTDUPBZjzzfhUhsJEUveyYgrRFQQ6gD/M6jO9KcDp6LJPbCE/2yyefuGi1Cnd/; AWSALBCORS=xNAhiArRg+JrXUaQyHXVGDjxB6qKMa4G6v6NOpo6wMavUj42wTU5NfIr2cZul1HTDUPBZjzzfhUhsJEUveyYgrRFQQ6gD/M6jO9KcDp6LJPbCE/2yyefuGi1Cnd/
2024-10-24 08:57:38 UTC	1077	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:38 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Set-Cookie: AWSALB=jkKANa/JUGBh5Td6ayF0b0wdegAm6bqCH7OYq45PLuqBwW3RoKzZ6yjH6ShwOu8SolW5mqHln3OENhekqnTjO2tRde0ySw1ucv+3vQYKCgPgyDS6njAoYQXtcQWt; Expires=Thu, 31 Oct 2024 08:57:38 GMT; Path=/ Set-Cookie: AWSALBCORS=jkKANa/JUGBh5Td6ayF0b0wdegAm6bqCH7OYq45PLuqBwW3RoKzZ6yjH6ShwOu8SolW5mqHln3OENhekqnTjO2tRde0ySw1ucv+3vQYKCgPgyDS6njAoYQXtcQWt; Expires=Thu, 31 Oct 2024 08:57:38 GMT; Path=/; SameSite=None; Secure Cache-Control: no-cache, no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:39 UTC	3278	OUT	POST /_blazor?id=hieRnTZHgQ45O-BAH-H2cw HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive Content-Length: 38 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: text/plain;charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 X-SignalR-User-Agent: Microsoft SignalR/0.0 (0.0.0-DEV_BUILD; Unknown OS; Browser; Unknown Runtime Version) sec-ch-ua-platform: "Windows" Accept: / Origin: https://links.us1.defend.egress.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://links.us1.defend.egress.com/Warning?crId=6719c1fe0a0594bd0e3efe86&Domain=lcatterton.com&Lang=en&Base64Url=eNolVefOpEgMfKLdjwxz0ulEzjnz5wQMDDDkDE9_zZ7UQh2q3MYuu6t1HZe_fn62uaUgmPrd1mXRDvn3dz50P-3yk7d1_v1nG_u_NwiCfyPuGvfyi9VXtqJoY9Z-IQL5DkazSK1JwuSwCshfCDMQqlPoOda5xUgz5HYXPtkiSC4R725tRJe4PxKAfeu7q4qF3mdBGd9BZsjU9BjcxZveonl0nDYcKqZKZZcpIpTTkIVMsXh43ZjUwXBrjbIC8FWt4cetDqzi1_SVAp-YncEhbXB7P5x4KWpvQeETeeJR0t7UmcQJlAGg-DRaTwUGqEQ5Vz1GNaodvKzSEanmVp5COJSTXB77EFo1zuYCf2SUO-pyJwAHNpnlYIZScvTXAiVMYmquMXtnMYj2ohjDdpqh7w4u9UV8cFeZ1xeIIE9OPhcDumzxVEHHrlZHvGDJuWgRn3eIhO2HytMEEF4zzYTYsuCFfZ6RaelpzniA2LkZ-A6ivEcyH6hOh7JwCPD1FYvTa50vL6psKSsHJUTSI_HaqPWsLjeDDiX13Knqy0WRijx7qaWueOfQOrSrPdtCHhhZs6axrZt87uEvnH37cTi7K1JjvgOOW3O5CJ3c3MLv36bCFPsUjTLkBgMgXG1LT58axUuSSqLscpuEnT6KprzOq2bDz_EL5cAgPD79t7hWmIgldT5bDEWS0xRfEXZ5nEa86aF8H8zrnNy6fuKcasIWG8myMXGghZz2aQxogadU0r4qRghWFbaviZCyr7TIMWW6kLiZwFXejm8WxMObUQkMxxhVu9ChElhkVcir7mv2YPJ17Km9Riw5SM0qt7EKQZPwFvC9VmFO26x17yAtau79kIVAK2yQSSGeoGYeEBhMmW8UvK6obJxZaEPCyLHzFHLvuD8jW [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=jkKANa/JUGBh5Td6ayF0b0wdegAm6bqCH7OYq45PLuqBwW3RoKzZ6yjH6ShwOu8SolW5mqHln3OENhekqnTjO2tRde0ySw1ucv+3vQYKCgPgyDS6njAoYQXtcQWt; AWSALBCORS=jkKANa/JUGBh5Td6ayF0b0wdegAm6bqCH7OYq45PLuqBwW3RoKzZ6yjH6ShwOu8SolW5mqHln3OENhekqnTjO2tRde0ySw1ucv+3vQYKCgPgyDS6njAoYQXtcQWt
2024-10-24 08:57:39 UTC	38	OUT	Data Raw: 7b 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 62 6c 61 7a 6f 72 70 61 63 6b 22 2c 22 76 65 72 73 69 6f 6e 22 3a 31 7d 1e Data Ascii: {"protocol":"blazorpack","version":1}
2024-10-24 08:57:39 UTC	970	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:39 GMT Content-Type: text/plain Content-Length: 0 Connection: close Set-Cookie: AWSALB=Mb2hYrS6aVAoMrezEBQMP5XKoXW2a7ivV5cQMDE8W/h7TmpyxWLN3GuJjPbBspf3IAEiMj0d6QQJEqClQWmqfA2G8VTk9SaKhx+yi+j9mrK3QA5BGJCygzrNbf8p; Expires=Thu, 31 Oct 2024 08:57:39 GMT; Path=/ Set-Cookie: AWSALBCORS=Mb2hYrS6aVAoMrezEBQMP5XKoXW2a7ivV5cQMDE8W/h7TmpyxWLN3GuJjPbBspf3IAEiMj0d6QQJEqClQWmqfA2G8VTk9SaKhx+yi+j9mrK3QA5BGJCygzrNbf8p; Expires=Thu, 31 Oct 2024 08:57:39 GMT; Path=/; SameSite=None; Secure X-Robots-Tag: noindex X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: same-origin X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https:; font-src 'self' https: https://fonts.gstatic.com; connect-src https: ws: wss:; object-src 'none' Strict-Transport-Security: max-age=2592000; preload

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Connections

HTTPS Proxied Packets

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:39 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:40 UTC	540	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:39 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 21 Oct 2024 13:21:21 GMT ETag: "0x8DCF1D34132B902" x-ms-request-id: 84bcd95b-b01e-001e-1a38-240214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085739Z-17fbfdc98bbwfg2nvhsr4h37pn000000070g00000000523c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:40 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-24 08:57:40 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:40 UTC	855	OUT	GET /_blazor?id=hieRnTZHgQ45O-BAH-H2cw HTTP/1.1 Host: links.us1.defend.egress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: .AspNetCore.Antiforgery.VyLW6ORzMgk=CfDJ8DxQtwfDnGVArVCT2c4slwB8_2DMIL3Q16HDke07s6ezO9R9SMZT-MH3Df29FcY0CstdaLSUE_LeGwjrVl57hoO4kH8EdegCVqaXvMmnkIVrZ8mjAFDQz2r0RqgE4lqGoanMvnRlfBWLx-3dg1FBaqg; AWSALB=Kih4hj2aLY/dIPLY510L2Eqaz30oIN2LMHsh8g8572VCvD3KxE9ajBRwGxIlyTADMx7yzbkSbU2mS12yKa2mnofO5XCQ6YOD69FVNAeXY2EPK1Ubdqhd2X8rMKzf; AWSALBCORS=Kih4hj2aLY/dIPLY510L2Eqaz30oIN2LMHsh8g8572VCvD3KxE9ajBRwGxIlyTADMx7yzbkSbU2mS12yKa2mnofO5XCQ6YOD69FVNAeXY2EPK1Ubdqhd2X8rMKzf
2024-10-24 08:58:41 UTC	566	IN	HTTP/1.1 504 Gateway Time-out Server: awselb/2.0 Date: Thu, 24 Oct 2024 08:58:41 GMT Content-Type: text/html Content-Length: 534 Connection: close Set-Cookie: AWSALB=qJxOhGqrBOKZCz9LLlARTE7g6/DoMEaYRxB09Qziy3oV0Xz22IRSgLlsnEJo3/AAwLSxUhI1rnKE1GNFue8RyQUWYR7WpyT1QxrgSozfiDk/TeMswGImKQmYmiMv; Expires=Thu, 31 Oct 2024 08:57:41 GMT; Path=/ Set-Cookie: AWSALBCORS=qJxOhGqrBOKZCz9LLlARTE7g6/DoMEaYRxB09Qziy3oV0Xz22IRSgLlsnEJo3/AAwLSxUhI1rnKE1GNFue8RyQUWYR7WpyT1QxrgSozfiDk/TeMswGImKQmYmiMv; Expires=Thu, 31 Oct 2024 08:57:41 GMT; Path=/; SameSite=None; Secure
2024-10-24 08:58:41 UTC	534	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 Data Ascii: <html><head><title>504 Gateway Time-out</title></head><body><center><h1>504 Gateway Time-out</h1></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:42 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:42 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:42 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 394abe64-001e-0028-050b-22c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085742Z-r1755647c669hnl7dkxy835cqc0000000770000000005neu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:42 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:42 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:42 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:42 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 3b262095-501e-0035-475d-23c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085742Z-r1755647c66ldfgxa3qp9d53us00000009gg0000000046yd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:42 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:42 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:42 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:42 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 014e5f85-701e-006f-2b35-21afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085742Z-r1755647c66dj7986akr8tvaw400000008qg0000000051eb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:42 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:42 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:42 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:42 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 52fc638d-b01e-0070-36c5-201cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085742Z-r1755647c66s2pfjx11r8ys39000000000x0000000000p7y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:42 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:42 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:42 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:42 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 31a53d7e-801e-00a3-74f7-217cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085742Z-r1755647c66nxct5p0gnwngmx000000008rg00000000466e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:42 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:43 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:43 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:43 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: e3ea90ed-d01e-0028-6059-237896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085743Z-17fbfdc98bbvf2fnx6t6w0g25n000000074g000000002rty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:43 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:43 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:43 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:43 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 8d314a1c-701e-0097-3ae5-21b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085743Z-r1755647c66x46wg1q56tyyk6800000008sg000000003xhm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:43 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:57:43 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 08:57:43 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 08:57:43 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: fbb8ce34-501e-0064-0cbd-201f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T085743Z-r1755647c66ldfgxa3qp9d53us00000009h000000000453r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 08:57:43 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]