Edit tour

Windows Analysis Report
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/

Overview

General Information

Sample URL:	https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/
Analysis ID:	1520339
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected landing page (webpage, office document or email)

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Form action URLs do not match main URL

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1808,i,3978487464880707792,3794167766678941936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1727418465787&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_93.2.dr, chromecache_102.2.dr, chromecache_96.2.dr, chromecache_77.2.dr	String found in binary or memory: http://www.gimp.org/xmp/
Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: chromecache_79.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: chromecache_79.2.dr	String found in binary or memory: https://api.db-ip.com/v2/free/self/
Source: chromecache_79.2.dr	String found in binary or memory: https://api.emailjs.com/api/v1.0/email/send
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: chromecache_80.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: chromecache_79.2.dr	String found in binary or memory: https://popper.js.org)
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58206
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49758 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_4148_681451818

Jump to behavior

Source: classification engine

Classification label: mal68.phis.win@17/60@10/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1808,i,3978487464880707792,3794167766678941936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1808,i,3978487464880707792,3794167766678941936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/

LLM: Page contains button: 'request review' Source: '0.0.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	100%	Avira URL Cloud	phishing
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://poalim.xyz	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://reshim.org	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://medonet.pl	0%	URL Reputation	safe
https://unotv.com	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://zdrowietvn.pl	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://baomoi.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://radio2.be	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://smaker.pl	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://talkdeskqaid.com	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://text.com	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://pudelek.pl	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://wildixin.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://deccoria.pl	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://talkdeskstgid.com	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://sapo.io	0%	URL Reputation	safe
https://wpext.pl	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://poalim.site	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://elpais.uy	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
https://the42.ie	0%	URL Reputation	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://rws3nvtvt.com	0%	URL Reputation	safe
https://eleconomista.net	0%	URL Reputation	safe
https://helpdesk.com	0%	URL Reputation	safe
http://www.gimp.org/xmp/	0%	URL Reputation	safe
https://mercadolivre.com.br	0%	URL Reputation	safe
https://clmbtech.com	0%	URL Reputation	safe
https://standardsandpraiserepurpose.com	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://mercadopago.com.br	0%	URL Reputation	safe
https://commentcamarche.net	0%	URL Reputation	safe
https://etfacademy.it	0%	URL Reputation	safe
https://mighty-app.appspot.com	0%	URL Reputation	safe
https://hj.rs	0%	URL Reputation	safe
https://joyreactor.cc	0%	Avira URL Cloud	safe
https://hearty.me	0%	URL Reputation	safe
https://mercadolibre.com.gt	0%	URL Reputation	safe
https://timesinternet.in	0%	URL Reputation	safe
https://nlc.hu	0%	Avira URL Cloud	safe
https://24.hu	0%	Avira URL Cloud	safe
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/fb_round_logo.png	100%	Avira URL Cloud	phishing
https://interia.pl	0%	Avira URL Cloud	safe
https://api.db-ip.com/v2/free/self/	0%	Avira URL Cloud	safe
https://naukri.com	0%	Avira URL Cloud	safe
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/no_avatar.png	100%	Avira URL Cloud	phishing
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ico.ico	100%	Avira URL Cloud	phishing
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/dir.png	100%	Avira URL Cloud	phishing
https://07c225f3.online	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com	18.66.102.114	true	false	unknown
api.db-ip.com	104.26.4.15	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	true		unknown
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/fb_round_logo.png	true	Avira URL Cloud: phishing	unknown
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/no_avatar.png	true	Avira URL Cloud: phishing	unknown
https://api.db-ip.com/v2/free/self/	false	Avira URL Cloud: safe	unknown
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/dir.png	true	Avira URL Cloud: phishing	unknown
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ico.ico	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://unotv.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://johndeere.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://supereva.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://bolasport.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://desimartini.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://finn.no	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://24.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wildixin.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.travel	sets.json.0.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://naukri.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://interia.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wpext.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://the42.ie	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://helpdesk.com	sets.json.0.dr	false	URL Reputation: safe	unknown
http://www.gimp.org/xmp/	chromecache_93.2.dr, chromecache_102.2.dr, chromecache_96.2.dr, chromecache_77.2.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://07c225f3.online	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hj.rs	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.me	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	URL Reputation: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.5.15	unknown	United States	13335	CLOUDFLARENETUS	false
18.66.102.128	unknown	United States	3	MIT-GATEWAYSUS	false
104.26.4.15	api.db-ip.com	United States	13335	CLOUDFLARENETUS	false
18.66.102.114	business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520339
Start date and time:	2024-09-27 08:27:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@17/60@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.184.238, 108.177.15.84, 34.104.35.123, 142.250.186.42, 216.58.212.138, 142.250.185.202, 216.58.206.74, 172.217.16.202, 142.250.186.74, 142.250.186.106, 216.58.206.42, 172.217.18.10, 142.250.186.138, 172.217.18.106, 142.250.185.106, 142.250.185.74, 142.250.185.138, 142.250.74.202, 142.250.185.170, 199.232.210.172, 192.229.221.95, 52.165.164.15, 172.217.23.99, 199.232.214.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/

Input	Output
URL: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Model: jbxai	{ "brand":["Meta"], "contains_trigger_text":true, "trigger_text":"your page violated our community guidelines", "prominent_button_name":"request review", "text_input_field_labels":["privacy policy", "other rules and articles", "settings"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Model: jbxai

{
"brand":["Meta"],
"contains_trigger_text":true,
"trigger_text":"your page violated our community guidelines",
"prominent_button_name":"request review",
"text_input_field_labels":["privacy policy",
"other rules and articles",
"settings"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:28:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9771463252031736
Encrypted:	false
SSDEEP:	48:8Qd3TvjjH+idAKZdA19ehwiZUklqehjy+3:84HAoy
MD5:	3D6ABBEFF00E20B97CFA09EF2C6F2490
SHA1:	E37B54070843AB7BC6E62B30EC9C5724746C9C67
SHA-256:	FF2FAA40B37D6861AB644D29C48BF26568E0F44DB89E3BF75A8F3B0B64D8E01A
SHA-512:	97F6A49D1BA449B0C457EEAF55986FA107DFE8E47E78FF049569B279E5C3C2684EFFA86C692058A6E19CBF5710A50D9910839E41E021E9703D63DF0E6546E85E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....X..h....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I;Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........`e$N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/fb_round_logo.png	Avira URL Cloud: Label: phishing
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/no_avatar.png	Avira URL Cloud: Label: phishing
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ico.ico	Avira URL Cloud: Label: phishing
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/img/dir.png	Avira URL Cloud: Label: phishing

Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	HTTP Parser: Invalid link: Privacy Policy
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	HTTP Parser: Invalid link: Terms of use
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	HTTP Parser: Invalid link: Privacy Policy
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	HTTP Parser: Invalid link: Community Payment Terms
Source: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/	HTTP Parser: Invalid link: Commercial terms

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles/bootstrap.min.css HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles/style.css HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/block_2.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/no_avatar.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/banner_new_01.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/save_img.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/doc.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/meta-logo-grey.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/free/self/ HTTP/1.1Host: api.db-ip.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/fb_round_logo.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/2FA.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/phone.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/star.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dir.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v2/free/self/ HTTP/1.1Host: api.db-ip.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/block_2.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/no_avatar.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/save_img.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/doc.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/meta-logo-grey.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/fb_round_logo.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ico.ico HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/2FA.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/star.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dir.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/phone.png HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ico.ico HTTP/1.1Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BFcZzNEP+TU9oG9&MD=HXzKxRaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BFcZzNEP+TU9oG9&MD=HXzKxRaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.db-ip.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 08:28:03.564213037 CEST	53	51247	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:03.570044994 CEST	53	60680	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:04.560283899 CEST	53	55871	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:05.130449057 CEST	50896	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:05.130745888 CEST	64945	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:05.160208941 CEST	53	64945	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:05.160243034 CEST	53	50896	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:06.243376970 CEST	53	57279	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:07.507029057 CEST	54055	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:07.509427071 CEST	54670	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:07.513612032 CEST	53	54055	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:07.515973091 CEST	53	54670	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:07.965342045 CEST	52268	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:07.965708017 CEST	49849	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:07.972465992 CEST	53	52268	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:07.973263979 CEST	53	49849	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:07.974220991 CEST	53	59178	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:10.040064096 CEST	53	50855	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:10.930489063 CEST	52396	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:10.931195021 CEST	50273	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:10.959253073 CEST	53	50273	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:10.960410118 CEST	53	52396	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:10.970352888 CEST	56440	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:10.970352888 CEST	54403	53	192.168.2.5	1.1.1.1
Sep 27, 2024 08:28:10.977818012 CEST	53	54403	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:10.980001926 CEST	53	56440	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:22.036885023 CEST	53	49566	1.1.1.1	192.168.2.5
Sep 27, 2024 08:28:41.063123941 CEST	53	60101	1.1.1.1	192.168.2.5
Sep 27, 2024 08:29:03.019790888 CEST	53	61646	1.1.1.1	192.168.2.5
Sep 27, 2024 08:29:04.299285889 CEST	53	52637	1.1.1.1	192.168.2.5
Sep 27, 2024 08:29:05.716726065 CEST	53	59255	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:05 UTC	704	OUT	GET / HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:06 UTC	567	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 255609 Connection: close Date: Wed, 18 Sep 2024 17:18:12 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "69e4eca63e1cdefc8c6724019ad93b82" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: wDdriKAW5OVF341o8xHFuKb7JstPJSokufhTHz3hA07ExfO2iPgIoA== Age: 738594
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 68 74 6d 6c 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 65 74 61 20 7c 20 46 61 63 65 62 6f 6f 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 3e 0a 20 20 20 20 3c 2f Data Ascii: <!DOCTYPE html><html lang="en" id="html"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Meta \| Facebook</title> <link rel="stylesheet" href="styles/bootstrap.min.css"> </
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 65 20 3d 20 57 2e 67 65 74 4f 72 43 72 65 61 74 65 49 6e 73 74 61 6e 63 65 28 74 68 69 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 6c 6f 73 65 22 20 3d 3d 3d 20 74 20 26 26 20 65 5b 74 5d 28 74 68 69 73 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 61 74 69 63 20 68 61 6e 64 6c 65 44 69 73 6d 69 73 73 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: return this.each((function () { const e = W.getOrCreateInstance(this); "close" === t && e[t](this) })) } static handleDismiss(t) {
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 2e 5f 73 65 6c 65 63 74 6f 72 20 3d 20 6f 2c 20 74 68 69 73 2e 5f 74 72 69 67 67 65 72 41 72 72 61 79 2e 70 75 73 68 28 69 29 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 5f 70 61 72 65 6e 74 20 3d 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 61 72 65 6e 74 20 3f 20 74 68 69 73 2e 5f 67 65 74 50 61 72 65 6e 74 28 29 20 3a 20 6e 75 6c 6c 2c 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 61 72 65 6e 74 20 7c 7c 20 74 68 69 73 2e 5f 61 64 64 41 72 69 61 41 6e 64 43 6f 6c 6c 61 70 73 65 64 43 6c 61 73 73 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 20 74 68 69 73 2e 5f 74 72 69 67 67 65 72 41 72 72 61 79 29 2c 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 74 6f 67 Data Ascii: ._selector = o, this._triggerArray.push(i)) } this._parent = this._config.parent ? this._getParent() : null, this._config.parent \|\| this._addAriaAndCollapsedClass(this._element, this._triggerArray), this._config.tog
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 20 3d 20 21 30 20 3d 3d 3d 20 63 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 74 2e 78 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 20 3d 20 74 2e 79 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 20 3d 20 77 69 6e 64 6f 77 2e 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 20 7c 7c 20 31 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 3a 20 78 74 28 78 74 Data Ascii: h = !0 === c ? function (t) { var e = t.x, i = t.y, n = window.devicePixelRatio \|\| 1; return { x: xt(xt
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 65 6e 74 3a 20 43 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 75 6e 64 61 72 79 3a 20 68 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 6f 6f 74 42 6f 75 6e 64 61 72 79 3a 20 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 74 42 6f 75 6e 64 61 72 79 3a 20 75 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 63 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ent: C, boundary: h, rootBoundary: d, altBoundary: u, padding: c }),
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 7d 29 29 2c 20 68 2e 75 70 64 61 74 65 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 63 65 55 70 64 61 74 65 3a 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 63 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 61 2e 65 6c 65 6d 65 6e 74 73 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 20 3d 20 Data Ascii: })), h.update() }, forceUpdate: function () { if (!c) { var t = a.elements, e =
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 20 3d 3e 20 65 20 2d 20 74 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5f 64 69 73 61 62 6c 65 4f 76 65 72 46 6c 6f 77 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 5f 73 61 76 65 49 6e 69 74 69 61 6c 41 74 74 72 69 62 75 74 65 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 20 22 6f 76 65 72 66 6c 6f 77 22 29 2c 20 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 20 3d 20 22 68 69 64 64 65 6e 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5f 73 65 74 45 6c 65 6d 65 6e 74 41 74 74 72 69 62 75 74 65 73 28 74 2c 20 65 2c 20 69 29 20 7b 0a 20 20 20 20 20 20 20 Data Ascii: => e - t) } _disableOverFlow() { this._saveInitialAttribute(this._element, "overflow"), this._element.style.overflow = "hidden" } _setElementAttributes(t, e, i) {
2024-09-27 06:28:06 UTC	15118	IN	Data Raw: 63 65 28 74 68 69 73 2c 20 74 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 22 73 74 72 69 6e 67 22 20 3d 3d 20 74 79 70 65 6f 66 20 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 76 6f 69 64 20 30 20 3d 3d 3d 20 65 5b 74 5d 20 7c 7c 20 74 2e 73 74 61 72 74 73 57 69 74 68 28 22 5f 22 29 20 7c 7c 20 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 20 3d 3d 3d 20 74 29 20 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 60 4e 6f 20 6d 65 74 68 6f 64 20 6e 61 6d 65 64 20 22 24 7b 74 7d 22 60 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 5b 74 5d 28 74 68 69 73 29 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ce(this, t); if ("string" == typeof t) { if (void 0 === e[t] \|\| t.startsWith("_") \|\| "constructor" === t) throw new TypeError(`No method named "${t}"`); e[t](this)
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 2e 2e 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 2e 2e 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 6f 70 70 65 72 43 6f 6e 66 69 67 20 3f 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 6f 70 70 65 72 43 6f 6e 66 69 67 28 65 29 20 3a 20 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 70 6f 70 70 65 72 43 6f 6e 66 69 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5f 61 64 64 41 74 74 61 63 68 6d 65 6e 74 43 6c 61 73 73 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: { ...e, ..."function" == typeof this._config.popperConfig ? this._config.popperConfig(e) : this._config.popperConfig } } _addAttachmentClass(t) {
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 29 5b 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 20 3d 20 6e 20 26 26 20 73 20 26 26 20 73 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 66 61 64 65 22 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 20 3d 20 28 29 20 3d 3e 20 74 68 69 73 2e 5f 74 72 61 6e 73 69 74 69 6f 6e 43 6f 6d 70 6c 65 74 65 28 65 2c 20 73 2c 20 6e 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 20 26 26 20 6f 20 3f 20 28 73 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 73 68 6f 77 22 29 2c 20 74 68 69 73 2e 5f 71 75 65 75 65 43 61 6c 6c 62 61 63 6b 28 72 2c 20 65 2c 20 21 30 29 29 20 3a 20 72 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d Data Ascii: )[0], o = n && s && s.classList.contains("fade"), r = () => this._transitionComplete(e, s, n); s && o ? (s.classList.remove("show"), this._queueCallback(r, e, !0)) : r() }

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:06 UTC	645	OUT	GET /styles/bootstrap.min.css HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:06 UTC	565	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 155840 Connection: close Date: Thu, 26 Sep 2024 14:13:35 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "e3e1698ee0b774a4efa651c21fb15fcc" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: 0Ijle59D4FB9GjB0GypJBHc_6pZnBtw_W1_DOrj5YV9-h1Hg9O0yLA== Age: 58471
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 73 2d 62 6c 75 65 3a 23 30 64 36 65 66 64 3b 2d Data Ascii: @charset "UTF-8";/! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors * Copyright 2011-2021 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--bs-blue:#0d6efd;-
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 74 74 65 72 2d 79 3a 30 7d 2e 67 2d 78 6c 2d 31 2c 2e 67 78 2d 78 6c 2d 31 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 30 2e 32 35 72 65 6d 7d 2e 67 2d 78 6c 2d 31 2c 2e 67 79 2d 78 6c 2d 31 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 30 2e 32 35 72 65 6d 7d 2e 67 2d 78 6c 2d 32 2c 2e 67 78 2d 78 6c 2d 32 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 30 2e 35 72 65 6d 7d 2e 67 2d 78 6c 2d 32 2c 2e 67 79 2d 78 6c 2d 32 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 30 2e 35 72 65 6d 7d 2e 67 2d 78 6c 2d 33 2c 2e 67 78 2d 78 6c 2d 33 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 72 65 6d 7d 2e 67 2d 78 6c 2d 33 2c 2e 67 79 2d 78 6c 2d 33 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 72 65 6d 7d 2e 67 2d 78 6c 2d 34 2c 2e 67 78 2d 78 6c 2d 34 7b 2d 2d 62 Data Ascii: tter-y:0}.g-xl-1,.gx-xl-1{--bs-gutter-x:0.25rem}.g-xl-1,.gy-xl-1{--bs-gutter-y:0.25rem}.g-xl-2,.gx-xl-2{--bs-gutter-x:0.5rem}.g-xl-2,.gy-xl-2{--bs-gutter-y:0.5rem}.g-xl-3,.gx-xl-3{--bs-gutter-x:1rem}.g-xl-3,.gy-xl-3{--bs-gutter-y:1rem}.g-xl-4,.gx-xl-4{--b
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 6e 67 3a 31 72 65 6d 20 2e 37 35 72 65 6d 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 3a 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 6e 6f 74 28 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 73 68 6f 77 6e 29 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 2e 36 32 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 36 32 35 72 65 6d 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e Data Ascii: ng:1rem .75rem}.form-floating>.form-control::-moz-placeholder{color:transparent}.form-floating>.form-control::placeholder{color:transparent}.form-floating>.form-control:not(:-moz-placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floatin
2024-09-27 06:28:06 UTC	15083	IN	Data Raw: 64 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 64 36 65 66 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 64 36 65 66 64 7d 2e 62 74 6e 2d 63 68 65 63 6b 3a 66 6f 63 75 73 2b 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 35 72 65 6d 20 72 67 62 61 28 31 33 2c 31 31 30 2c 32 35 33 2c 2e 35 29 7d 2e 62 74 6e 2d 63 68 65 63 6b 3a 61 63 74 69 76 65 2b 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 2c 2e 62 74 6e 2d 63 68 65 63 6b 3a 63 68 65 63 6b 65 64 2b 2e 62 Data Ascii: d}.btn-outline-primary:hover{color:#fff;background-color:#0d6efd;border-color:#0d6efd}.btn-check:focus+.btn-outline-primary,.btn-outline-primary:focus{box-shadow:0 0 0 .25rem rgba(13,110,253,.5)}.btn-check:active+.btn-outline-primary,.btn-check:checked+.b
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 2d 72 61 64 69 75 73 3a 30 7d 2e 6e 61 76 2d 70 69 6c 6c 73 20 2e 6e 61 76 2d 6c 69 6e 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 7d 2e 6e 61 76 2d 70 69 6c 6c 73 20 2e 6e 61 76 2d 6c 69 6e 6b 2e 61 63 74 69 76 65 2c 2e 6e 61 76 2d 70 69 6c 6c 73 20 2e 73 68 6f 77 3e 2e 6e 61 76 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 64 36 65 66 64 7d 2e 6e 61 76 2d 66 69 6c 6c 20 2e 6e 61 76 2d 69 74 65 6d 2c 2e 6e 61 76 2d 66 69 6c 6c 3e 2e 6e 61 76 2d 6c 69 6e 6b 7b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 2d 6a 75 73 74 69 66 69 65 64 20 2e Data Ascii: -radius:0}.nav-pills .nav-link{background:0 0;border:0;border-radius:.25rem}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:#fff;background-color:#0d6efd}.nav-fill .nav-item,.nav-fill>.nav-link{flex:1 1 auto;text-align:center}.nav-justified .
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 73 73 2d 62 61 72 2d 61 6e 69 6d 61 74 65 64 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 6e 75 6d 62 65 72 65 64 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 3b 63 6f 75 6e 74 65 72 2d 72 65 73 65 74 3a 73 65 63 74 69 6f 6e 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 6e 75 6d 62 65 72 65 64 3e 6c 69 3a 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 Data Ascii: ss-bar-animated{-webkit-animation:none;animation:none}}.list-group{display:flex;flex-direction:column;padding-left:0;margin-bottom:0;border-radius:.25rem}.list-group-numbered{list-style-type:none;counter-reset:section}.list-group-numbered>li::before{conte
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 75 74 6f 5b 64 61 74 61 2d 70 6f 70 70 65 72 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 74 6f 70 5d 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 3a 3a 61 66 74 65 72 2c 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 74 6f 70 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 3a 3a 61 66 74 65 72 7b 62 6f 74 74 6f 6d 3a 31 70 78 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 2e 35 72 65 6d 20 2e 35 72 65 6d 20 30 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 61 75 74 6f 5b 64 61 74 61 2d 70 6f 70 70 65 72 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 2c 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 65 6e 64 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 7b 6c 65 66 74 3a 63 61 6c 63 28 Data Ascii: uto[data-popper-placement^=top]>.popover-arrow::after,.bs-popover-top>.popover-arrow::after{bottom:1px;border-width:.5rem .5rem 0;border-top-color:#fff}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow,.bs-popover-end>.popover-arrow{left:calc(
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 79 2d 32 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 79 2d 33 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 79 2d 34 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 79 2d 35 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 72 65 6d 21 69 6d 70 6f 72 Data Ascii: portant;margin-bottom:.25rem!important}.my-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-5{margin-top:3rem!impor
2024-09-27 06:28:06 UTC	16384	IN	Data Raw: 2d 33 7b 6f 72 64 65 72 3a 33 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 72 64 65 72 2d 6d 64 2d 34 7b 6f 72 64 65 72 3a 34 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 72 64 65 72 2d 6d 64 2d 35 7b 6f 72 64 65 72 3a 35 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 72 64 65 72 2d 6d 64 2d 6c 61 73 74 7b 6f 72 64 65 72 3a 36 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6d 64 2d 30 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6d 64 2d 31 7b 6d 61 72 67 69 6e 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6d 64 2d 32 7b 6d 61 72 67 69 6e 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6d 64 2d 33 7b 6d 61 72 67 69 6e 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 2d 6d 64 2d 34 7b 6d 61 72 67 69 6e 3a 31 2e 35 72 65 6d Data Ascii: -3{order:3!important}.order-md-4{order:4!important}.order-md-5{order:5!important}.order-md-last{order:6!important}.m-md-0{margin:0!important}.m-md-1{margin:.25rem!important}.m-md-2{margin:.5rem!important}.m-md-3{margin:1rem!important}.m-md-4{margin:1.5rem
2024-09-27 06:28:06 UTC	9685	IN	Data Raw: 2d 33 7b 70 61 64 64 69 6e 67 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 78 6c 2d 34 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 78 6c 2d 35 7b 70 61 64 64 69 6e 67 3a 33 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 78 2d 78 6c 2d 30 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 78 2d 78 6c 2d 31 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 78 2d 78 6c 2d 32 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 Data Ascii: -3{padding:1rem!important}.p-xl-4{padding:1.5rem!important}.p-xl-5{padding:3rem!important}.px-xl-0{padding-right:0!important;padding-left:0!important}.px-xl-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-xl-2{padding-right:.5rem!import

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:06 UTC	637	OUT	GET /styles/style.css HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:07 UTC	564	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 11622 Connection: close Date: Thu, 26 Sep 2024 14:13:36 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "d0057ba3ba52bf55a2e251cd40e43978" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: sXVyxIZy7NIl4V4yCiFsswuhEOS3LDfl26SlUI208lWKEcbY_dKlMA== Age: 58471
2024-09-27 06:28:07 UTC	8949	IN	Data Raw: 23 68 74 6d 6c 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 28 32 34 39 2c 20 32 34 31 2c 20 32 34 39 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 20 72 67 62 61 28 32 34 39 2c 20 32 34 31 2c 20 32 34 39 2c 20 31 29 20 30 25 2c 20 72 67 62 61 28 32 33 34 2c 20 32 34 33 2c 20 32 35 33 2c 20 31 29 20 33 35 25 2c 20 72 67 62 61 28 32 33 37 2c 20 32 35 31 2c 20 32 34 32 2c 20 31 29 20 31 30 30 25 29 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f Data Ascii: #html { background: rgb(249, 241, 249); background: linear-gradient(90deg, rgba(249, 241, 249, 1) 0%, rgba(234, 243, 253, 1) 35%, rgba(237, 251, 242, 1) 100%);}body { background: inherit; height: 100vh; overflow: hidden; overflo
2024-09-27 06:28:07 UTC	2673	IN	Data Raw: 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 7d 0a 0a 2e 62 75 72 67 65 72 2d 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 0a 2e 62 61 72 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 20 30 3b 0a 20 20 20 20 74 72 Data Ascii: fy-content: space-between; padding: 10px;}.burger-button { display: flex; flex-direction: column; cursor: pointer;}.bar { width: 30px; height: 2px; border-radius: 5px; background-color: #333; margin: 5px 0; tr

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:07 UTC	682	OUT	GET /img/block_2.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:07 UTC	542	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 18787 Connection: close Date: Thu, 26 Sep 2024 16:42:10 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "8942e3ff39cd6784c7c89bd6eb26d604" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: cN2DAMoKc8M2jUHeqwtGNRAD3zqh1qSvjHIv2UIYaKQ9ZGlInEy_Og== Age: 49557
2024-09-27 06:28:07 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 65 08 06 00 00 00 bb be 46 f1 00 00 24 c2 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da ad 9c 6b 96 9c 37 0e 64 ff 73 15 b3 04 be 1f cb e1 03 3c 67 76 30 cb 9f 1b cc 92 6c 49 6e bb ed b6 64 a9 4a 99 59 fc 48 02 08 44 80 a0 9d fd bf ff 7b dd ff e1 d7 c8 a1 ba 5c 5a af a3 56 cf af 3c f2 88 93 6f ba ff fc 9a ef ef e0 f3 fb fb fd aa f9 eb bd f0 e3 eb ae 96 af 37 22 2f 25 be a6 cf 3f 7b fd fa fc b7 d7 c3 f7 01 3e 5f 26 df 95 df 0d d4 f7 d7 1b eb c7 37 c6 d7 93 63 ff 69 a0 f8 f9 92 34 23 7d 7f be 06 1a 5f 03 a5 f8 79 23 7c 0d 30 e7 d7 52 46 6f bf 5f c2 b2 cf d7 af 9f ff 6c 03 7f 9c fe ca fd c7 69 ff f2 ef c6 ee 9d c2 73 52 8c 96 42 f2 fc 9d d2 d7 04 92 Data Ascii: PNGIHDRdeF$zTXtRaw profile type exifxk7ds<gv0lIndJYHD{\ZV<o7"/%?{>_&7ci4#}_y#\|0RFo_lisRB
2024-09-27 06:28:07 UTC	2403	IN	Data Raw: 3f e4 10 58 b3 a6 ec fe 8f cc 83 9c 05 4a 4e 38 1b 4d af 68 0c 7a 67 84 6d 36 ca fe 21 81 db aa 63 6d 38 71 d2 30 6a 50 c3 a8 45 6d c2 73 0e 7f 4d 19 a4 82 9c 65 f3 49 6c 54 57 c5 91 3f f4 10 88 1c 92 08 21 3c 0c eb 83 f6 59 72 bb 4b 88 4f 98 83 33 3f a2 8e a8 a8 17 af 72 b1 49 76 c0 47 63 fc bb 03 3e 91 05 fc 46 32 92 ad 1c 5c 4c da 66 ac 8f 08 4a 8b ab 01 79 a6 bc 95 a6 23 0e c3 8b dd b6 4e c9 b6 b7 b2 36 ce 37 07 a4 8a 69 de 7f bf c1 1e 49 d2 53 83 80 48 5a 5a b9 54 7e e6 c1 98 5c cd ec dd a6 e4 18 98 3a 85 a6 29 fb 56 2c ac 75 69 9a ae a8 96 90 a7 2b 1e fb b8 69 d3 28 4e 9a 8c 57 2d 5a b5 ad 28 60 34 7c f0 03 b8 71 e3 2b aa ed f1 24 49 8a d5 12 b2 2a 84 f0 18 88 78 42 0b c9 59 a7 6f d0 59 d7 68 ab aa 36 41 f3 9c 13 49 cb 41 61 33 7b a8 5a 9d 55 e8 67 Data Ascii: ?XJN8Mhzgm6!cm8q0jPEmsMeIlTW?!<YrKO3?rIvGc>F2\LfJy#N67iISHZZT~\:)V,ui+i(NW-Z(`4\|q+$I*xBYoYh6AIAa3{ZUg

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:07 UTC	684	OUT	GET /img/no_avatar.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:07 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 6043 Connection: close Date: Thu, 26 Sep 2024 16:42:15 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "d5d30f28ca92743610c956684a424b7e" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: lWnNJdXYuGzNBCP_q7iBSaS1PYfHjhtdmsSWcHn0BzeRidd9ve9oXw== Age: 49552
2024-09-27 06:28:07 UTC	6043	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 17 50 49 44 41 54 78 da ed 9d 09 70 5d e5 75 c7 1f fb 12 c2 16 68 c2 52 96 04 32 a4 50 d6 50 36 43 ca 60 37 2c 21 6d 26 90 4e 9a 96 4e 98 4c 09 4d 0a 4d 27 40 67 5a 1a 87 a4 10 28 29 81 34 03 b4 10 62 ed 92 65 c9 5a 2c c9 92 b5 59 b2 b1 6c 61 d9 f2 6e 55 28 89 58 52 08 18 03 66 33 f6 eb ff 48 0f e9 c9 7a 7a 7a cb bd f7 dd e5 77 66 7e 63 0c c6 7a ef dc 73 ce fd be f3 9d 73 be 58 0c 41 10 04 09 87 0c 0c 0c 1c bd 79 f3 e6 33 c5 a5 e2 06 71 8b f8 9e b8 c7 d8 b4 69 d3 03 fa f5 27 fa f5 61 f1 e4 96 2d 5b 9e b0 df 27 b8 ef a3 3f a7 7f ff 5d f1 75 fd f3 3c fd b9 0b 36 6c d8 f0 87 fd fd fd 87 a3 61 04 29 a0 Data Ascii: PNGIHDR\rfbKGDPIDATxp]uhR2PP6C`7,!m&NNLMM'@gZ()4beZ,YlanU(XRf3Hzzzwf~czssXAy3qi'a-['?]u<6la)

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:08 UTC	688	OUT	GET /img/banner_new_01.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:08 UTC	543	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 198020 Connection: close Date: Thu, 26 Sep 2024 16:42:16 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "fe979feb97d4ac7d44bcd547bc23d9a2" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: zHpRuOHbK4JeGuaajvE4S51_t8JsX6cv3DO9-QDvdCcrVO9AH-1SjA== Age: 49552
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 02 00 00 00 67 b1 56 14 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 80 00 49 44 41 54 78 da ec fd 79 90 dc f9 9d de f9 3d cf f7 57 85 1b dd e8 1b dd e8 26 9b c7 90 1c 36 ef 63 66 24 ed 6a 23 24 85 57 92 57 e1 f0 5a 2b c9 b1 f6 ae 37 7c 44 38 2c 87 22 d6 11 96 f7 8f 55 58 0e ad 14 76 ac 56 96 1d 5a 6b b5 23 6d cc 4a a3 d1 0c 35 1c 5e c3 7b 48 0e af e1 d1 ec fb be d1 0d 74 e3 be 81 42 55 e6 ef fb f8 8f ef 2f b3 12 e8 26 c1 06 90 28 a0 ea fd 12 d5 53 95 95 55 95 55 a8 ca ac 7c 7e 9f df f3 f1 de 63 4b 02 00 00 00 00 00 00 00 e0 6a 2b 6b 7d Data Ascii: PNGIHDR8gV cHRMz&u0`:pQ<bKGDIDATxy=W&6cf$j#$WWZ+7\|D8,"UXvVZk#mJ5^{HtBU/&(SUU\|~cKj+k}
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: d8 39 b2 1d eb e0 59 d7 be 5d 5e 49 9f 01 00 b8 36 78 a2 0b 00 c0 5a 70 ad 96 5c 5b ef e4 91 33 59 19 59 aa 6b 7d b3 00 00 58 47 8a 35 2d e2 a8 71 b4 d2 6b 69 34 a9 7e 4e 34 53 d3 01 00 00 e6 84 00 1a 00 80 b5 31 dd 80 d4 c9 e7 47 65 d4 57 1e 97 01 00 b8 ba 1c ab 46 4e ec 16 38 47 45 92 5d 3a 0d d1 33 4d d0 00 00 cc 15 4f 74 01 00 58 03 d3 f5 47 9d dc 2b cc 3e 03 00 70 35 15 4b 76 24 45 92 86 f8 39 49 a4 5a da 65 89 48 9f 01 00 98 bf 85 b5 be 01 00 00 6c 44 d3 f1 e7 7e 58 85 24 b6 21 01 00 70 d5 d4 16 2e bf e5 db 4a 6d c9 f4 6c 41 07 00 00 98 1b 26 a0 01 00 58 03 d3 79 ab 96 3b ab d6 22 31 07 0d 00 00 00 00 58 67 08 a0 01 00 58 03 6d de 6a 3a 75 35 bc 50 ba b5 be 5d 00 00 00 00 00 5c 4d 04 d0 00 00 ac 8d d9 d2 c9 aa d2 87 53 80 01 00 00 00 00 eb 0d 01 34 Data Ascii: 9Y]^I6xZp\[3YYk}XG5-qki4~N4S1GeWFN8GE]:3MOtXG+>p5Kv$E9IZeHlD~X$!p.JmlA&Xy;"1XgXmj:u5P]\MS4
2024-09-27 06:28:08 UTC	12288	IN	Data Raw: e6 a7 65 69 ad 96 c9 97 07 d7 88 82 19 ac a0 82 60 b0 68 bc cf e2 65 0d c7 59 75 50 10 ac 98 39 81 f9 09 c5 2c 56 70 71 43 53 9d 6b 87 71 fa d4 d1 d6 dc 74 a3 6f 90 a0 2e 7f c0 80 e3 ac 04 52 3c 71 88 b5 13 6b c6 fe bc bd dc 3b 75 15 99 3f 7a fc 89 ef f9 c9 b9 a7 9e 83 51 08 31 ac 99 0a 81 30 c5 3c 6c 40 42 55 e2 0a bc 00 00 80 00 49 44 41 54 39 89 71 41 aa 06 c0 20 18 8a 14 24 47 a4 84 0d 20 75 62 19 50 48 32 28 08 32 12 90 0a 5a 9c 58 91 36 12 08 22 5e 6c 4c f5 24 91 91 81 8c 75 0c 5b 2f bf fa e4 b7 ff c8 9e 7f f3 bf 0c bf f5 4d 2c c7 5e 9f 27 b8 c3 71 1c c7 b9 ee 70 01 da 71 1c 67 01 d1 88 51 1a f4 92 6d 24 66 ea 01 38 f4 f1 4f 74 e6 e6 7a eb f5 33 2a a6 14 62 70 72 f4 41 03 ea d5 56 94 fe ef 82 54 76 e9 c9 19 fb f4 d3 76 ce 99 b9 e7 c1 22 7a a3 3c aa Data Ascii: ei`heYuP9,VpqCSkqto.R<qk;u?zQ10<l@BUIDAT9qA $G ubPH2(2ZX6"^lL$u[/M,^'qpqgQm$f8Otz3*bprAVTvv"z<
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: f9 d4 be fa b1 93 55 88 f3 60 7f 3f fa fb e3 63 93 b3 23 ce 95 89 86 0e a1 35 74 f7 fe a9 87 b3 b2 f9 31 2e 5a a2 e9 39 40 24 24 94 a3 5d ca db 4d 52 f9 f3 05 96 54 69 8c 3a d0 d7 58 77 df 6d 3f 53 af 8f c4 a1 33 5d cf ca 5c 2b 1c 3b 1e 5d c0 8b 1a 75 57 c9 bb 65 60 b1 31 43 ae b4 bb a5 fe 7b ad a6 c2 f4 58 9e 7b 76 2f 08 76 a1 d7 96 f2 04 41 f6 ef 7f 79 f6 a5 57 e7 6e db 7d 6d 76 f5 bc c4 e5 71 9e 21 a7 3a 30 a8 90 8c af a9 83 d6 71 56 1e 46 a5 61 a6 01 b0 c6 f6 37 cd 3d ff 27 dd d3 82 b3 c2 20 79 c3 dd 0f 19 a8 a0 6a 94 d8 e2 9c 98 8e b3 72 c8 88 5a b6 c8 50 8b 2b 41 12 4a 97 80 e6 db f3 af 1c 38 6b b6 1e 00 06 d5 b2 1e 13 83 34 df 29 4c 08 c8 2e 3e 6f f0 bc 4f 77 12 f9 09 65 d5 64 11 02 af a5 7d 8a 60 d1 23 8c d7 98 dd 5e df 32 64 7d 92 ba 21 66 0c c3 Data Ascii: U`?c#5t1.Z9@$$]MRTi:Xwm?S3]\+;]uWe`1C{X{v/vAyWn}mvq!:0qVFa7=' yjrZP+AJ8k4)L.>oOwed}`#^2d}!f
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 0a 0c b1 69 72 a9 87 a5 a4 09 84 47 8e 25 05 3c a4 78 90 25 db fe ec 5c eb d8 89 a8 b9 1b 18 e6 67 da 87 8f 86 b0 b4 29 d6 2b 8b b8 aa 51 d5 0b 29 a8 10 cf 7a c5 ab e4 2f f6 dc bf 84 b3 a6 b7 c3 e2 08 79 c0 58 7d 8d 72 e4 85 da e9 47 62 f4 86 24 80 0c 62 58 fc 1f 55 75 15 6a a0 c9 7a 16 96 3a 05 dd 71 1c c7 71 ae 73 06 1b 61 89 7a e7 56 1d aa 8a 19 13 b2 f9 53 59 6b b2 1b dd 93 fe ff 35 a8 ca 48 26 c9 bb 5b 22 66 6c 8e 36 87 b7 0f 0e ed 18 b2 3a bb b2 38 cb 46 ba 20 58 86 ac 89 bc 1f 3d 55 59 61 8d c2 fa 00 98 8f 16 74 1c c7 59 9d b8 00 ed 38 2b 8b de e8 d8 58 5d ad 5f b7 f6 b6 3d bb c1 2c 16 8e 64 77 de fd 6a 81 64 14 1f c5 00 a1 98 3d 09 4a 17 d1 d3 c4 43 c7 a6 0e 1d 9f 8c f9 78 45 4f 19 bd 84 d4 0e 1d ed 1e d2 90 54 c5 25 41 33 b3 6a b7 62 5a 43 0c a0 Data Ascii: irG%<x%\g)+Q)z/yX}rGb$bXUujz:qqsazVSYk5H&["fl6:8F X=UYatY8+X]_=,dwjd=JCxEOT%A3jbZC
2024-09-27 06:28:08 UTC	11977	IN	Data Raw: c6 3b d5 29 01 a9 50 ea d9 71 db 3d 23 7b f6 2f 4c 5e 98 3c f9 da c2 f4 b8 6d 35 d3 16 24 10 3a aa 34 6d d2 58 9a 3b f7 ea b3 93 27 0e 0f ed ba 65 eb fe db 7a 87 b6 b2 58 24 d0 e8 bb 2d 29 56 99 ad 19 0d d7 68 20 10 d8 20 82 00 1d 08 74 31 99 68 e5 7e 7d ef 13 0f 7f fe 4b 4f 5a db f5 8e 48 d9 38 a9 cf 46 d5 61 88 12 60 44 19 d1 3a a3 af 6b 9d 6d 84 33 e7 17 ce 4d 2e de b6 b7 08 41 89 ed 7d f9 28 65 7d 74 85 20 f3 b6 0b 73 ee cc db a5 e5 7c 31 47 12 95 a2 bd 30 41 9b b8 25 73 de a1 0c 85 a6 1f d7 99 7c 8f c7 92 1d dc 36 f7 7d cd e8 52 c2 16 73 29 ce 2e d1 65 8d 5b 07 04 0b 31 52 a5 14 6f 25 8b 62 36 34 b5 a4 81 fc 90 18 39 cf 35 05 19 46 f5 7a f1 d2 54 7b eb 48 26 3a 67 5e fe 2b bf 2d c9 bd 43 3c 3d 65 45 18 44 37 af 7d 2a 10 08 04 02 81 1c 24 47 2a 09 00 Data Ascii: ;)Pq=#{/L^<m5$:4mX;'ezX$-)Vh t1h~}KOZH8Fa`D:km3M.A}(e}t s\|1G0A%s\|6}Rs).e[1Ro%b6495FzT{H&:g^+-C<=eED7}$G
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: bb 68 08 e8 e4 2c 7a 8a 18 ea 01 4c 66 43 46 22 2c b5 8a fd e5 d8 20 71 e1 7b d9 76 1a 89 39 3a 59 50 67 c7 f2 c2 77 27 8b dc 71 ca dc 76 a6 72 68 97 3d 79 67 fb c9 3d 3a de ab 05 30 93 b9 fd 0b 45 d0 f5 ff f0 3f d9 42 f9 54 f1 8e af 17 3e 3e c7 61 00 bd c5 64 b0 62 23 30 91 c6 46 07 3f f8 de 87 bb 6b a4 16 08 04 02 57 20 08 d0 81 c0 e6 64 65 47 35 91 7c ff 7b 1e f9 cd df f9 13 c0 05 8a d9 ac 37 5b 77 95 35 92 6c 7d ba d0 bf d3 ba 88 5b 31 a2 24 6b d3 f1 07 49 0b ce ab ef 17 4e dd 61 1b d3 20 b3 58 0c d1 a0 06 5e b4 92 37 26 e4 63 04 d3 fc 5c 8a c0 92 fe d3 b8 0b 43 b0 30 c4 65 da a9 a7 ad 44 e4 e2 e0 88 6f be 51 d6 db db 70 12 e8 12 7f b3 74 3c 81 d1 07 46 87 ff e4 03 8f 03 80 d5 0a 01 d3 ea 66 4e e1 90 64 48 a6 fd 26 d7 b0 01 93 36 24 04 61 89 33 b5 af Data Ascii: h,zLfCF", q{v9:YPgw'qvrh=yg=:0E?BT>>adb#0F?kW deG5\|{7[w5l}[1$kINa X^7&c\C0eDoQpt<FfNdH&6$a3
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 7f 84 cb ea b4 90 4c 9d 73 aa 5c 31 65 b6 28 43 4b 14 45 b5 4a 49 44 c8 d5 50 9f c3 6e 8a 0a 71 a6 ee 26 a7 cd a0 ba 9c 62 bd 50 52 de 72 2b 62 6b 0e 14 98 af f3 cc 22 17 5b 84 3a 32 f5 9a b3 40 29 f0 53 43 a8 ea 33 5d e0 c4 f4 07 c3 30 0c 4f b0 0c ab 2f 2d 02 40 3a 96 05 e1 ee 11 71 c8 47 f5 fa 51 7d ee 64 55 87 3a da 18 ac e8 8b af 6a 8b eb 94 b0 5b 6c c1 6f fc 85 8b a1 c6 aa 13 7c c4 5b 06 d3 97 ee e2 83 27 e3 33 8b d1 e9 89 99 8f 7e fa be e9 f9 85 30 4c a2 de f9 1c 52 9e 9b b3 47 db d3 47 98 66 df ae 8a 38 e1 c5 6b d0 42 84 5f 80 2f 90 d8 9c 6f b6 16 e2 fa 74 65 d3 b5 a8 0d 15 0c 2b 0a b8 4f 7e e3 e0 f8 70 e9 ef bd fb 3a 17 d1 fb 3a ec 8c 32 0c 63 7d 63 3d 4e c3 30 3a 8a 24 9d 38 e1 cb 6f d9 fc d1 af 1f 3d 87 4f b6 f0 ae 76 ab 3d 7f d2 ab 8a e2 22 bf Data Ascii: Ls\1e(CKEJIDPnq&bPRr+bk"[:2@)SC3]0O/-@:qGQ}dU:j[lo\|['3~0LRGGf8kB_/ote+O~p::2c}c=N0:$8o=Ov="
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 34 36 fa f3 54 88 33 8b 38 31 8f ac 3c 09 55 40 a4 b7 ec c0 8b af d2 4b 6e b9 f9 5d 9b ae 63 a6 19 e4 6c 5f 84 b0 5a 42 25 62 16 e1 25 17 a2 44 fb f2 d6 00 66 66 66 7e ef 37 7f eb de 7b ee d6 76 42 e9 5d ee fb 7a 84 d0 64 fa 40 7a ea e1 f6 a9 47 d3 c9 c7 b5 39 b7 76 05 7d 6a 9a 29 33 21 4b 44 5c 47 80 7e be 53 5a 49 3e 7b f0 d4 ff f5 cb 9f 38 3e 31 a3 62 41 e1 86 61 f4 29 d6 31 36 0c a3 e3 7b 02 dd b7 1f 39 73 72 ba e9 47 dd a5 d0 cd a0 38 c0 e9 3a a9 bf d7 d1 d0 db 33 87 93 e6 5c f1 20 90 7c fd 4b 6f 7c ef db 5e 1c 02 31 ad 01 b7 fe 91 dc 54 e5 1d 6a 78 de 6c d6 50 b7 aa d3 1f a8 56 ab 63 9b 36 87 d5 d9 29 63 18 46 9f a0 d4 6c 04 59 41 40 f6 95 9e fc a7 03 3f 7a 73 7c 77 7e 05 63 16 fe e0 52 ce 9f 9e 3e f5 ec c1 a5 b9 a5 e2 3a 6c 1c f6 5c e4 b5 25 01 24 Data Ascii: 46T381<U@Kn]cl_ZB%b%Dfff~7{vB]zd@zG9v}j)3!KD\G~SZI>{8>1bAa)16{9srG8:3\ \|Ko\|^1TjxlPVc6)cFlYA@?zs\|w~cR>:l\%$
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 07 82 2b 3e 5b fc d3 93 b2 dd 14 ec b5 4a 62 03 5d 42 ce 74 5e 02 55 52 e5 f4 de 8b 3e b2 67 d7 6f f8 89 76 56 78 0a 00 01 54 15 53 43 3a 33 16 4a a5 61 0f 34 2a 22 50 08 7e a9 5a cd 17 a3 1b 96 12 da 69 72 67 f2 21 00 97 ac 92 37 ee 08 d8 53 23 16 85 6d a6 d6 89 e7 14 02 d0 64 ff 91 13 2f 3e 5f 29 15 01 f8 7e 65 e4 d0 9e 91 23 2f c0 7e 82 14 77 18 ab c5 47 86 66 14 e6 a3 8c f9 41 13 7b 64 4a 98 a9 ea e9 d5 3d 25 55 8a 6f fa 6a ec df 53 7e 38 73 44 43 0a d2 9d 1c 97 bd a8 b6 ed b1 d8 fc a7 1f 7a d5 d5 97 6c b4 9e b9 5a eb 19 47 03 99 e5 ae 46 44 5e 2a c7 d6 a5 5b cc de 9d 96 a6 cc f6 c9 79 14 27 5f 22 24 12 a0 ed 76 23 73 63 92 d4 bf 79 ef 53 a6 1b c3 28 1c bb 01 13 3d 53 57 01 de 5d ff 0e 87 e3 dc 59 51 da 81 c3 e1 30 78 a0 20 08 be fe c0 80 68 e4 21 20 Data Ascii: +>[Jb]Bt^UR>govVxTSC:3Ja4"P~Zirg!7S#md/>_)~e#/~wGfA{dJ=%UojS~8sDCzlZGFD^[y'_"$v#scyS(=SW]YQ0x h!

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:08 UTC	683	OUT	GET /img/save_img.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:08 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 7550 Connection: close Date: Thu, 26 Sep 2024 16:42:18 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "8d3bcd1278891fc1e52d38e72549b3d0" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: bQXElX5mt4wTer8WrLUyvlQ5k9a87G7ZcsN880W_LHV7Ff0g1j-ieg== Age: 49550
2024-09-27 06:28:08 UTC	7550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 78 00 00 00 78 08 03 00 00 00 0e ba c6 e0 00 00 02 fa 50 4c 54 45 c3 e2 c9 b5 dc bb b0 da b8 a9 d6 b2 a6 d4 ae a2 d2 aa 9d d0 a6 9a cf a4 98 ce a3 c3 e1 c9 99 cf a2 ef bc 57 fc f2 df fc f4 e3 fc f2 e1 fb ec d0 ac 4d 00 fc f1 dc ff f5 df ff f9 e4 fa e6 bf ff ff ef ff ff f7 ff fd ea f8 e2 b7 eb dc c6 c3 af 9a 96 7c 6b 7e 60 50 a8 8f 7b ce c0 aa fd f1 dd e1 d3 be 8c 6d 57 4e 27 15 37 0f 03 3e 16 07 55 2e 18 5f 39 26 fc f1 da 48 20 10 2d 07 00 43 1b 0a 6c 49 34 ff f4 da 24 01 00 4a 23 12 f8 c9 54 d9 ca b3 45 1f 0f af 99 87 f7 ed da a0 75 4b ea b9 47 7f 56 35 f2 c1 7f eb bb 7b ac 87 54 91 67 42 de ae 73 e3 b4 77 de af 73 de b0 75 d9 ab 71 de ad 6e be e0 c4 e2 ac 68 b2 f0 d9 bb de c1 b8 dd bf b2 60 16 b6 Data Ascii: PNGIHDRxxPLTEWM\|k~`P{mWN'7>U._9&H -ClI4$J#TEuKGV5{TgBswsuqnh`

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:08 UTC	678	OUT	GET /img/doc.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:08 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 5723 Connection: close Date: Thu, 26 Sep 2024 16:42:22 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "95382a6dab40d5911185a921c53e6f6b" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: UpMOyXcpjZjiiaREF33eZ0ORfzKBJNBA-cRoBm2ewDAj7-NZqYpwSw== Age: 49546
2024-09-27 06:28:08 UTC	5723	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3c 00 00 00 3c 08 06 00 00 00 3a fc d9 72 00 00 16 22 49 44 41 54 78 5e c5 9b 6b ac a5 57 79 df 7f cf 5a 6b ef 7d f6 99 73 9d 61 2e 1e cf d8 78 3c b6 42 cc a5 83 12 15 4c 88 1c 6a 0a 84 02 09 90 96 24 25 55 3f 44 91 7a 51 0b 91 10 97 24 6d 2a 12 a2 88 24 52 a9 d2 2a 10 68 55 11 28 a9 d3 a2 60 e3 d4 2d c1 34 24 84 5b a8 cd 4d b1 0d b6 c7 e3 f1 dc 2f e7 cc 39 67 bf ef bb d6 13 b1 9f 47 6b e9 c8 42 11 02 d4 25 ed 79 df f3 ee f7 dd 7b fd 9f eb ff 79 9e 3d 32 dc f7 f6 53 e4 7e 19 14 44 40 22 48 00 cd 10 46 88 08 5a 7a 44 22 00 84 04 65 80 b4 00 25 a3 b9 03 01 10 44 02 a8 a2 5a 90 38 46 f3 0c b4 80 2a c4 91 9d 4b b0 f7 fa 2d bb 2e c1 5e 28 e4 01 42 b4 fb 8a 9f 2b 10 42 fb ce 3c 80 66 7c b5 fb 11 3b cf bd Data Ascii: PNGIHDR<<:r"IDATx^kWyZk}sa.x<BLj$%U?DzQ$m$RhU(`-4$[M/9gGkB%y{y=2S~D@"HFZzD"e%DZ8F*K-.^(B+B<f\|;

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:08 UTC	689	OUT	GET /img/meta-logo-grey.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:08 UTC	543	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 105511 Connection: close Date: Thu, 26 Sep 2024 16:42:22 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "ffba640622dd859d554ee43a03d53769" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: tU1mq1vggqx_yYL4ZKhxmgSMIpIj-ebMWPMMOUeTHOnNm1bikl1Xwg== Age: 49546
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 84 00 00 00 f0 08 06 00 00 00 58 15 aa 71 00 00 14 a9 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da a5 9a 69 96 1b b9 95 85 ff 63 15 5e 02 e6 61 39 00 1e 70 4e ef c0 cb f7 77 41 4a 2e a9 ca c7 5d dd 4c 25 49 91 11 08 e0 0d 77 40 a4 3b ff fc 9f eb fe c1 23 0f 5f 5d 2e ad d7 51 ab e7 91 47 1e 71 f2 a6 fb cf 63 be e7 e0 f3 7b 7e 8f 9e 7d fa 7e fa cb e7 ee 7e cf f1 91 8f 74 48 fa 9e 50 3f af e1 c7 e7 df 13 7e bc 86 c9 bb f2 87 81 fa fe 7e b1 7e fd 62 e4 ef f8 fd b7 81 e2 e7 25 69 46 7a 6f df 81 c6 77 a0 14 3f 5f 84 ef 00 f3 b3 2c 5f 47 6f 7f 5c c2 3a 9f 57 fb b1 92 fe f9 75 7a ca fd d7 69 ff e9 ff 8d e8 59 e1 3a 29 c6 93 42 f2 3c a7 f4 9d 40 d2 6f 72 69 f2 45 e4 Data Ascii: PNGIHDRXqzTXtRaw profile type exifxic^a9pNwAJ.]L%Iw@;#_].QGqc{~}~~tHP?~~~b%iFzow?_,_Go\:WuziY:)B<@oriE
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: bf de ca fa d2 5a 43 69 90 2b 88 20 14 84 c3 ae 29 de 2a 6f f4 c7 2b 56 9d 76 cb cf 6e ff 63 6b f9 7d bd 73 67 0d ec de bb 0f 51 54 40 5f 5f 2f ea f5 3a e2 66 8a 42 14 81 18 b9 28 f0 bd 05 3b 6f ac 2f 7f c1 f7 72 f5 f6 a1 7a 12 aa 43 f6 2a 9c 22 ee 0e f1 6f 75 ee 30 b7 ff 6f ef 76 e1 05 0c 11 92 66 0c a5 14 8c 31 d0 9a 40 ca e7 ed 37 9b 4d df 0b af 58 44 21 2a a2 56 ad a2 50 28 a2 18 46 73 ab 13 63 1f 5c ff dc 73 95 af 5e f7 fd bf de ce fc c4 52 a2 e6 6b 31 7e 2b ee bf 7f d9 9d 2b ee f9 e3 6a a3 f9 a1 d9 73 e7 2e 49 ad bf 69 18 56 c8 52 07 b6 29 2a 95 0a 9a 71 8c 89 6a 0d a5 52 09 a9 75 53 c6 8c 27 8b 74 40 79 5f c2 e9 4d e8 3b 9d 43 eb d5 1a b4 26 18 13 22 32 21 88 34 9c 4d 91 c6 4d 64 36 41 18 14 40 6c f3 01 70 b9 0b ac b7 92 d7 79 aa 68 cb d5 b5 73 2c Data Ascii: ZCi+ )o+Vvnck}sgQT@__/:fB(;o/rzC"ou0ovf1@7MXD!VP(Fsc\s^Rk1~++js.IiVR)qjRuS't@y_M;C&"2!4MMd6A@lpyhs,
2024-09-27 06:28:08 UTC	12288	IN	Data Raw: 70 ee 14 91 c9 0b 3a d0 2f a5 48 69 a3 ee f5 2c 22 cf 60 b7 08 52 a0 ee c6 53 a4 62 77 ee 11 4c 48 ac 86 ef fb a8 87 21 98 19 95 52 19 d6 5a d4 c3 10 be ef a3 5c 69 49 15 a1 45 b1 14 b4 9d 5c 1b a8 4f 7b e3 ad b7 ce da b5 b7 fb f2 d5 6b 5e 5d fc e6 ae 81 47 0f 2a f0 53 d4 ad 49 62 3b b4 4d 4a 20 82 25 4e a3 d9 34 c8 d5 21 1a 8b 23 f5 1c 20 8d 10 66 a9 1a 6e 9f 68 2b 60 12 0d 26 81 d8 08 59 24 53 18 07 84 23 6f 32 ef bf 7e e5 6b d7 91 f0 ce 16 02 05 26 99 56 90 a0 dc a3 7d 30 c5 4b 79 04 30 98 19 bc be ef a1 da df 0b ab fd 5d e5 52 cb b2 ab af 9c ff 04 11 9d d0 92 6c 44 a4 9f 5a bd fa 89 7b ef 79 f8 e4 ee 9e da 34 b2 74 3a 81 a9 98 0a c9 24 da c9 ae 1f e9 34 c2 81 fe 5e 68 1d 47 d3 a7 4c 79 fd 82 8b 2e b8 73 e1 9c 39 6f 8d c3 be d1 db 49 27 b5 75 df 7c f3 Data Ascii: p:/Hi,"`RSbwLH!RZ\iIE\O{k^]G*SIb;MJ %N4!# fnh+`&Y$S#o2~k&V}0Ky0]RlDZ{y4t:$4^hGLy.s9oI'u\|
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: ce ce ce 15 cf ae 7c 75 d2 3b ef ee b9 ea e8 d1 ae a5 02 b8 3c f4 83 79 80 6c 25 69 20 20 2b 54 fc b5 76 b7 2a d5 50 b1 04 03 12 77 c9 df 0b 25 21 a4 84 d6 06 fd 85 7c 44 a4 e1 7a 28 14 4b c8 f7 f7 65 1a b2 99 6b 0e ee d9 ff 99 ef 7f ff a7 7b 3f fb d9 07 76 8e c5 b3 fb d6 b7 7e 2f 0f e0 99 ef ac 5d bb aa 69 c7 8e 54 77 b7 ef 89 34 a7 42 22 d7 96 8c 72 91 71 c2 8c 75 d2 01 3b c6 81 6b 1d e5 92 0f d7 48 76 e0 6b 47 32 8b b2 b0 44 21 11 a4 0d 53 75 69 13 6a 9d 72 dd 94 ec 38 70 60 49 c7 ee 7d 1f 83 70 db 94 72 4f 2a 48 1e 8e 43 22 f1 25 4c 18 74 66 b3 de 4f e6 5e 34 ed a1 de 20 1f d6 19 87 a5 0c 29 24 92 42 2b 2d 65 48 45 cb c6 31 86 1d a7 9e 01 20 0c 25 95 ea 0b a2 be 64 85 96 19 52 46 a8 02 e5 a5 20 57 32 2b e1 b0 2f 8c 31 c4 9c 12 91 cd 36 14 b2 14 e9 34 Data Ascii: \|u;<yl%i +TvPw%!\|Dz(Kek{?v~/]iTw4B"rqu;kHvkG2D!Suijr8p`I}prOHC"%LtfO^4 )$B+-eHE1 %dRF W2+/164
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 1d 0f 49 25 82 b5 16 2e 6b c1 65 ad 7d e7 9e 7f e6 f7 3f 7f c7 c7 56 8d 66 82 7b ee 39 2f c1 fd 5f a9 06 a4 e9 e9 e9 7a 96 fa 2d 10 9b 30 db 9e dc f7 f1 75 47 f7 ff a5 08 d2 03 b4 7b e9 a8 3a c9 d3 a8 3e 78 f8 03 67 9e 39 83 d3 70 ed dc b5 cb 79 cd 1b 33 53 53 1e ea c1 a4 85 7c 48 7f 3d a2 fd f1 01 3a 9f 6f c9 22 32 31 8c f0 c0 f4 44 73 17 80 55 6f ef d7 a2 73 f8 64 bb a8 7b 47 4c ba f7 46 d5 98 74 dd 07 84 a3 a3 8d 81 3c cb 46 f2 dc c7 22 e5 e7 e5 2e 9a 9d c5 54 aa 3a 03 e7 72 84 ab 24 4a cf 5d 3e b5 79 68 78 ef 7a 24 a3 2f aa 83 4f 2e e5 6b 56 55 d5 90 78 2c 43 81 99 94 20 54 e2 e0 af ee 5a b1 37 30 f5 e6 9b 55 ef f2 21 25 b2 21 2b 11 40 43 7a 0d e0 89 1a c1 4e 67 23 04 84 26 87 fa a9 33 36 6d 19 3f 5d 83 c1 7b 1f 7f 6e d7 af 9e fd f5 ff c8 84 cb 86 86 Data Ascii: I%.ke}?Vf{9/_z-0uG{:>xg9py3SS\|H=:o"21DsUosd{GLFt<F".T:r$J]>yhxz$/O.kVUx,C TZ70U!%!+@CzNg#&36m?]{n
2024-09-27 06:28:08 UTC	16384	IN	Data Raw: 89 28 d9 1e b0 9d 93 a1 6d d0 3e 3f 27 22 b0 b0 1a 5e 99 a8 f0 8b 77 dc 32 f6 e3 9f fe e8 45 25 9a 54 d5 6d a0 f2 bd 29 66 4d 7e 99 08 d7 1e a7 88 db ff 67 05 bc 0a 2c 59 28 87 0a 4f 62 0d c4 79 28 f9 b3 5f fa ed 8b b7 ec db b7 ef c9 dd bb 77 1f 7c 2f 94 da 18 cb fa 48 98 c8 87 6e b1 42 27 1e 37 78 d1 be f2 de ab 5f 45 15 c6 30 c8 7b 9b ce 34 b7 16 01 e1 ba a7 42 fa d0 45 17 8d de 39 38 f0 52 9e e1 66 ef 7d bd 04 1a 2c b9 3b fb 15 0e 4e a4 15 d7 7b 8f a1 ca e0 40 6b 7a e6 d2 c7 1f 7d f2 2a 00 fb 4f b7 60 10 00 9e b8 e7 c9 33 0f 1d 3d 7c 43 14 27 c3 5e 34 74 2c cc 23 6f 27 6f 08 84 68 0d e0 05 ac 68 40 78 f6 ae 5d 0d f7 c8 53 47 23 8b 14 c2 15 43 0c 61 80 da 4e 79 61 14 45 0b 85 c0 8b 32 88 9d b3 84 6d 02 64 63 76 bc 75 e4 c8 2d 7b f7 ee 7d 1c c0 9a 6b 25 Data Ascii: (m>?'"^w2E%Tm)fM~g,Y(Oby(_w\|/HnB'7x_E0{4BE98Rf},;N{@kz}*O`3=\|C'^4t,#o'ohh@x]SG#CaNyaE2mdcvu-{}k%
2024-09-27 06:28:08 UTC	11303	IN	Data Raw: 7e be 66 ce 06 ab 74 0f 21 87 45 e0 83 9c 99 34 40 53 7c 30 48 7d fa 0c 4b e5 22 3c 47 c0 75 05 64 14 c0 73 38 a0 e3 a0 b3 ab fd d5 f1 a3 c6 3e 78 e5 c7 2f 5f 42 44 61 d8 53 28 79 8c 49 c1 00 5b c8 4b f6 a3 41 92 0b 15 fd c2 03 9a 13 71 d4 e3 b1 61 99 35 bc e2 8a f9 5b 66 9e 73 f6 cf 82 52 f9 69 55 0e f6 58 e7 db 6a 05 3a 2e 47 36 6b b5 85 12 a6 8b 01 46 ca 4c d5 66 89 a1 57 06 6b ab 7b 83 19 5f 6d 45 b0 bf 11 50 bf 6b a0 91 0c 9e 99 aa c9 a8 24 d9 14 c6 08 8d f5 75 e8 ea 68 db 15 86 c5 47 67 cf 3e eb a6 2f dd f8 b1 55 23 ee d3 91 cf 50 fe e9 d7 7e f7 f1 c9 27 4d fd 41 47 67 fb 8a 8c 23 8a 42 30 c4 32 04 e7 04 47 30 08 a7 fa a0 d7 95 20 b1 7f e6 7a ff 9b db e1 8a 32 52 fb c4 e0 57 7f 7b 4e 75 08 b5 46 53 53 03 7a 0b dd 70 5d 07 f9 6c a6 a3 dc d5 fd ec 19 Data Ascii: ~ft!E4@S\|0H}K"<Guds8>x/_BDaS(yI[KAqa5[fsRiUXj:.G6kFLfWk{_mEPk$uhGg>/U#P~'MAGg#B02G0 z2RW{NuFSSzp]l

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:08 UTC	646	OUT	GET /v2/free/self/ HTTP/1.1 Host: api.db-ip.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:09 UTC	742	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:28:09 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close access-control-allow-origin: * cache-control: max-age=1800 x-iplb-request-id: A29E9FD1:A3B2_93878F2E:0050_66F65079_2876EB93:4F34 x-iplb-instance: 59215 CF-Cache-Status: EXPIRED Last-Modified: Fri, 27 Sep 2024 06:28:09 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QiVte%2FAIDw4%2FVct99vGGNau3%2Fu94oHmlHb0qEYD%2FMTgro4oMV2v5oHzqzSMKIam8YNmSg60IwciowkpGOgMMwlsV2O1%2BhyfeIpDFygB4yd%2FAWCOsjCcuA%2BaIKMq2QY4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c996e94486932c7-EWR
2024-09-27 06:28:09 UTC	246	IN	Data Raw: 66 30 0d 0a 7b 0a 20 20 20 20 22 69 70 41 64 64 72 65 73 73 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 73 74 61 74 65 50 72 6f 76 43 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 73 74 61 74 65 50 72 6f 76 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 0a 7d 0d 0a Data Ascii: f0{ "ipAddress": "8.46.123.33", "continentCode": "NA", "continentName": "North America", "countryCode": "US", "countryName": "United States", "stateProvCode": "NY", "stateProv": "New York", "city": "New York"}
2024-09-27 06:28:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:09 UTC	688	OUT	GET /img/fb_round_logo.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:09 UTC	542	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 42676 Connection: close Date: Thu, 26 Sep 2024 16:42:24 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "81bb5cf1e451109cf0b1868b2152914b" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: FiJQqQd30iqITnvtaYTyYV4vRF6lYXAsaQ8xw4WSE8XDLL6C1xgw5g== Age: 49545
2024-09-27 06:28:09 UTC	15291	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 04 b0 08 06 00 00 00 eb 21 b3 cf 00 00 01 85 69 43 43 50 49 43 43 20 70 72 6f 66 69 6c 65 00 00 28 91 7d 91 3d 48 c3 50 14 85 4f 53 b5 22 15 07 3b 88 08 66 a8 4e 16 44 45 04 17 ad 42 11 2a 84 5a a1 55 07 93 97 fe 08 4d 1a 92 14 17 47 c1 b5 e0 e0 cf 62 d5 c1 c5 59 57 07 57 41 10 fc 01 71 75 71 52 74 91 12 ef 4b 0a 2d 62 7c 70 79 1f e7 bd 73 b8 ef 3e 40 a8 95 98 66 b5 8d 02 9a 6e 9b a9 44 5c cc 64 57 c4 d0 2b c2 e8 a0 9a c6 a0 cc 2c 63 56 92 92 f0 5d 5f f7 08 f0 fd 2e c6 b3 fc ef fd b9 ba d5 9c c5 80 80 48 3c c3 0c d3 26 5e 27 9e dc b4 0d ce fb c4 11 56 94 55 e2 73 e2 11 93 1a 24 7e e4 ba e2 f1 1b e7 82 cb 02 cf 8c 98 e9 d4 1c 71 84 58 2c b4 b0 d2 c2 ac 68 6a c4 13 c4 51 55 d3 29 5f c8 78 ac Data Ascii: PNGIHDR!iCCPICC profile(}=HPOS";fNDEB*ZUMGbYWWAquqRtK-b\|pys>@fnD\dW+,cV]_.H<&^'VUs$~qX,hjQU)_x
2024-09-27 06:28:09 UTC	16384	IN	Data Raw: 2b 25 b9 63 7f 55 ff dc 07 67 ca ae 59 dd 57 00 00 0d 98 49 f2 d3 dd 5e ff d0 76 2d c0 76 ee c0 7a 2e 26 f9 03 40 e3 aa 2a f9 c2 d3 33 83 67 ee 6e cf a8 06 00 40 63 9e 4d f2 89 ed fa cd 6f cb 00 ab db eb b7 93 fc 78 ec 3c 08 00 8d aa 4b f2 c0 e1 d6 f0 8f 3d 3b 53 75 5a 06 b7 03 00 34 68 77 92 9f ef f6 fa 07 b6 e3 37 bf 5d 3b b0 de 13 13 fc 01 a0 71 9d 56 f2 93 ef 9f 29 0f 1e 69 75 54 03 00 a0 71 1f 49 f2 fc 76 fc c6 b7 5d 80 d5 ed f5 3b 49 7e 3a c9 3d ce 7b 00 68 ce b0 24 8f df de 1e 7e f1 99 99 24 ba af 00 00 c6 60 4f 92 9f d9 8e 5d 58 db b1 03 eb 3d 49 7e c4 39 0f 00 cd 9a 69 a5 fc e8 7b 3b c3 3b f6 1b dc 0e 00 30 46 1f 5e fe b3 ad 6c ab 00 ab db eb b7 92 fc 70 74 5f 01 40 a3 ea 92 3c 73 77 7b f8 c5 a7 66 5a d1 7d 05 00 30 4e fb 93 fc 6c b7 d7 df b3 9d Data Ascii: +%cUgYWI^v-vz.&@*3gn@cMox<K=;SuZ4hw7];qV)iuTqIv];I~:={h$~$`O]X=I~9i{;;0F^lpt_@<sw{fZ}0Nl
2024-09-27 06:28:09 UTC	11001	IN	Data Raw: fa f3 ca 03 05 00 00 00 2c ca b9 d5 a7 c4 f0 bd 29 b0 4e df db b2 a4 0f 00 00 00 58 8c 2f 54 af 98 c6 e1 84 28 be 37 05 d6 69 9a c6 e1 f6 66 ab b0 0e 4b 03 00 00 00 38 0b a7 aa 57 57 d7 88 e2 f4 28 b0 1e 99 f7 56 ef 17 03 00 00 00 70 16 3e 5b bd 76 1a 87 6d 51 9c 1e 05 d6 23 30 8d c3 e1 ea a5 d5 5d d2 00 00 00 00 ce c0 f1 ea a5 f3 79 db 9c 26 05 d6 23 f7 91 66 f3 b0 00 00 00 00 1e a9 8f 55 6f 17 c3 23 a3 c0 7a 84 a6 71 38 5e bd b8 ba 51 1a 00 00 00 c0 23 b0 55 bd 70 3e 67 9b 47 40 81 75 66 2e af 5e 57 d9 ab 0a 00 00 00 9c 2e b3 b5 cf 90 02 eb 0c 4c e3 70 aa 7a 79 75 b5 34 00 00 00 80 d3 30 55 2f 9e c6 e1 7e 51 3c 72 0a ac 33 f7 e5 66 25 d6 31 51 00 00 00 00 df c3 1b ab 4f 88 e1 cc 28 b0 ce d0 34 0e 3b d5 1b aa 8f 4a 03 00 00 00 78 18 d7 56 7f 3e 9f ab cd Data Ascii: ,)NX/T(7ifK8WW(Vp>[vmQ#0]y&#fUo#zq8^Q#Up>gG@uf.^W.Lpzyu40U/~Q<r3f%1QO(4;JxV>

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:09 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:28:10 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37085 Date: Fri, 27 Sep 2024 06:28:09 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:10 UTC	678	OUT	GET /img/2FA.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:10 UTC	543	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 114767 Connection: close Date: Thu, 26 Sep 2024 16:42:26 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "03d39d5d071182aba1b01ba2e859de39" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: eU_T06sbYGD2Op2TsnHTymlO3U2pZzmwbfQA1JMplqn3Zq7M-ze0qQ== Age: 49544
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1d 00 00 00 fc 08 06 00 00 00 d3 e7 16 e9 00 00 01 83 69 43 43 50 49 43 43 20 70 72 6f 66 69 6c 65 00 00 28 91 7d 91 3d 48 c3 40 1c c5 5f 53 a5 22 15 07 33 48 71 c8 50 9d 5a 10 15 71 d4 2a 14 a1 42 a8 15 5a 75 30 b9 f4 0b 9a 34 24 29 2e 8e 82 6b c1 c1 8f c5 aa 83 8b b3 ae 0e ae 82 20 f8 01 e2 ea e2 a4 e8 22 25 fe af 29 b4 88 f1 e0 b8 1f ef ee 3d ee de 01 42 a3 c2 74 bb 67 1c d0 0d c7 4a 27 13 52 36 b7 2a 85 5e 11 46 08 22 62 88 28 cc 36 e7 64 39 05 df f1 75 8f 00 5f ef e2 3c cb ff dc 9f 63 40 cb db 0c 08 48 c4 b3 cc b4 1c e2 0d e2 e9 4d c7 e4 bc 4f 2c b2 92 a2 11 9f 13 c7 2c ba 20 f1 23 d7 55 8f df 38 17 5b 2c f0 4c d1 ca a4 e7 89 45 62 a9 d8 c5 6a 17 b3 92 a5 13 4f 11 47 35 dd a0 7c 21 eb b1 c6 79 Data Ascii: PNGIHDRiCCPICC profile(}=H@_S"3HqPZqBZu04$).k "%)=BtgJ'R6^F"b(6d9u_<c@HMO,, #U8[,LEbjOG5\|!y
2024-09-27 06:28:10 UTC	8555	IN	Data Raw: 16 3d 31 d8 5a ac b8 71 86 cb 3a 62 a3 90 0a 2c 00 63 19 c6 ba 0a 1b f6 69 04 21 9d c2 29 e0 d8 e5 d0 1a 4b 06 94 24 18 12 e8 ad 81 11 00 84 82 36 16 7d c3 f8 66 b9 84 24 57 36 7b 7b 7b 0b c3 8c cd 7e eb 0d a7 80 22 e1 0c a9 76 2d b2 1b a9 9c d0 9a 36 e8 74 8f d5 62 e9 a4 e8 fd e7 92 84 5b e8 ad 43 66 a4 54 93 ce 99 f4 6a 92 45 99 6d 8f 04 a6 e5 a3 79 d0 61 8c 99 74 f8 db b6 f5 cf dc e9 5e e4 db 46 ca d1 f9 a5 e7 09 b8 92 c5 a6 69 22 11 98 99 d1 f7 3d f6 fb 3d ba ae c3 e9 e9 29 4e 4e 4e b0 5a 49 18 63 b1 d9 6c a0 b5 c6 72 b9 44 ab 4e d0 34 e4 04 dd b4 c6 76 bb c5 ed ed 2d 76 7d 87 67 df be c4 f3 97 e7 30 0c e7 80 7c f0 03 2c 97 ad 1f df 5e 31 d7 1b f4 92 40 60 40 13 7a a3 cb 9c b1 a3 7a 23 39 22 f6 41 b1 41 f2 3f 3d d3 70 2f 46 f2 18 e4 eb 73 f1 c4 29 65 Data Ascii: =1Zq:b,ci!)K$6}f$W6{{{~"v-6tb[CfTjEmyat^Fi"==)NNNZIclrDN4v-v}g0\|,^1@`@zz#9"AA?=p/Fs)e
2024-09-27 06:28:10 UTC	394	IN	Data Raw: b8 de b2 3d 20 3e 6b 69 8e 21 03 41 3a 0b 74 ad c0 89 81 04 eb b9 ea 86 96 ef 64 61 3f 4e 34 f8 eb 5d f2 13 26 35 4b 09 89 8d 6f da de fb 38 68 2e 14 33 65 1c 11 b4 5d 3c 14 8c a3 25 09 d5 ca e0 73 60 3f 87 c0 ad 8b 30 69 eb e0 6d b7 9f c1 c6 b0 d8 d5 d9 d2 04 52 c4 70 1f 7f 03 37 e4 aa aa 7c 4b d6 8d 1b bb 56 8b 1b f9 1d 5c a4 a3 c9 51 47 55 70 27 58 91 28 2a 9d c1 9f 86 e1 43 a6 7c 50 dc eb 5d fc 4a 21 57 ae 28 01 99 e3 e8 3c a0 5c 93 b3 b5 8e d1 43 44 68 e5 e3 9c 71 0a 57 20 30 65 7e 87 50 4a a3 91 12 8d 9d 0f 68 a5 42 4b 0a ad 6c c1 a9 eb 47 29 65 ac 76 43 b7 3f ce 39 38 fa 04 05 04 35 93 00 00 20 00 49 44 41 54 25 c6 19 4a eb d0 27 b5 5a 22 22 b9 1f dd c8 b6 cb b4 02 2b 60 df f3 62 ee 64 c3 d2 bd 92 30 32 ca cc c0 9c ad 94 d0 4a 42 6a 0d 61 0f ac 60 Data Ascii: = >ki!A:tda?N4]&5Ko8h.3e]<%s`?0imRp7\|KV\QGUp'X(*C\|P]J!W(<\CDhqW 0e~PJhBKlG)evC?985 IDAT%J'Z""+`bd02JBja`
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 2b a0 bc 0e b6 35 45 d5 7c 08 de bc 34 56 f7 e2 10 e3 c9 2e 50 4e 00 70 48 c9 40 ac 34 c1 46 75 56 d0 b2 95 28 ca 12 d2 b6 0a 74 ab c1 05 03 54 6b 7b 2c cc 26 1d 0c 4a 01 12 04 70 61 38 20 4a 76 dc 9e b6 01 31 43 4e 54 52 59 85 51 f3 5c 0b 05 59 37 10 c2 38 bf 92 2b 89 b5 04 63 26 78 b4 52 82 f1 02 20 8e 56 4a 8b b4 48 bb 00 4a 28 69 da 16 c6 fe 54 9a 31 56 62 3e 40 14 a2 40 bd b8 44 55 15 58 cc 2f 31 9d 8c 70 7e 3e c3 dd 77 ae e2 fc 7c 86 aa 1a 63 31 6f 40 9a 70 6d ff 10 4a 29 94 60 e0 05 47 35 2a d0 34 0b 68 2d bb 73 63 7b cb 9c 3f 3b 53 70 4e 28 8b 02 bc 2c a0 58 81 16 66 b7 8c 27 13 b3 68 10 43 ad 34 c6 20 70 5e e0 f8 c5 73 94 a3 16 5b 9b 86 84 da b6 12 42 70 30 06 b4 ad 02 e3 c1 3e 58 55 e9 11 7e d4 fd 52 15 cf a8 97 84 04 3c c5 f4 f4 c8 8a cf 27 b6 Data Ascii: +5E\|4V.PNpH@4FuV(tTk{,&Jpa8 Jv1CNTRYQ\Y78+c&xR VJHJ(iT1Vb>@@DUX/1p~>w\|c1o@pmJ)`G5*4h-sc{?;SpN(,Xf'hC4 p^s[Bp0>XU~R<'
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 9c 77 32 e8 50 86 4f c1 34 3c 24 d3 83 c7 13 b0 39 c5 f7 81 dc 6a 2a 59 88 21 9b d7 ed d7 af 72 16 4c 65 79 39 c5 bc a1 fe d8 8f d9 b6 a5 44 67 40 58 66 d5 ec 75 9c 74 c5 bd b4 55 f2 c6 a9 df fd 3a bf 27 75 c2 ae 7a 6d 0c a7 e6 46 db 72 db dd ff db 9c 55 64 b9 11 50 6f 9f 04 ba b6 49 03 69 02 b4 5d dd a0 a1 a0 c0 d1 02 ce 14 4c 69 90 6c c1 55 03 a6 1b fb 3a f5 a6 50 53 7a d7 7a 78 ab aa ca 90 99 2d 12 31 1e 0b 14 04 c8 5a 62 3e bb 04 b8 80 4a 68 ff e4 c4 f1 c2 6a 2a 34 a1 0a fd 20 66 4d 37 6e 29 e7 72 69 12 23 0e ac 31 07 24 bc 39 e4 24 f6 75 71 48 2d 2e 69 e5 35 32 34 7d 70 61 45 af 42 41 b2 90 9f d2 2c 54 16 96 37 9f 01 54 a3 02 65 21 1c 90 01 29 6d 7c 60 41 02 81 50 d4 4b 41 6b ab 47 12 2d 40 b1 dc b6 ab a4 c3 6a d9 b5 72 9c d0 59 0e ed 0d ed e9 e3 aa Data Ascii: w2PO4<$9jY!rLey9Dg@XfutU:'uzmFrUdPoIi]LilU:PSzzx-1Zb>Jhj4 fM7n)ri#1$9$uqH-.i524}paEBA,T7Te!)m\|`APKAkG-@jrY
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 03 9e 9e 3f c2 de bd 04 86 01 44 02 62 85 ed a3 80 1d a0 6e c4 6e 7f 89 be eb d0 db 0d 0c 75 70 23 00 f5 62 49 6e 54 74 f6 04 57 57 82 57 3b c2 2d dd 07 9d 7c 0a dd 7e 04 ea ee c1 60 83 41 13 06 33 b5 7e 87 52 da fb 10 0e 33 33 2c d9 aa 9b ea 31 f3 60 99 f5 96 0e d1 b9 cd c5 12 ef a3 65 19 71 2c 0a de 42 d2 6b 82 5c 65 f2 57 5b 97 5a a2 8c e5 5c 53 26 65 35 34 a7 d5 11 e4 d1 67 3d 10 8e 6c 21 2f ad f5 6e 49 0a be a5 54 dd 42 5e d6 ae ed 0c 85 82 6f 26 39 b6 74 56 53 0d 3f 38 d6 cc 19 dc e6 7c 8c 19 7c 13 ca 08 c7 0e 8e b7 59 b4 16 07 7d 45 74 25 57 2e 6d b5 54 cd fa a8 a9 b2 af 31 33 3b 22 1b 39 d4 29 99 02 9a 51 e5 c0 27 04 81 b8 a5 a1 2c 95 bb d0 c6 7e 6a 51 4f de 49 59 c7 54 4d 48 9f 3f a8 ff c5 ef 2e 5c 70 51 c9 f7 e3 e7 4a 65 d6 45 28 b0 12 b4 2c 99 Data Ascii: ?Dbnnup#bInTtWWW;-\|~`A3~R33,1`eq,Bk\eW[Z\S&e54g=l!/nITB^o&9tVS?8\|\|Y}Et%W.mT13;"9)Q',~jQOIYTMH?.\pQJeE(,
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 27 50 4d 10 b2 40 b8 91 af 75 0b 83 1a db a0 34 28 09 26 d6 6f f9 58 65 1d ff fd 0f 84 f3 63 cb 9e 9b 84 23 a5 82 d6 72 4c ac 09 66 d6 26 dc d5 f7 4c bd 0f 6e 49 48 b4 7e 05 75 6e 95 1e df 27 52 29 9c b1 a1 f1 2c 0a 02 51 16 fa 5c 70 8b 9e 5b ca ce 89 21 2c 1b eb c6 65 93 70 fc 9f ea f1 9e 39 17 e4 44 74 2e 44 5a 88 aa 59 64 b8 f3 fe 51 aa de df 90 fe 6f 2c ee bb 23 c4 45 ba 19 80 8e 78 19 cb 14 ea 52 ef a8 cd 39 f3 65 7e 11 46 81 c4 eb 9a b4 8e a5 a5 c7 d1 2e b7 e1 da aa d5 22 64 92 53 25 a1 ba 53 50 c6 fb 17 ff 17 ae 67 53 ee 09 32 02 2e e8 2c d5 fb 9b 52 06 ed 3a f1 76 15 c1 db 43 3f d6 02 8f 2f bd 6b 91 ff 6b 9d 26 21 45 d0 fd 21 18 12 ba 56 c6 47 ba e5 42 51 f7 a1 bb 3a e5 4d 50 13 15 f8 80 5e 03 91 9a d1 dd f7 ec 5c 24 66 e5 e2 03 69 46 75 6f 96 44 Data Ascii: 'PM@u4(&oXec#rLf&LnIH~un'R),Q\p[!,ep9Dt.DZYdQo,#ExR9e~F."dS%SPgS2.,R:vC?/kk&!E!VGBQ:MP^\$fiFuoD
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 85 f8 b9 52 e3 d5 d5 95 97 4b 2e 73 9f 0e 65 b4 54 29 61 86 cc f4 f4 e6 2d dc bb 77 0f 27 27 27 d3 00 f2 5b b2 56 a7 99 a7 0b 3a 1a ac 34 60 64 ed b8 30 68 f0 f6 f1 9a 41 87 5f 68 19 80 c9 d5 4e a5 3c d7 44 4d 86 10 74 90 44 67 da 3d 61 3d ca 16 93 e8 56 ad 66 49 fc 35 4e 4f 89 2c 2f 44 23 f5 a8 94 d4 a8 91 28 1f 11 50 4f 94 57 8a 62 4b 73 a9 04 56 2a 3b ef ef e3 94 64 1f 1b 0b fc 56 83 60 c9 21 b6 81 68 9c 96 f7 6a 72 0a 81 1b b6 d7 fd 91 f9 fb 39 12 73 bd 3c b4 27 9d 97 fa 96 d0 c8 6b 21 9f 60 29 22 10 29 8f ba 49 34 fe 0b 5e 45 29 72 38 c1 cb 0e 78 eb cc 49 29 a4 e7 36 20 33 f9 75 28 d2 0c 08 91 93 e7 5a e8 1d 02 1e ae b1 09 26 4d 2c 23 7b d9 39 99 aa 62 5b ea a1 ce 95 d2 62 56 1c 94 5f 73 d0 91 2e da 5f 25 9a 52 12 54 99 8b 1e e7 02 8f 5a 80 24 8a c0 Data Ascii: RK.seT)a-w'''[V:4`d0hA_hN<DMtDg=a=VfI5NO,/D#(POWbKsV*;dV`!hjr9s<'k!`)")I4^E)r8xI)6 3u(Z&M,#{9b[bV_s._%RTZ$
2024-09-27 06:28:10 UTC	7514	IN	Data Raw: d3 7f c4 a3 67 a7 b8 75 e7 36 de be 77 17 57 af 5e 75 44 52 cf 93 6b db 76 34 70 2c 6d cb 4e f2 02 26 20 fb 74 dc ca a5 a8 25 e4 f6 65 5b 2c 73 bc 87 dc 21 3a 8f b5 9f 5a c5 4f b5 3a f2 48 07 21 bc 72 5b 44 c3 a9 26 b5 27 90 cf a9 2d 53 95 a6 10 f5 4e c6 28 9b c8 0d 5e 0f 22 0c 0c ed db bf cd 84 2d 3e d7 29 1c 87 fc bc 54 3a 9f a8 2a f5 e7 8d 84 33 59 25 1d 03 ad 34 44 80 aa eb 3a 18 9f af 90 22 0c fb f4 ef f6 2d 34 42 6f 91 09 43 6b 6e e9 07 e9 80 b0 84 70 4e 0e 03 34 25 03 17 25 74 8d f4 3d 05 f8 2c 16 ad b9 4a c4 eb 9f 75 70 92 4b 3f 1b 0d 91 99 29 73 b1 b8 5f 4f 96 51 92 39 c1 79 f6 f8 98 21 d9 58 61 e7 1e 20 02 27 81 76 a9 0d 7d 18 96 45 79 95 c7 0e 93 d9 0d 7a a9 41 4d fe fa f0 b3 72 e1 da 25 f7 c3 ce a0 5e 48 af dd 19 3c 18 b6 eb d0 28 46 fb f8 11 Data Ascii: gu6wW^uDRkv4p,mN& t%e[,s!:ZO:H!r[D&'-SN(^"->)T:*3Y%4D:"-4BoCknpN4%%t=,JupK?)s_OQ9y!Xa 'v}EyzAMr%^H<(F

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4148_1597354817\sets.json

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Windows Analysis Report
https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:10 UTC	680	OUT	GET /img/phone.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:10 UTC	543	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 255341 Connection: close Date: Thu, 26 Sep 2024 16:42:28 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "3c18a93313e72ab9967152a4e92aa238" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: 4eHxZPDQ-I_2OpR6ApeBJF5O9WJqqbaX9Plya6qXoH361gYoZbYaYg== Age: 49542
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 80 00 00 01 18 08 06 00 00 00 cc 10 47 90 00 03 e5 34 49 44 41 54 78 da ac 7d d9 8e 65 59 92 d5 b2 33 dc d9 c3 23 23 22 b3 32 aa ba 26 c8 ae 12 ad a6 5b aa 06 1a 21 90 78 84 1f e0 03 e0 0f 80 97 7c e3 5b 78 e5 43 e0 a5 25 ba 2a bb 86 cc ca b1 72 8c c9 c3 c3 fd fa 9d ce 39 86 db 36 5b b2 ad 2b 51 8c 37 e2 e8 de 33 ec 7d f6 60 db 6c d9 b4 5d f4 cb 7f f7 15 80 0b fc 3f 7f 24 be 27 00 0a a0 89 73 fe 6e 01 51 60 3a 01 cd c2 af e9 3e ca f1 19 f5 f2 ac 4f fa f8 d9 fa b9 1e e3 99 0e 50 ab 67 e5 75 8d 37 80 0e 51 56 80 66 e9 65 d4 eb f2 67 ae bd ac 2a 20 12 ed e9 01 3d 00 cd 06 90 0e 98 b6 d1 8e c9 ef 63 8a ba 7a 40 e6 5e e7 74 0b ff 58 db 46 7f 87 74 5e 0f e0 cf 4f 7b 40 ed de de db d9 3e 04 30 d8 b3 76 ee Data Ascii: PNGIHDRG4IDATx}eY3##"2&[!x\|[xC%r96[+Q73}`l]?$'snQ`:>OPgu7QVfeg =cz@^tXFt^O{@>0v
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 6c a5 6b a3 e5 2d 7f 3a f5 0a d3 f7 67 d3 70 0e 17 04 96 8d bc 97 b8 ca 0f c2 ed 63 c7 b6 5c bc 4d 83 fe 37 af 01 d7 09 a3 d5 66 4a 8e 68 66 2f 19 68 53 f6 73 5b 80 0a 1f c0 1d 6a 29 0f 93 63 29 9b e6 0c 5e 95 02 ea 72 2f ec 5e e7 80 82 41 45 60 02 65 fb 74 7d 90 b1 e5 01 6b c9 d8 81 fa 3a 68 d4 50 1e 01 9c e6 29 c7 8c 4c cb 6b 35 fd 0b 9b 96 ca b7 20 a2 e8 d5 89 5c 4a 13 45 19 ca 96 a8 0e 80 a6 07 2e 4e e1 bf bd 82 ff f2 18 fe e9 0c fe f5 0c bc 6c c2 be 54 ba 04 f0 11 be 17 37 97 29 03 78 1e 81 d9 ef ea 46 a4 80 70 ac 40 3a 07 d6 37 65 f2 17 f0 8f 7e 13 58 42 be 61 94 97 d7 40 51 06 13 71 9a 66 a0 6a 12 16 aa d4 2d 40 5e 63 36 43 84 d8 04 44 96 5a 64 40 d0 98 3c f3 df 4b 8c ca a9 50 96 97 a4 63 b8 5f 5a 66 ae 95 b5 07 e6 ed 9c 80 40 ab 2e c4 f8 c4 38 89 Data Ascii: lk-:gpc\M7fJhf/hSs[j)c)^r/^AE`et}k:hP)Lk5 \JE.NlT7)xFp@:7e~XBa@Qqfj-@^c6CDZd@<KPc_Zf@.8
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 57 d9 c9 97 04 90 50 bd 2d 6a f5 09 a4 4a a8 5d 46 c0 16 73 39 c9 ae f1 53 39 69 3a 41 f6 82 ee 35 bb 4f 19 40 0b 74 6e 9c cd 93 93 c6 bc f9 ac 64 5b c9 6b 1c e0 15 18 ea 00 ee ef 85 ac d1 63 27 6d e6 5b 01 86 81 84 36 96 13 24 18 9d 5c 5a fe a1 83 ba 38 ca 2e 04 48 3e 0b 0b 2d 3d 93 63 24 0a 72 42 57 d4 b8 cb b9 80 d4 84 28 d9 c6 a9 5d a0 0e 1b c4 9b 5f 80 fa 4a ad 05 34 1e c6 4e 2c bd cf a1 ce 71 41 88 02 5c 4c 5b a7 27 8d 0c 52 6b 9f 7c bc 54 fa 1a 10 48 e3 01 39 97 86 91 72 29 21 b3 89 de 7c a2 ef 43 8e 2d ff b9 89 b4 e9 e0 42 06 a2 e3 f2 b4 1d d3 01 9d c7 19 21 d4 6e 93 92 59 3f aa f4 f9 68 ba be dc 04 91 bb 7c c7 fe 87 21 5a 6a 47 3f ee 0e b6 63 27 2d bd a8 c8 da 41 9a 79 ee ad 81 e2 9a 69 fa 06 70 28 ad 4c 3b 08 73 a7 9d 74 2b 2b fb 4c fd 33 8d d2 Data Ascii: WP-jJ]Fs9S9i:A5O@tnd[kc'm[6$\Z8.H>-=c$rBW(]_J4N,qA\L['Rk\|TH9r)!\|C-B!nY?h\|!ZjG?c'-Ayip(L;st++L3
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: f6 85 55 24 d2 f7 26 d8 48 39 1c b9 00 0d 05 8e 1f fd 1e 8a e6 3d 35 2e 45 ef 07 ab 99 79 b2 3c 72 79 13 9c e6 06 64 c4 c4 52 4b 01 c2 da 59 2b 3e dc 9f cb 2e 0e 88 38 b0 60 1f 5a 03 27 5a b2 f5 b2 44 a4 82 90 65 66 ce 64 9b ce ee 39 c8 73 bb 17 46 11 4d 08 31 6b 8c d9 33 92 5f 1c fc 6f 1b 4b 88 d1 c9 e1 03 3f 5d 1b 4c 0a 13 b8 af c3 8e c5 a2 f3 3c ff 77 3c f3 f2 92 8a 5b d5 90 95 78 69 f2 11 60 fa e7 ac 14 72 31 62 19 ae b4 f3 2d 5f 8d ad 65 0c 50 1d d8 80 b8 09 6a 5e 58 82 0e 54 7d c0 0d 3f 43 d0 2d 17 80 55 f8 9c 51 61 3e 7c 1e 44 9f ec 7b 4c c7 5a 49 15 74 53 11 c2 7d 6a 8c e5 9d 9b 1e c8 3a 7d 87 0b ed 3c 04 47 a4 5d 75 a2 c7 42 f9 b0 0d f0 cb 10 ed 43 ba 94 7d 92 a0 0c 2f d5 06 64 39 44 c9 b9 bf 26 42 8e f2 24 0f 3d 72 d7 a1 98 4d b4 0c c7 78 ff 6f Data Ascii: U$&H9=5.Ey<rydRKY+>.8`Z'ZDefd9sFM1k3_oK?]L<w<[xi`r1b-_ePj^XT}?C-UQa>\|D{LZItS}j:}<G]uBC}/d9D&B$=rMxo
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 55 6e 04 b9 02 93 96 cc 02 d7 83 02 9c 1b 79 5b 37 b4 48 6a 75 e2 4d 4b 7a cf 6e 5a bb d2 df e2 78 03 cc 3a b1 63 ce 26 45 19 22 4e 92 8f 32 41 e2 fe 63 b9 63 fa 12 38 fc 54 18 72 5e 7d 5f cf b1 fd ff 01 40 72 2e 96 93 7f 00 5e 5d 82 ba 54 33 c8 ca 02 16 2d e5 7a 17 26 3b 20 1c ac d4 4b 26 d4 97 d3 de 4b 70 91 fe c1 a3 01 3a 56 66 d0 2f d6 d1 e9 49 48 2b 99 1c 68 87 e5 7d af b6 1f 67 47 7d 5f cb 11 f1 45 1d 70 f7 46 3d 12 db c1 65 32 51 19 28 53 ec 7f da b8 2b 81 2d 1f 2d 6b 7c 15 60 09 72 cd 8b ed 80 a3 44 09 ae fc 5d bb 00 9a 80 8d 8b 93 e5 c6 c7 79 1d 3a 69 f6 4c 69 07 56 51 e1 78 78 8a f6 f1 d7 f8 d6 8f fe 00 4f 7e f0 5f 71 fe e2 cf b1 da bc c3 f6 e2 73 6c 3e fc 09 3e fd db bf 8f cf 7e f0 ef f5 78 1e 87 ea f8 4f 8b f2 6e 8e b2 2d 47 82 47 24 71 f8 3e Data Ascii: Uny[7HjuMKznZx:c&E"N2Acc8Tr^}_@r.^]T3-z&; K&Kp:Vf/IH+h}gG}_EpF=e2Q(S+--k\|`rD]y:iLiVQxxO~_qsl>>~xOn-GG$q>
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 1b 1b db de 36 a0 9a 8d 35 ec a2 2c 91 f7 06 f8 8e f6 9d f5 56 2e f8 ae 4e 5a 75 0e 72 33 98 ee 6f 65 1e 80 a6 05 6c 57 aa b5 3a 3c 43 de 5d 82 33 db d3 74 55 ba b8 c4 77 1b 51 5f e1 d6 4f 8d 65 c1 1e a3 0c 22 31 81 0d 70 6f 8d 0f be f1 09 be f2 6f df c2 ed fb a7 78 f1 f5 7b d8 dc 1a 90 9a 04 27 dd ce ee 6d 30 9c 74 f8 95 7f fc df f1 f6 af 7d 53 17 2a d4 a0 14 c2 f1 78 c4 71 f4 ef 93 3c 00 5e 98 31 1f a8 49 c0 db d1 75 76 8b b4 90 7a 40 2e e0 92 eb f8 b6 60 29 16 c0 97 52 e7 cd 18 95 ae 8f e1 57 b6 e7 2d 33 43 e3 9b d3 6d 1c fc 31 8a 65 32 a3 d2 cf c1 74 80 a1 91 34 ab 18 d5 fd 11 45 c9 1e e4 e0 6f 61 18 cd 35 fb 6d 63 48 94 e0 1d 00 d5 db b6 49 cd a1 0b 53 a5 4d f2 ed a8 da 9a 02 d0 d9 04 4b 8b b4 12 67 9a d9 26 54 f7 03 24 01 7a 04 2f 3d b2 33 8b f1 be Data Ascii: 65,V.NZur3oelW:<C]3tUwQ_Oe"1poox{'m0t}S*xq<^1Iuvz@.`)RW-3Cm1e2t4Eoa5mcHISMKg&T$z/=3
2024-09-27 06:28:10 UTC	16384	IN	Data Raw: 83 ff 39 cc 71 ed 73 4b 31 53 e5 7c bd b3 93 3c a5 ef d1 04 32 db d5 f6 d7 e2 38 9c cd 53 f1 b8 c7 c5 b7 9f e0 c1 6b 8f 70 eb 99 63 8b 7c 5b 5c 14 b5 e1 c3 fc e8 1c 20 6a 51 c6 7f 42 d1 49 bc 2e 41 db 2e 59 2c 89 8a be 11 90 77 cc 5c 4e 21 2c 6f c1 5d 66 c6 2c 9b 48 28 2b 00 01 57 eb 3b d7 5e 68 c8 ae 8d 76 70 f9 7d 3a 68 9c 07 43 c1 b7 df e9 f1 e9 2f ac 81 bb 19 78 76 06 5e 28 b5 eb ee 5f 7d a9 03 a0 f1 51 8c 7e d3 c2 e3 a4 e4 66 bb 95 96 15 6d a9 27 8d 76 65 17 72 f8 11 b2 dc 09 e0 f1 f9 15 f2 85 e0 13 2f 0a fe ed cf 5d e1 f8 f6 04 bd 4c ae db 2b 2e 79 5c 41 d1 a2 74 ea ca 5a 6d 9c 2e 43 f7 a5 05 31 06 12 9b 84 87 20 02 58 1e d5 44 8d 97 6f a7 74 66 0d 54 26 f5 b9 6a c5 ec 5f 49 76 3f 16 2f 82 5a 86 92 d5 0d c6 55 0e cf 85 ce 8c 32 0e 9b 17 f8 b9 dd 33 Data Ascii: 9qsK1S\|<28Skpc\|[\ jQBI.A.Y,w\N!,o]f,H(+W;^hvp}:hC/xv^(_}Q~fm'ver/]L+.y\AtZm.C1 XDotfT&j_Iv?/ZU23
2024-09-27 06:28:11 UTC	16384	IN	Data Raw: 40 5f da 87 bc 0f c0 49 31 ab 13 11 40 66 16 91 97 26 6e b6 b9 76 30 d6 13 30 39 53 a5 91 01 9a cf ec 31 3f f1 25 2d ad 64 99 4f 2c fb d6 8c 96 bd 4b f6 82 95 9b 87 3b 31 f0 f9 c5 6b de 7a 82 e4 9f b7 f1 d3 74 e5 e0 6b e1 0b 84 0e da 04 9b 7b 04 e8 34 c0 8e af 6e 07 7b 9d 95 44 1c cc 9d d0 80 54 6d 80 a7 4e 6d 15 e7 1a b3 94 75 4d 76 90 83 8d 4f 14 33 66 49 6a 35 68 88 da ef 0c b7 2c cc be b9 0c 34 e1 33 25 40 b9 e3 96 0b 39 4c 6d 7d 02 d9 73 90 1a 69 32 4b 60 fb ba db 78 5c b3 db f0 6a b4 f7 33 5a 68 78 63 7c 3f 9e eb db aa a4 32 b3 ef d1 de 67 22 e8 c9 fd 00 8e 8c 71 41 18 51 1f da 2d 45 37 df 14 5a 38 cc 8c b9 b2 79 30 d0 d7 c6 fe 66 6b 04 e9 4d 02 91 e6 73 ac 5f ba 8e 83 93 73 33 89 db 16 70 2b 2c bd 94 3c 66 fe e2 c6 29 be fc 9f bf 8d f9 c1 0c c1 d6 Data Ascii: @_I1@f&nv009S1?%-dO,K;1kztk{4n{DTmNmuMvO3fIj5h,43%@9Lm}si2K`x\j3Zhxc\|?2g"qAQ-E7Z8y0fkMs_s3p+,<f)
2024-09-27 06:28:11 UTC	15850	IN	Data Raw: 7b 8a f5 0b 77 d0 de 7a 80 d1 c5 eb b8 f5 95 7b 58 9f 6d b0 77 6d 07 51 fe 55 d5 73 79 b6 e7 fd 4f e5 5c 52 9a 7b 12 8a 19 0d 2b ac ac 9a 92 18 26 b1 5f 11 5b 44 8e 2d cf 32 a4 14 cc aa 3c 60 b2 4d d3 62 b3 de 90 ed eb d7 96 43 3a d8 a9 9c 1a 7b 34 da b6 d7 da 1c 80 25 9a 38 fe 67 00 2a fc b9 5f 1c e3 23 bf 5b 00 5b 19 98 75 c0 35 50 fc 6c a5 6d fe 84 fd 74 70 19 2c 1e 81 60 12 e6 01 ab 5a 47 70 ea 3c 9d 03 b6 6f 71 6c 25 61 15 07 15 8d 35 89 8c 6a a7 3c 3b 60 77 03 34 2d 9e 7e 71 8e bf f7 8c e0 9f 7f 58 f0 a1 77 1c e3 c9 87 33 e4 08 50 34 fe 59 b3 9d 1f 52 22 8d 2e 41 9b 03 63 70 bb 53 2b 34 ce 2e 03 55 8d bc 5a 00 30 e7 00 96 62 05 9a 4d 7b 35 19 4f 00 05 26 45 46 25 3d d6 2d d0 6e 1a 88 b8 dd ce 24 e1 e2 a3 73 b4 eb 1e 9f f9 37 2f e0 d6 d3 fb f8 9e 1f Data Ascii: {wz{XmwmQUsyO\R{+&_[D-2<`MbC:{4%8g*_#[[u5Plmtp,`ZGp<oql%a5j<;`w4-~qXw3P4YR".AcpS+4.UZ0bM{5O&EF%=-n$s7/
2024-09-27 06:28:11 UTC	16384	IN	Data Raw: 91 3b 68 e5 db 6c 1a 44 eb b0 45 98 9f d2 8c 58 60 e5 5e 49 1e 01 97 59 f2 74 00 23 3c 99 bc 45 fe 41 64 2e 32 fe 25 0f 36 e1 d7 87 90 30 3a 95 d6 ba 8e 6d d5 61 00 2c 6f 9d 7d ab cd c2 a5 2d ec 28 bb a8 92 33 93 3a 80 5e 43 5b 0f f5 de a3 95 0f 12 81 58 5e 33 85 64 72 9f 42 90 91 73 57 7f 1f 48 d6 a0 23 7d 45 c7 78 45 94 1c 08 66 c7 63 6a 79 14 80 f6 0e 10 69 23 61 8c d3 05 c2 01 9d 7e 8d 33 66 63 da ca 88 1a 92 34 07 bb d6 0f 62 75 65 65 e8 5c ac 79 4c 46 50 cc 47 1b 6a 07 71 4a 5f 4b 37 0b 65 87 bc 20 fc 2c fd 66 db 2b e0 fc d8 cf 59 98 40 bf 71 41 32 7e 2c 13 68 9e 6f bb 01 27 27 6b 54 3f d1 00 da 01 41 aa ec 90 a4 14 5d a1 8f 34 22 0b e5 2f 9c df 03 13 58 63 41 c0 83 30 8e ce fe 77 2a 7f 59 c3 48 65 ba a7 a4 8a be 1f b8 52 e6 40 47 9b 1d 66 be 02 d4 Data Ascii: ;hlDEX`^IYt#<EAd.2%60:ma,o}-(3:^C[X^3drBsWH#}ExEfcjyi#a~3fc4buee\yLFPGjqJ_K7e ,f+Y@qA2~,ho''kT?A]4"/XcA0w*YHeR@Gf

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:10 UTC	679	OUT	GET /img/star.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:10 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1980 Connection: close Date: Thu, 26 Sep 2024 16:42:32 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "aae920faed2a3fe4c3083b339cd783df" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: xgNRlGzFzr9lmecWWVpzbh2kTp0oahApi7HWKkg9vLenfOz3n7bkXw== Age: 49538
2024-09-27 06:28:10 UTC	1980	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 29 00 00 00 29 08 03 00 00 00 9f be f0 c4 00 00 02 f7 50 4c 54 45 47 70 4c ab dd f8 cb e8 fa c9 e6 f9 c9 e7 fa b6 e1 f9 c8 e8 fb c8 e7 fa cd e8 fa cc e8 fa bc e3 fa ae de f8 c3 e5 fa ca e8 fa c1 f1 ff a9 dc f8 bb e3 f9 a5 db f7 f3 ad 00 f2 ab 00 aa dd f8 a8 dc f8 a6 db f8 a1 d9 f6 ac de f8 c8 e8 fd a6 db f7 ad dd f7 c9 e8 fa bf e4 fa c5 e6 fa b0 df f8 a7 dc f8 c7 e9 ff c7 e7 fa b4 e0 f9 b8 e1 f9 f1 a9 00 bf f4 ff a3 d9 f6 c4 ed ff cc e9 fb c2 ef ff b3 df f8 c7 ea fc fa a3 00 c8 e7 f9 c6 eb ff a9 dd f8 ba e2 f9 f3 af 00 c0 f3 ff cb e9 fb f4 b0 00 b2 df f8 af df f8 a7 db f8 c6 ea ff c8 e7 fb c0 e5 f9 bd e3 f9 be e4 fa f6 a4 00 c5 ec ff a3 da f7 aa dc f7 f3 ac 00 b8 e2 f9 b8 e1 f8 b1 df f9 c2 e5 f9 b3 Data Ascii: PNGIHDR))PLTEGpL

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:10 UTC	678	OUT	GET /img/dir.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:10 UTC	541	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 5071 Connection: close Date: Thu, 26 Sep 2024 16:42:37 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "aef2b30f6701ba271c07e3e26ffc416e" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: 8BEEENILpL5gQqwOL5DSsBQTWbPVlsUmGj1D6zVDV_PGNVhU8zG3HA== Age: 49533
2024-09-27 06:28:10 UTC	5071	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 78 00 00 00 78 08 03 00 00 00 0e ba c6 e0 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 02 fa 50 4c 54 45 9a 68 aa 9a 69 a9 9b 69 aa 9c 6a aa 96 62 aa 94 60 a9 8e 58 a9 90 5a a9 92 5d a9 8d 56 a9 99 66 aa 8b 54 a8 8a 52 a8 98 64 aa 9e 6c aa ad 80 ac a9 7b ac a5 75 ab b2 87 ac a1 70 ab b5 8b ad bb 93 ad b8 8e ad c1 9b ae b0 84 ac be 96 ae c6 a0 ae 9a 68 aa e1 c4 b1 f7 ec b5 ff ec b4 fd ea b4 ff ee b4 ff f1 b3 ff f4 b5 f5 e2 b3 e5 c9 b2 ef d5 b2 ff f9 b5 fb e5 b4 ff fb b5 ff f6 b5 fd e9 b4 ff ff b6 ff ea b4 ff f1 b6 fe ec b4 ff fe b6 ff ef b4 ff f7 b5 f1 e1 b1 d2 b1 b0 ff f2 b6 ff f0 b3 ff eb b4 ff fd b5 ca a7 af 88 50 a8 9b 6a aa f7 e6 b4 84 49 a8 e9 ce Data Ascii: PNGIHDRxxgAMAasRGBPLTEhiijb`XZ]VfTRdl{uphPjI

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:28:11 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37029 Date: Fri, 27 Sep 2024 06:28:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 06:28:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:11 UTC	350	OUT	GET /v2/free/self/ HTTP/1.1 Host: api.db-ip.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:12 UTC	708	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:28:12 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close cache-control: max-age=1800 x-iplb-request-id: A29E9FD1:A3B2_93878F2E:0050_66F6507C_2876EC1E:4F34 x-iplb-instance: 59215 CF-Cache-Status: EXPIRED Last-Modified: Fri, 27 Sep 2024 06:28:12 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHW7Rc1TwyQIhkJNg%2B2Y0tRkSKP6HZNJj8ADzHuqqzEMzxp%2BPyPND%2BbgIOeRu9zc9pECJHv%2FmUK%2FKrWps%2B5h7abBM5Xa1P7viKdhIJZnDQoIx3cduv2PDJJ7OP9SlLc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c996ea71fe28c72-EWR
2024-09-27 06:28:12 UTC	246	IN	Data Raw: 66 30 0d 0a 7b 0a 20 20 20 20 22 69 70 41 64 64 72 65 73 73 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 73 74 61 74 65 50 72 6f 76 43 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 73 74 61 74 65 50 72 6f 76 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 0a 7d 0d 0a Data Ascii: f0{ "ipAddress": "8.46.123.33", "continentCode": "NA", "continentName": "North America", "countryCode": "US", "countryName": "United States", "stateProvCode": "NY", "stateProv": "New York", "city": "New York"}
2024-09-27 06:28:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:11 UTC	674	OUT	GET /ico.ico HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:12 UTC	545	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 10915 Connection: close Date: Thu, 26 Sep 2024 16:42:05 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "38f289209522fd198c50c25bec5db163" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: nUswPU9EvOlcU-XcCEU2AzURPXIiyYit1lMj9fYoA6URzBC0s4-f3w== Age: 49567
2024-09-27 06:28:12 UTC	10915	IN	Data Raw: 00 00 01 00 01 00 00 00 00 00 01 00 20 00 8d 2a 00 00 16 00 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 01 6f 72 4e 54 01 cf a2 77 9a 00 00 2a 47 49 44 41 54 78 da ed 9d 07 7c 54 65 d6 c6 df cc 4c 32 e9 bd 22 ba 2e a2 7e ea f2 ed 7e 6e 5f b7 a8 6b 59 dd b5 ec fa 6d 13 a5 48 e8 1d 02 22 35 60 59 54 54 7a 4f 42 09 bd 5b 10 45 60 05 db ae ba ee a7 54 05 92 c9 a4 37 92 cc 24 d3 e7 fd 9e 73 67 50 59 21 09 90 64 ee 9d 39 e7 f7 fb 73 27 85 e4 ce 7b ce f3 bc e7 7d ef 9d 89 10 1c aa 8a d4 5d 52 24 bc 22 45 e6 4e 29 b2 76 48 d1 6d 2b d8 86 c7 db 7d f4 d8 80 af ed 90 46 7c 2e be db 76 99 95 b9 5d 7e 17 9f bf 1b df db 17 4c 00 b3 c1 4a b0 03 ec 03 1f 81 13 c0 0c 6a 80 15 d8 80 0b 48 3f 2e ff e7 ac Data Ascii: PNGIHDR\rforNTwGIDATx\|TeL2".~~n_kYmH"5`YTTzOB[E`T7$sgPY!d9s'{}]R$"EN)vHm+}F\|.v]~LJjH?.

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:13 UTC	396	OUT	GET /img/2FA.png HTTP/1.1 Host: business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:28:13 UTC	543	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 114767 Connection: close Date: Thu, 26 Sep 2024 16:42:26 GMT Server: AmazonS3 Accept-Ranges: bytes ETag: "03d39d5d071182aba1b01ba2e859de39" Last-Modified: Mon, 19 Aug 2024 14:02:33 GMT Cache-Control: public, max-age=0, s-maxage=31536000 X-Cache: Hit from cloudfront Via: 1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P2 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: T9HMKhGbEOBri72F0nA0KDR7SfuMX4eSaoHsFg1-ZN_Pg3riTRZRrA== Age: 49547
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1d 00 00 00 fc 08 06 00 00 00 d3 e7 16 e9 00 00 01 83 69 43 43 50 49 43 43 20 70 72 6f 66 69 6c 65 00 00 28 91 7d 91 3d 48 c3 40 1c c5 5f 53 a5 22 15 07 33 48 71 c8 50 9d 5a 10 15 71 d4 2a 14 a1 42 a8 15 5a 75 30 b9 f4 0b 9a 34 24 29 2e 8e 82 6b c1 c1 8f c5 aa 83 8b b3 ae 0e ae 82 20 f8 01 e2 ea e2 a4 e8 22 25 fe af 29 b4 88 f1 e0 b8 1f ef ee 3d ee de 01 42 a3 c2 74 bb 67 1c d0 0d c7 4a 27 13 52 36 b7 2a 85 5e 11 46 08 22 62 88 28 cc 36 e7 64 39 05 df f1 75 8f 00 5f ef e2 3c cb ff dc 9f 63 40 cb db 0c 08 48 c4 b3 cc b4 1c e2 0d e2 e9 4d c7 e4 bc 4f 2c b2 92 a2 11 9f 13 c7 2c ba 20 f1 23 d7 55 8f df 38 17 5b 2c f0 4c d1 ca a4 e7 89 45 62 a9 d8 c5 6a 17 b3 92 a5 13 4f 11 47 35 dd a0 7c 21 eb b1 c6 79 Data Ascii: PNGIHDRiCCPICC profile(}=H@_S"3HqPZqBZu04$).k "%)=BtgJ'R6^F"b(6d9u_<c@HMO,, #U8[,LEbjOG5\|!y
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: 16 3d 31 d8 5a ac b8 71 86 cb 3a 62 a3 90 0a 2c 00 63 19 c6 ba 0a 1b f6 69 04 21 9d c2 29 e0 d8 e5 d0 1a 4b 06 94 24 18 12 e8 ad 81 11 00 84 82 36 16 7d c3 f8 66 b9 84 24 57 36 7b 7b 7b 0b c3 8c cd 7e eb 0d a7 80 22 e1 0c a9 76 2d b2 1b a9 9c d0 9a 36 e8 74 8f d5 62 e9 a4 e8 fd e7 92 84 5b e8 ad 43 66 a4 54 93 ce 99 f4 6a 92 45 99 6d 8f 04 a6 e5 a3 79 d0 61 8c 99 74 f8 db b6 f5 cf dc e9 5e e4 db 46 ca d1 f9 a5 e7 09 b8 92 c5 a6 69 22 11 98 99 d1 f7 3d f6 fb 3d ba ae c3 e9 e9 29 4e 4e 4e b0 5a 49 18 63 b1 d9 6c a0 b5 c6 72 b9 44 ab 4e d0 34 e4 04 dd b4 c6 76 bb c5 ed ed 2d 76 7d 87 67 df be c4 f3 97 e7 30 0c e7 80 7c f0 03 2c 97 ad 1f df 5e 31 d7 1b f4 92 40 60 40 13 7a a3 cb 9c b1 a3 7a 23 39 22 f6 41 b1 41 f2 3f 3d d3 70 2f 46 f2 18 e4 eb 73 f1 c4 29 65 Data Ascii: =1Zq:b,ci!)K$6}f$W6{{{~"v-6tb[CfTjEmyat^Fi"==)NNNZIclrDN4v-v}g0\|,^1@`@zz#9"AA?=p/Fs)e
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: 96 65 1a 8c 84 f1 8a d1 a6 85 62 10 2d 23 dd 0e 52 60 24 c0 05 79 19 f0 ee da 50 bd 24 a7 aa 2a ec ec 6c 61 6b 6b ab 73 bc d5 00 bd 65 c2 60 c9 49 05 df 7a a1 41 3e 44 8a 97 10 f7 fb 57 b5 d5 73 d6 08 3e a9 c8 24 33 29 a5 d3 b8 6d bb 4e fc 58 87 db b1 6a 9d 5a 35 31 18 c6 bf 74 ac 65 4b 8b 7d d7 ee d2 3d 0b 62 a7 41 d5 2a 69 04 ea 18 03 b9 7d a1 42 7e a0 55 df ce c4 e0 1c d2 e1 5e d3 5a 83 b7 90 63 63 84 33 09 90 f0 06 70 44 04 52 5d c2 e1 9d ac a3 f5 55 06 fa 22 61 7d a7 ac 47 95 76 eb b0 6d 8f b7 d6 7b 85 b4 41 4f 74 20 d0 26 52 8b 89 d2 1a da 92 f0 72 27 79 4e 79 d2 1f 54 de 4d 53 c4 2a a3 2e c1 88 4f bc f0 02 72 da 21 7d c5 b7 c4 c9 9a 38 a9 d8 c0 89 37 34 f6 34 24 a4 15 23 19 b1 c6 47 c7 e2 77 8b 2e 7f 2d 64 20 be f0 18 67 bd e9 1a f7 f9 5e 09 32 d8 Data Ascii: eb-#R`$yP$lakkse`IzA>DWs>$3)mNXjZ51teK}=bAi}B~U^Zcc3pDR]U"a}Gvm{AOt &Rr'yNyTMS*.Or!}8744$#Gw.-d g^2
2024-09-27 06:28:13 UTC	14808	IN	Data Raw: 1f 46 35 32 a3 2a 6c e0 19 1c d0 04 f2 79 7c e5 16 89 9c 41 2d cd df 34 23 95 d2 dc 17 27 6f 11 95 03 3d 92 43 5d a4 44 62 cd 02 2d 0d d5 05 97 e6 c7 f0 7a e0 0e 6a e0 28 ba 38 af a8 57 7d d1 8c f8 1a 89 b8 14 10 9b 84 0c a9 04 c2 b1 2f 9c 89 38 30 96 e9 12 91 13 a9 89 00 4b 19 fa e1 79 77 60 4a 7f 97 d0 70 11 af af a8 1c 54 28 26 97 59 d0 01 4c 77 4c c6 df 1a 98 de df 40 93 c1 50 ad e6 b3 84 98 08 14 06 73 67 c8 b2 ed 67 d1 d0 67 c1 56 39 87 e3 d6 22 d1 56 3d 2b 72 4b 6a ae af c7 88 f0 1c a3 9d df b2 a5 ce 11 a7 9a 9f cd d2 77 ae 41 8c f9 f7 d6 4a 3c a5 1b 63 d9 33 7f 8c cc 7b 4d 86 77 36 3e 48 fd e0 ad b4 f7 a5 52 a0 be ff 8b e6 14 8c 47 b6 3b 43 e0 75 2c 12 79 ca 6e 60 fa 33 08 f5 b8 bd bd c2 f5 e5 73 9c 6e 5e 00 17 bf 58 59 68 6a bc 26 9e 26 38 fa f0 Data Ascii: F52*ly\|A-4#'o=C]Db-zj(8W}/80Kyw`JpT(&YLwL@PsgggV9"V=+rKjwAJ<c3{Mw6>HRG;Cu,yn`3sn^XYhj&&8
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: 1a 77 c9 8f 34 f2 8f 26 69 6b a4 71 9f 00 f0 00 8c c0 cc 60 5a 77 4f f7 54 8b aa 2e 91 22 c2 dd f7 83 7b 44 7a 44 79 44 66 f5 cc 3c 60 de 4b d8 20 bb 52 44 86 f0 f0 7b fc de 73 cf 41 b0 8d 13 39 4e 2a 84 50 08 21 c9 f0 e4 cf 8a aa d5 bd e6 57 2b a6 69 bf 74 2c 98 2f 4e 30 f6 0c 95 8d 18 4f 24 5b db 39 e3 4c 21 cc 02 e1 24 42 8e c1 bd bd d3 ad fd 0e d3 87 43 40 3e f2 8b 03 33 07 b3 20 77 23 84 15 c8 ca 77 e2 6c 8c 15 a5 9b 62 98 23 32 89 cc 0b 9c 2a 58 94 19 65 e9 c8 64 c1 5f 13 e2 1a 5c 28 5f 59 94 83 4c 0a c6 79 81 c4 1b 49 1a 22 ba 0d cb 6c 15 f1 7d 47 ff 7d ad 43 7a 3c 45 24 8d 03 7a 8a f0 19 7f bf db 2d 67 22 6d 90 b7 e9 5e 49 ed 6f 5f b6 a5 2f 9b 52 67 0b 45 42 2e 20 3e 5e 68 7b 98 d4 71 c2 18 d3 12 50 eb 02 9c a1 2c 51 7c 4e fa 08 f8 5d d0 d1 97 3d Data Ascii: w4&ikq`ZwOT."{DzDyDf<`K RD{sA9NP!W+it,/N0O$[9L!$BC@>3 w#wlb#2Xed_\(_YLyI"l}G}Cz<E$z-g"m^Io_/RgEB. >^h{qP,Q\|N]=
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: 2b 84 6c 8c c3 86 ba 39 86 dc 62 53 5c b4 38 3b a4 22 43 b2 d4 fc 2b 5c 7f 27 49 2a 03 10 83 8c d4 22 b2 bb 9d 7a d1 d9 48 c0 b3 04 0b 42 08 30 43 a5 dc 74 27 62 fc 5e ca a5 76 88 f7 d1 05 00 29 99 84 f8 b3 eb 2c b4 bb dc bb 14 17 27 15 eb 6a 50 b6 4e 1c 1d 52 dc 4e 55 1d ba e0 26 55 1a 5b aa 85 db 64 fc d5 17 09 8a f1 0f a8 8e 4b df 50 8d ac 8f 8c 39 14 f4 87 82 62 77 1b 7d e4 c4 55 c7 32 14 fc 57 12 3d 7b c0 95 94 72 6d 20 35 98 1d 5a f1 d9 a1 ae 98 be fd 58 47 22 b7 19 48 df 73 78 1f e2 cf 38 d7 f1 33 74 0e 95 10 c7 69 3b 5f fe 6d 67 3b bc 1f 84 af 14 89 aa 02 e5 28 cf de f0 f8 de 57 bc 7a fe 18 59 cd 50 a6 f4 62 4e 22 f8 16 49 89 b4 0a ab 60 61 2a 44 58 29 2f aa 12 21 40 67 19 52 2b 6c 96 73 ed e6 1d ae df 79 1f 39 d9 01 95 83 c8 1a 7d 0e fb bd ea 9c Data Ascii: +l9bS\8;"C+\'I"zHB0Ct'b^v),'jPNRNU&U[dKP9bw}U2W={rm 5ZXG"Hsx83ti;_mg;(WzYPbN"I`aDX)/!@gR+lsy9}
2024-09-27 06:28:13 UTC	16384	IN	Data Raw: e6 62 ba fe 04 b9 73 eb 3f 3f 88 8e 05 1f 9b f0 7b 97 b8 90 47 49 f4 4c 47 8b 33 5d a7 00 38 04 8d 8e 90 42 58 11 28 ad e2 b5 b5 ec 12 1b b6 16 4c ce b0 4f ab e8 30 e7 8e 23 c4 0b 05 d1 44 c3 fe a0 72 a5 c3 12 c9 ed 5a 1a 1a 7b f0 7e 19 fe 09 1d 32 b5 ec bb 24 cd 5a ea d6 78 93 5a 57 e9 d1 27 e5 8f b0 d8 c6 0c 24 9c 58 20 02 63 f9 f6 10 0f 62 0e ae e4 0c f5 88 41 5b 80 de e0 0c df f6 74 3d d8 f5 7b 13 03 46 53 15 da cb af e7 75 60 bb 1a 1b 7d 8f d9 2d c9 35 15 77 23 c2 df 38 10 85 56 3b f1 22 83 06 76 b3 c3 f9 a3 c7 d8 bd 7a 0e 63 37 b0 7d 07 a3 0c 44 46 b4 ca 7a 41 af d0 d4 c1 3e 42 df e7 22 2f 1d 07 14 f9 26 2c 4e 32 5a c4 05 1b d6 d6 5d 62 97 38 24 c3 a3 3a 21 00 d5 ac 40 ae 86 e9 af 95 cf 12 1a 17 18 32 0f 20 71 6d b1 d4 b4 b8 fb de 77 70 7c 72 63 ea Data Ascii: bs??{GILG3]8BX(LO0#DrZ{~2$ZxZW'$X cbA[t={FSu`}-5w#8V;"vzc7}DFzA>B"/&,N2Z]b8$:!@2 qmwp\|rc
2024-09-27 06:28:13 UTC	1655	IN	Data Raw: 5d 63 c1 84 06 da 29 65 b4 75 f2 16 4d a8 40 8e 25 3e b1 98 29 91 29 07 83 99 5f 54 28 19 9a 0f e5 26 40 b9 f4 4f 63 3e 60 6b 0e 31 d8 67 25 96 93 33 77 24 93 3e 40 30 3d cf 70 7e a2 9c db a2 25 e9 25 87 e9 e7 88 26 4b 43 89 63 78 5f 4a 84 1f 5c 97 84 50 1f d4 75 ba 20 31 ec 89 f7 34 38 7e f8 7d 02 c1 4e 70 11 c6 50 95 39 85 d0 1c 57 e6 65 c9 93 63 85 68 09 8d 49 f7 9d bb b1 96 90 b7 52 bb 6b 6c f5 5f 92 af 46 51 43 ba 95 7c 2b 6e 9e 0a 08 b1 e7 e1 fd 31 e2 17 38 e1 c4 94 b6 76 c6 87 46 ab e9 02 78 8c 9e 30 50 56 8e b4 40 a7 ee 91 14 09 13 2a 64 7c 71 56 0c 85 f6 9e 27 6b 57 4a a3 d1 15 8e 8f 8e b0 52 0d ea 60 0c ca 0e 45 d2 44 a8 16 aa 42 c7 16 6c 2c b4 22 1c 2d 56 10 ad 40 a6 c5 59 b7 f5 56 bc 16 22 06 f0 e4 51 2d bd 57 a5 8a 15 9d 33 03 0b 52 d4 4e 39 Data Ascii: ]c)euM@%>))_T(&@Oc>`k1g%3w$>@0=p~%%&KCcx_J\Pu 148~}NpP9WechIRkl_FQC\|+n18vFx0PV@*d\|qV'kWJR`EDBl,"-V@YV"Q-W3RN9

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BFcZzNEP+TU9oG9&MD=HXzKxRaf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-27 06:28:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 91dbfa2f-aee2-40f2-a48a-98359b8784db MS-RequestId: 7a6abd68-d033-4997-909e-cf063fb1b998 MS-CV: VI0D1SVw70GdlI3s.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 27 Sep 2024 06:28:18 GMT Connection: close Content-Length: 24490
2024-09-27 06:28:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-27 06:28:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:19 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1727418465787&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-09-27 06:28:19 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-09-27 06:28:19 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-09-27 06:28:19 UTC	475	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 647F1BB87C0B49B9967B05FC45D05531 Ref B: LAXEDGE1711 Ref C: 2024-09-27T06:28:19Z Date: Fri, 27 Sep 2024 06:28:19 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.5fed0117.1727418499.36d37f2

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:28:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BFcZzNEP+TU9oG9&MD=HXzKxRaf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-27 06:28:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3361689b-b22c-41f1-867d-b9de823907f6 MS-RequestId: dd6214a0-572e-45ec-bc1f-69059ae0fa4e MS-CV: OAo85M3oP0OGCOZ1.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 27 Sep 2024 06:28:56 GMT Connection: close Content-Length: 30005
2024-09-27 06:28:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-27 06:28:56 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro