Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://totalpartningonline.z9.web.core.windows.net/

Overview

General Information

Sample URL:https://totalpartningonline.z9.web.core.windows.net/
Analysis ID:1381982
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Creates files inside the system directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2692 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2288,i,11747816988005185952,563848142906098611,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6420 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://totalpartningonline.z9.web.core.windows.net/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://totalpartningonline.z9.web.core.windows.net/Avira URL Cloud: detection malicious, Label: malware
Source: https://totalpartningonline.z9.web.core.windows.net/SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering
Source: https://totalpartningonline.z9.web.core.windows.net/HTTP Parser: No favicon
Source: https://totalpartningonline.z9.web.core.windows.net/HTTP Parser: No favicon
Source: https://totalpartningonline.z9.web.core.windows.net/HTTP Parser: No favicon
Source: https://totalpartningonline.z9.web.core.windows.net/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c/hotjar-3840748.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://totalpartningonline.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://totalpartningonline.z9.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://totalpartningonline.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /modules.0c2aac1b2d1ba79f2a01.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://totalpartningonline.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: chromecache_65.2.drString found in binary or memory: http://fontawesome.io
Source: chromecache_65.2.drString found in binary or memory: http://fontawesome.io/license
Source: chromecache_73.2.dr, chromecache_70.2.drString found in binary or memory: https://getbootstrap.com/)
Source: chromecache_73.2.dr, chromecache_70.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_70.2.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_61.2.drString found in binary or memory: https://ipwho.is/?lang=en
Source: chromecache_61.2.drString found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_2692_692667764Jump to behavior
Source: classification engineClassification label: mal48.win@16/42@14/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2288,i,11747816988005185952,563848142906098611,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://totalpartningonline.z9.web.core.windows.net/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2288,i,11747816988005185952,563848142906098611,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1381982 URL: https://totalpartningonline... Startdate: 27/01/2024 Architecture: WINDOWS Score: 48 24 Antivirus / Scanner detection for submitted sample 2->24 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49730 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 static-cdn.hotjar.com 18.160.41.49, 443, 49750 MIT-GATEWAYSUS United States 11->18 20 ipwho.is 15.204.213.5, 443, 49751, 49766 HP-INTERNET-ASUS United States 11->20 22 6 other IPs or domains 11->22

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://totalpartningonline.z9.web.core.windows.net/100%Avira URL Cloudmalware
https://totalpartningonline.z9.web.core.windows.net/100%SlashNextScareware type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
about:blank0%Avira URL Cloudsafe
https://ipwho.is/?lang=en0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipwho.is
15.204.213.5
truefalse
    		unknown
    accounts.google.com
    		64.233.176.84
    		truefalse
      		high
      script.hotjar.com
      		99.84.191.81
      		truefalse
        		high
        www.google.com
        		74.125.138.104
        		truefalse
          		high
          clients.l.google.com
          		142.251.15.100
          		truefalse
            		high
            fp2e7a.wpc.phicdn.net
            		192.229.211.108
            		truefalse
              		unknown
              static-cdn.hotjar.com
              		18.160.41.49
              		truefalse
                		high
                clients2.google.com
                		unknown
                		unknownfalse
                  		high
                  static.hotjar.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://ipwho.is/?lang=enfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                      		high
                      https://static.hotjar.com/c/hotjar-3840748.js?sv=6false
                        		high
                        https://script.hotjar.com/modules.0c2aac1b2d1ba79f2a01.jsfalse
                          		high
                          about:blankfalse
                          • Avira URL Cloud: safe
                          		low
                          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                            		high
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://fontawesome.iochromecache_65.2.drfalse
                              		high
                              https://static.hotjar.com/c/hotjar-chromecache_61.2.drfalse
                                		high
                                https://github.com/twbs/bootstrap/graphs/contributors)chromecache_70.2.drfalse
                                  		high
                                  https://getbootstrap.com/)chromecache_73.2.dr, chromecache_70.2.drfalse
                                    		high
                                    https://github.com/twbs/bootstrap/blob/main/LICENSE)chromecache_73.2.dr, chromecache_70.2.drfalse
                                      		high
                                      http://fontawesome.io/licensechromecache_65.2.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        142.251.15.100
                                        		clients.l.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        74.125.138.104
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        239.255.255.250
                                        		unknownReserved
                                        		unknownunknownfalse
                                        64.233.176.84
                                        		accounts.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        15.204.213.5
                                        		ipwho.isUnited States
                                        		71HP-INTERNET-ASUSfalse
                                        99.84.191.81
                                        		script.hotjar.comUnited States
                                        		16509AMAZON-02USfalse
                                        18.160.41.49
                                        		static-cdn.hotjar.comUnited States
                                        		3MIT-GATEWAYSUSfalse

                                        Private

                                        IP
                                        192.168.2.4

                                        General Information

                                        Joe Sandbox version:39.0.0 Ruby
                                        Analysis ID:1381982
                                        Start date and time:2024-01-27 00:20:23 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 3m 9s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:browseurl.jbs
                                        Sample URL:https://totalpartningonline.z9.web.core.windows.net/
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal48.win@16/42@14/8
                                        EGA Information:Failed
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 0
                                        • Number of non-executed functions: 0
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 173.194.219.94, 34.104.35.123, 20.60.242.14, 20.12.23.50, 72.21.81.240, 192.229.211.108, 13.85.23.206, 20.3.187.198, 64.233.177.94
                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • Not all processes where analyzed, report is missing behavior information
                                        • VT rate limit hit for: https://totalpartningonline.z9.web.core.windows.net/

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        No context

                                        ASNs

                                        No context

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        Chrome Cache Entry: 57

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 2048 x 2048, 8-bit colormap, non-interlaced
                                        Category:dropped
                                        Size (bytes):11991
                                        Entropy (8bit):2.7913570662523877
                                        Encrypted:false
                                        SSDEEP:24:htET1fJAColhamWZr2QlhcoWlv7YUl5rjXlYNU0Frj3lhamWZr2zqIoJoWlv7YUa:hQVJACLI8bkglE/M
                                        MD5:50D6BCD443FD23AA0E353A96C2DD9709
                                        SHA1:FF24BB4F3729B09031BDD39A9A5126C48F1F28FB
                                        SHA-256:9038DE43BA75161EF2996551EC74CE07FAB12C0CFDB5AF00B4604902AECBD6C4
                                        SHA-512:6DA75E8859088920D0E7664F81FD160F4EFD126B37ED689BB8CF0201F8A132A1DEA2BE73B651E61C133E18EEF80570D1C652A086EFDF063C2E5F4C054D1F1047
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR..............y#.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...NPLTE....`6.Z...........S%............................................q.N.....bKGD..n......tIME.......=.r...-.IDATx...K..P.D.'....Pt.+u.....I...S......................................................................................................................................................................................Q.nZ ....P].|]..+........ .....@......... .@............ .@............ .@......................... .<1..@........... ......@......................... .@............ .@............ .@......... .....@......... ......@........... ............ ... .@............ .@............ .@............ .@......... ... .@...@...... ......@........... .@...@......... .....@..... ........@..... ........@..... ........@....................... ......@.......... .....@...............@..... ........@..... ........@..... ............... .....@........... ......@...............

                                        Chrome Cache Entry: 58

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):251
                                        Entropy (8bit):4.260744908877784
                                        Encrypted:false
                                        SSDEEP:6:oJR6nIy2iz7ALxRoHGFV/FFyAOWsH+aVQmH+ahWzqH+3CLGEeySa:ofTyLmRbdLPsH+OH+jzqH+7ySa
                                        MD5:A11D8340EA0ED4A63DE0D17602982210
                                        SHA1:BDCCD4397453401FBC70A990FD7F22A986E240B2
                                        SHA-256:77779C16D4C0D6864301A3CA24935CAD873AAA89D8461579FF08566D70E92426
                                        SHA-512:0D78A1F5199B3B6E176299DA2C9FED9B5D85445AF90A14E9B137265D2ABFA9FAEF90F8E6DC69A85DBA607C93A06065024A21A0E2E791D1E13A3FB8679872856C
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/fullscreen.js
                                        Preview:addEventListener("click", function() {.. var el = document.documentElement.. , rfs =.. el.requestFullScreen.. || el.webkitRequestFullScreen.. || el.mozRequestFullScreen.. ;.. rfs.call(el);..});......

                                        Chrome Cache Entry: 59

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (7691)
                                        Category:downloaded
                                        Size (bytes):8848
                                        Entropy (8bit):5.352294178780698
                                        Encrypted:false
                                        SSDEEP:192:ibnQSH54wHePVClBCtUx4ldNAfocwp5S8fITmVpB5jPq:ibnQbse5UxoDSqDB5jPq
                                        MD5:EA0784BC645433CEF76F98A2C69E9751
                                        SHA1:3892F33796FD6CCEBEC0CB05FB0DF7743E53316F
                                        SHA-256:9105310ACCDEBD1F967087B1413A74F13589DA7C4E8531F7337AB8E2F9FE62C2
                                        SHA-512:79C531186ED988211DC3339C7D9DDB1AFDC49C1762505F1A6D0456EAF89ADBB39CDECE12CD987C360F58461BD9BDAE9F730ECB069DF939296094649DFB62E5FC
                                        Malicious:false
                                        Reputation:low
                                        URL:https://static.hotjar.com/c/hotjar-3840748.js?sv=6
                                        Preview:window.hjSiteSettings = window.hjSiteSettings || {"site_id":3840748,"rec_value":0.13,"state_change_listen_mode":"automatic","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":true,"session_capture_console_consent":true,"anonymize_digits":true,"anonymize_emails":true,"suppress_all":false,"suppress_all_on_specific_pages":[],"suppress_text":false,"suppress_location":false,"user_attributes_enabled":false,"legal_name":null,"privacy_policy_url":null,"deferred_page_contents":[],"record_targeting_rules":[],"feedback_widgets":[],"heatmaps":[],"polls":[],"integrations":{"optimizely":{"tag_recordings":false},"abtasty":{"tag_recordings":false},"kissmetrics":{"send_user_id":false},"mixpanel":{"send_events":false},"unbounce":{"tag_recordings":false},"hubspot":{"enabled":false,"send_recordings":false,"send_surveys":false}},"features":["ask.popover_redesign","client_script.compression.pc","error_reporting","feedback.embeddable_widget","feedback.widgetV2","sessionizer_beta_e

                                        Chrome Cache Entry: 60

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (32180), with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):84359
                                        Entropy (8bit):5.371387209871541
                                        Encrypted:false
                                        SSDEEP:1536:vP1vk7i6GUHdXXeyQazBu+4HhiO2wd3uJO1z6/A4fGAub0R4ULgGiyz4npa98Hr4:S4Ud/Jiz6UANJ8pa98Hr4
                                        MD5:4F988BB591D022E2EE519E286D1D5103
                                        SHA1:A3601995DE4D8579A4E5D7048F8C85E95D96844D
                                        SHA-256:1060BA101D2A066D2F490291232AF6DF4FBC9D1285501C4C04B0E3249323DA85
                                        SHA-512:AB9CEE2DDDB4FD2407BBC2D571E6C2A87DDA6FAA912E2E0A9486A0C61C81048668B70C1A60C608478B67716B6FF826D0F65AAAB9CBB22979CB114C9BD0B11057
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/ajax/libs/jquery/2.1.3/jquery.min.js
                                        Preview:/*! jQuery v2.1.3 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct

                                        Chrome Cache Entry: 61

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):40394
                                        Entropy (8bit):4.308881267718418
                                        Encrypted:false
                                        SSDEEP:384:HK1q/R4Q0RCWL9eXSRWL9I5mluOCj7rhbi+pJVj/0HioiciK:HdR4ouO80CFRK
                                        MD5:08B0A7480189DDF77CC95DF1F488D31A
                                        SHA1:53A9A31EAE56C45D2EC98C05A91E2A4A9646BB2A
                                        SHA-256:0FB0F0E23E337610815F3CE4265A8E11B6E57BA5506487F50608533FDCBBFCF1
                                        SHA-512:F1139AF0F53928ED5C02409D2395B004C2B4D1004BB86AEA149A7B38678552BF11A1BFF30D4F22F9FDE3A434AB6F41218C7B7DCC99F6C301A5F02826E75BB344
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/
                                        Preview:<!doctype html>..<html lang="es">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.. Required meta tags -->.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. Bootstrap CSS -->.. <link rel="stylesheet" href="npm/bootstrap-4.6.0/dist/css/bootstrap.min.css".. >.. <script src="ajax/libs/jquery/2.1.3/jquery.min.js"></script>.. <link rel="stylesheet" type="text/css" href="main.css">.. <title>Security-Center-Code0x268d3 Services-Error0SecurityrEr0dfdsfd07</title>...<link rel="canonical" href="web.core.windows.net" />.. <link rel="stylesheet" href="font-awesome/4.5.0/css/font-awesome.min.css">.. <script type="text/javascript">.. window.onload = function () {.. document.onclick = function (e) {.. e = e || event;.. target = e.target || e.srcElement;.. if (target.tagName === "DIV") {.. toggleFullScree

                                        Chrome Cache Entry: 62

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):14449
                                        Entropy (8bit):4.825537447017425
                                        Encrypted:false
                                        SSDEEP:192:fzLYlFfSzqmSzq/H+7nuuEokQUMdwSLyj1R7jEYb4rDyyb2de0e1ufARstQSzqmL:5iyuEDNsSe4fBxidfkn9K99KGCr
                                        MD5:16992023AEFF2AF2F9CB8D56C0D1580C
                                        SHA1:BA25C51467A056DACFE5A565C224E43C63D92CCA
                                        SHA-256:6D9B61E24F49494F10804F853EF80CE2A361CDD1AB41D94D9E9C5C9C75CFA913
                                        SHA-512:3A86A11323E008DA46BEE018C3B3BFB1AB6D9D0696B3CDC07085DB4D20A339E3FE7E7A4D49E74C5D1D5D82BD2C095D8095BD9D163B5CA547773709CC9FAB4362
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/main.css
                                        Preview:body{.. overflow-y: hidden;..}......#pop_up_new{.. position: absolute;.. top: 6%;.. z-index: 999999;.. left: 36%;.. background: #1a73e8;.. width: 440px;.. text-align: left;.. padding-top: 4px;.. display: none;.. color: #FFFFFF;.. padding-left: 20px;.. padding-right: 20px;..}....#pop_up_new p{.. font-weight: 500;.. font-size: 12px;.. line-height: 21px;..}..#pop_up_new .action_buttons a.active {.. border: 1px solid #fff;.. font-weight: bold;..}..#pop_up_new .action_buttons a {.. float: right;.. font-size: 12px;.. margin-right: 15px;.. padding: 6px 25px;.. text-decoration: none;.. color: #000 !important;.. border: 1px solid #DDD;.. margin-top: 20px;.. border-radius: 2px;.. margin-bottom: 20px;..}....@keyframes zoominoutsinglefeatured {.. 0% {.. transform: scale(1,1);.. }.. 50% {.. transform: scale(1.1,1.1);.. }.. 100% {.. transform: scale(1,1);.. }..}....@keyframes

                                        Chrome Cache Entry: 63

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):4949
                                        Entropy (8bit):7.859283088219073
                                        Encrypted:false
                                        SSDEEP:96:Q2sXF9k4YFUYvtNgrx52bMH+ZMEtzclS/iIS8woR44j:M1ebUYlNcFUdclSKrse4j
                                        MD5:CC5132B56BA46B03DD998AA1FE220106
                                        SHA1:403E007A0B17D76A9945FA5EC46A9D01733B3040
                                        SHA-256:598699133BE5EEF63E3B9B5540609EC0DC91D7AF9C7F70A3B890E57491A70AE0
                                        SHA-512:A523413B12F9BC9D7B4789FA45C57C5AD28E6C33F5CEDE6B9C13C7CFC59CA04DC09787F706354B4E2062B6CB7604CB89BD9021411968EA2B7C78AB29FF41E963
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR.......\............tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....IDATx..]K............J+..&....1".'...H.....+.<.!..`B ...&...%....X.C..>..$ ...2...E....^....G....z{fggV....

                                        Chrome Cache Entry: 64

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 236 x 47, 8-bit colormap, non-interlaced
                                        Category:downloaded
                                        Size (bytes):2605
                                        Entropy (8bit):7.905759039304704
                                        Encrypted:false
                                        SSDEEP:48:qRuA1pKGO/R4pHedzXfDTEXQNtREiJqAqzPNMbinvjeyqJhkRDbZQNxLL48IXv:qzxO/ep8zv/ByWqXzVhn7tqjwDbZQLLa
                                        MD5:001068C638AAB54BF48FFA339D4839D9
                                        SHA1:DC8C419691C4BB93FE49720F16DEAA7EAD0DAA1B
                                        SHA-256:6BCEC512E5EF229100BD2CDD59103617F74D658154C0C6997324EED0C2230BDF
                                        SHA-512:FAA5FEB5FACCC7FFC3BBDD86C4FC1DE514BFF72D9A66A6BD69D7A366FA70334D7EE1EE9BBA188CF0FB41852C9807BAE4023B23F8BF7175F3B91808B8BDE85ECD
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/phone1.png
                                        Preview:.PNG........IHDR......./......q.<....sRGB...,.....pHYs...t...t..f.x....PLTE......x..Tc.1C.8I.jv............s..We.CS.3D.%7.>O.bo.........t..JZ.&8.5G.hu............p|.L[.*<.DT.u.............r~.IX.6G.K[............}..P_.':.2C.HW.cp.........o{.Sb.=N.'9.7H..........M\.<L.IY..........fs.BS.);.Q`........ly.!4.........................$7.{....-?.FV....dr...5F....@P.......:K....N].v...........<M.......kw....]j._m...,>.`n.AQ......w.......Wf.....~...........[i.+=...4E...............Vd..........r~............................nz."5.EU.?O...]k.....................Zh.......y....0B.......er.z..../A.............|..(;.....9J.iv.#6....................an.^l.Yg.Xg.;K.....dq..........Ra...............gt....kx....x....mz.......BR....Uc..@..?.GW..............IDATx..X.CUE.. .....(n ......)..]...%.........*....SP!..w.R.....1..,M..%...............7.9..=wf..}..B...*T.P.B.........}gC.KW.n..p....[..}.:9.u.._..u..A.....eE....w.1.n.h.......=v....6....

                                        Chrome Cache Entry: 65

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (27228), with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):27395
                                        Entropy (8bit):4.745953491347797
                                        Encrypted:false
                                        SSDEEP:384:+i5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8L:1lr+Klk3YlKfwYUf8l8yQ/2
                                        MD5:9E33D1E7CFEB913AB1F0509EC640C818
                                        SHA1:D938075F7183E4D21AEFA76FEFACC4558D5B9CFB
                                        SHA-256:9C326A99C06732D529DAC215396C54FFFA8848800EAA3A2C31B65F5CE6D65DDB
                                        SHA-512:67D57B18561F3629A938CB5741C6E164C2FF5F7401E502BD592E777C94C504BD5316D9EB007E2CB7C1CC927D9FF0256854531B608FD5CD282D9ECAD3A2840B42
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/font-awesome/4.5.0/css/font-awesome.min.css
                                        Preview:/*!.. * Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome.. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License).. */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont.eot') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../fonts/fontawesome-webfont.svg') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{padding-left:0;margin-left:2.1428571

                                        Chrome Cache Entry: 66

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (11084), with no line terminators
                                        Category:downloaded
                                        Size (bytes):11084
                                        Entropy (8bit):5.26714858103651
                                        Encrypted:false
                                        SSDEEP:192:sANzVNUBOebwvXDA+mJ4fXOrTIjDJfiRxug9xx+EMZajp:PNbUBOjHmJcOgjDJaR1bMZip
                                        MD5:65F1D21D5FCC9D21DA758ADABABD0C3C
                                        SHA1:E0661D07D64C00008BC9D013D16EEC0A0F156DC7
                                        SHA-256:D2B82E612D2A812E8BE2A57300DAB8923C4F2EDBE7A799E7DA70791B595646FE
                                        SHA-512:DE7D7DC739CED2E6CFA52C1809144180787ADC3AD5F9B7597C72B9D9BD5EB2F21DE06B1FC12B5034F2458DE428B368772700A6665D3F2E02F148A300239E6183
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/ajax/libs/modernizr/2.8.3/modernizr.min.js
                                        Preview:window.Modernizr=function(e,t,n){function r(e){b.cssText=e}function o(e,t){return r(S.join(e+";")+(t||""))}function a(e,t){return typeof e===t}function i(e,t){return!!~(""+e).indexOf(t)}function c(e,t){for(var r in e){var o=e[r];if(!i(o,"-")&&b[o]!==n)return"pfx"==t?o:!0}return!1}function s(e,t,r){for(var o in e){var i=t[e[o]];if(i!==n)return r===!1?e[o]:a(i,"function")?i.bind(r||t):i}return!1}function u(e,t,n){var r=e.charAt(0).toUpperCase()+e.slice(1),o=(e+" "+k.join(r+" ")+r).split(" ");return a(t,"string")||a(t,"undefined")?c(o,t):(o=(e+" "+T.join(r+" ")+r).split(" "),s(o,t,n))}function l(){p.input=function(n){for(var r=0,o=n.length;o>r;r++)j[n[r]]=!!(n[r]in E);return j.list&&(j.list=!(!t.createElement("datalist")||!e.HTMLDataListElement)),j}("autocomplete autofocus list placeholder max min multiple pattern required step".split(" ")),p.inputtypes=function(e){for(var r,o,a,i=0,c=e.length;c>i;i++)E.setAttribute("type",o=e[i]),r="text"!==E.type,r&&(E.value=x,E.style.cssText="position:

                                        Chrome Cache Entry: 67

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):503
                                        Entropy (8bit):4.806069034061486
                                        Encrypted:false
                                        SSDEEP:6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
                                        MD5:CD6C33FBC221D0271C910AF910E6EBED
                                        SHA1:9B52F24D6F10B885BB19DB1C4B531469F96D2914
                                        SHA-256:318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
                                        SHA-512:13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/light.js
                                        Preview: function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

                                        Chrome Cache Entry: 68

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 2048 x 2048, 8-bit colormap, non-interlaced
                                        Category:downloaded
                                        Size (bytes):11991
                                        Entropy (8bit):2.7913570662523877
                                        Encrypted:false
                                        SSDEEP:24:htET1fJAColhamWZr2QlhcoWlv7YUl5rjXlYNU0Frj3lhamWZr2zqIoJoWlv7YUa:hQVJACLI8bkglE/M
                                        MD5:50D6BCD443FD23AA0E353A96C2DD9709
                                        SHA1:FF24BB4F3729B09031BDD39A9A5126C48F1F28FB
                                        SHA-256:9038DE43BA75161EF2996551EC74CE07FAB12C0CFDB5AF00B4604902AECBD6C4
                                        SHA-512:6DA75E8859088920D0E7664F81FD160F4EFD126B37ED689BB8CF0201F8A132A1DEA2BE73B651E61C133E18EEF80570D1C652A086EFDF063C2E5F4C054D1F1047
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/microsoft.png
                                        Preview:.PNG........IHDR..............y#.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...NPLTE....`6.Z...........S%............................................q.N.....bKGD..n......tIME.......=.r...-.IDATx...K..P.D.'....Pt.+u.....I...S......................................................................................................................................................................................Q.nZ ....P].|]..+........ .....@......... .@............ .@............ .@......................... .<1..@........... ......@......................... .@............ .@............ .@......... .....@......... ......@........... ............ ... .@............ .@............ .@............ .@......... ... .@...@...... ......@........... .@...@......... .....@..... ........@..... ........@..... ........@....................... ......@.......... .....@...............@..... ........@..... ........@..... ............... .....@........... ......@...............

                                        Chrome Cache Entry: 69

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3
                                        Category:dropped
                                        Size (bytes):2247
                                        Entropy (8bit):7.11698697675055
                                        Encrypted:false
                                        SSDEEP:48:a0BvnLUTRRcrJ3e5VJub9u6Q1kkGMikBU/Wf:fo/d5VJmY60IkBh
                                        MD5:1BA392DCE74F8987DCA48BF65D817C8F
                                        SHA1:DB0B8444C46125105B52F272BD422A7F52DA1F72
                                        SHA-256:A05245B6F7FD752AF4A7B0131BBDFDF3EAEE6C5A25A81CB498E0F0759189473C
                                        SHA-512:6B2B0EA6169182C21C42793018FE1D7AAA2BBE047FB6E0990C0AF7FCF577D37A16A210C42D1C283A7CD92E266CD2D3AAFE27C8B9C8B1C90F09DC88DBA36A5100
                                        Malicious:false
                                        Reputation:low
                                        Preview:......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a4d48e96-283c-5641-9d61-94bb93d5c56f" xmpMM:DocumentID="xmp.did:24EDD198CA0111EB886E90BAF265EF4A" xmpMM:InstanceID="xmp.iid:24EDD197CA0111EB886E90BAF265EF4A" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:703ef937-70bf-4c45-b7c7-5392c7e98eaf" stRef:documentID="adobe:docid:photoshop:813991c1-7842-4249-b78a-c0b43e96414c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

                                        Chrome Cache Entry: 70

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65294), with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):84384
                                        Entropy (8bit):5.160628787907909
                                        Encrypted:false
                                        SSDEEP:768:sD/iPe3+zZTVPVBNppu7MTAN6/kp3EfB+4edVAja+t+QnXLb1+uaR+orWieOJAl5:sLiG+Nkp083dG3ulPFzfBqT+m/D
                                        MD5:96B79E4FD55CFEB144BDA37CB9DEE866
                                        SHA1:F6644CCDDF43F83D4459E10FDC83027EB24CE530
                                        SHA-256:2F5454BE2251BA125AF6A2B8836BCF682EC83D9DCB8043B5D71DC4E1EA399094
                                        SHA-512:4BF319B10042E88B8A57456C75BFACE66B3D283BB03D7A0DDF6551D04BFEDC0B4D99DD150CE3A8DD20FCA6E8533F6553DCA65D76B86E13061577485A38C813FD
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/npm/bootstrap-4.6.0/dist/js/bootstrap.bundle.min.js
                                        Preview:/*!.. * Bootstrap v4.6.0 (https://getbootstrap.com/).. * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap={},t.jQuery)}(this,(function(t,e){"use strict";function n(t){return t&&"object"==typeof t&&"default"in t?t:{default:t}}var i=n(e);function o(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function r(t,e,n){return e&&o(t.prototype,e),n&&o(t,n),t}function a(){return(a=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])

                                        Chrome Cache Entry: 71

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                        Category:downloaded
                                        Size (bytes):364
                                        Entropy (8bit):7.161449027375991
                                        Encrypted:false
                                        SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                        MD5:E144C3378090087C8CE129A30CB6CB4E
                                        SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                        SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                        SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/setting.png
                                        Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                        Chrome Cache Entry: 72

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):1294
                                        Entropy (8bit):4.844380567953471
                                        Encrypted:false
                                        SSDEEP:24:ysIpM8YuQI8Uw8IwoXl8Ho2e8HoxN8HoOBh8Hoy6bmIKUWalkVdBLF+kDsZdfaFx:bcCqedXH24xfOpy6yhUVlWv+CGmD/ezu
                                        MD5:169721922C8794EBEDE242D1C94D72C7
                                        SHA1:C2874CF9445F62E87F274009621E99E5615CACCE
                                        SHA-256:351E4918BB46C9924CF5CBA61036E31511282C2C64289B646527DF66746AD448
                                        SHA-512:FF6425E3AC9AFFC5B330EC0452B1B8005B82B1B452754E9685BB2B69E4046FCF96C54CD3349831F9BD116EF4038C43B520F7818F0616739899E0EAE17DE82E66
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/main.js
                                        Preview: $(document).ready(function() {.. var audioElement = document.createElement('audio');.. audioElement.setAttribute('src', 'wa0lDErtm0s.mp3');.... audioElement.addEventListener('ended', function() {.. this.play();.. }, false);...... $('.map').click(function() {.. audioElement.play();.... });.... $('.black').click(function() {.. audioElement.play();.... });...... $('#footer').click(function() {.. audioElement.play();.... });.... $('#poptxt').click(function() {.. audioElement.play();.... });............});.... $("#footer").fadeIn('slow')...css({bottom:10,position:'absolute'})...animate({bottom:10}, 800, function() {.. //callback..});..$(document).ready(function() {.. $(".arow-div").delay(1000).fadeIn(500);..});.... $(document).ready(function(){.. $("#poptxt").click(function(){.. $('#poptxt').hide('fast');.. });..});.. $(document).ready(function(){.. $(".alert_popup").click(function(){.. $(

                                        Chrome Cache Entry: 73

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65321), with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):161415
                                        Entropy (8bit):5.078872154795706
                                        Encrypted:false
                                        SSDEEP:1536:FC7AIJkTR+rMqFVD2DEBi8yNcuSElAz/uJpq3SYiLENM6HN26k:c7XXGLq3SYiLENM6HN26k
                                        MD5:FEBA0D0760607B9E21393156949AFCD9
                                        SHA1:0A0A0922F8B1E212866C228F8345D2C9F963DE22
                                        SHA-256:7D7A9043F4BED303FE2974AC4E3BA10D6B214E70F7AE549786BA2D347DE05F81
                                        SHA-512:906351EC9C1642BDF4BD59EE829B79CAA07C4172FD6799B4024C8A13C1DF8113A267CD91706567A242843D9EF8C257E73D93975976C766336FD5669A90CBE195
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/npm/bootstrap-4.6.0/dist/css/bootstrap.min.css
                                        Preview:/*!.. * Bootstrap v4.6.0 (https://getbootstrap.com/).. * Copyright 2011-2021 The Bootstrap Authors.. * Copyright 2011-2021 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans","Liberation Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after

                                        Chrome Cache Entry: 74

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x105, components 3
                                        Category:dropped
                                        Size (bytes):4581
                                        Entropy (8bit):7.818756760579781
                                        Encrypted:false
                                        SSDEEP:96:4GeZhQjx0Ng1Ebhkx1IWT6YAaGcFfv3EqKjqJXH8wCqulefXoptGMW:4G00uhkbIJYA2RUHjqJYVEfXo4
                                        MD5:E151FBD463FE638C7B0A16FB1FB94811
                                        SHA1:0499756469FD3255F2946520C7944C80712E0105
                                        SHA-256:D30633CFC7D4A2DB8BB70AB7898D47C2680D568C5180E55B28C67B0A72D7AF7A
                                        SHA-512:4F065133CFAA9B439C4CAFBCF37DAC54B89C0B0C5A2E67328280E9A21FE82159B91FCFEF919B1B92BE483D5DC73CE6CF2DC360752A694AE194037C9A37568C14
                                        Malicious:false
                                        Reputation:low
                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i.@..".........................................Q.............................."S..2V....36BRUbrtu.....#78C...!$%1Ds..4ATc.Ea............................................................?......"qKZ.3....%.P.".@..4H..O.1@]`....{.....KNk>.d..J...Xt...O.......?.#.g...9h.....=(4....R..dzP.....:........GNj..u..J...Xt...O.......?.#.g...9......=(..%.x..uG...S.Q.M)k..0..n.w.Gi.....0..H............t...].j.&.*.s...jL$._..2...6{......KN.=.]A.#.h...:l..u..J.:l..u..J...W.......=(..5....?...h...:l.....=(..6{.vG....+.t........t........@....g...7dzQ.:l.....=(......P...X..5....c.qt..B.....S.w@..... ..E..)..6..l.t.G.B..q.&D=.%.._.&..G...F.vY.].........ZB@*..,....A......t(.............8Y_!.wB.%....y....QK..d..k...m..(......tq..EB....W.h].......6E...,U=..|.[......t(4p..CB......G.+.4..Ph.e|....-@.O.>..;..q.

                                        Chrome Cache Entry: 75

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
                                        Category:downloaded
                                        Size (bytes):66624
                                        Entropy (8bit):7.996443365254666
                                        Encrypted:true
                                        SSDEEP:1536:P7P0ehdxE792JHJ2qrz+MoCpeUtsG9eDeh9Zw+ZyqJ:PPlYw1re8Lsqh7MqJ
                                        MD5:DB812D8A70A4E88E888744C1C9A27E89
                                        SHA1:638C652D623280A58144F93E7B552C66D1667A11
                                        SHA-256:FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
                                        SHA-512:17222F02957B3335849E3FE277B17C21C4AAF0C76CD3DA01A4CA39C035629695D29645913865B78E097066492F9CEE5618AF5159560363D2723BED7C3B9CF2A8
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/font-awesome/4.5.0/fonts/fontawesome-webfont.woff
                                        Preview:wOF2.......@......*.............................?FFTM.. .`..r........5.6.$........ ..... ?webf.[.....@...nC....t.TL...f...t....q...5....?=i.l..\.vl ..T...b.... .1.f..7.T.Q....D.;:...1.l.jv..e....n..E....k5>.d.7Q.l..Ba....u.x].......W.C....$.8.v#..y`..F..1aM.8.....w.=|'..0..T|..2/..M.%.b.. .tY$!.....5cb.....(.&.-A/mY......./y..o\........Z=.....5c.k._.n3...(W.........Nag+.....O.R.'...5...=?....m...L......:..*._V...........z+zc.1`..Q#j.../.Z0...-..F..i.b.F"2.<EE...;.."u?..........R.Z.HR..D...x.Y,.5.Tt.vb...e..YN..sFND+........1.......`.....D.(.&6baP6(.....X.6gNW.6k..9]..v......$Cf.v.v..x@..-J.`G...w..w[..A.......4.msI>....i.......p..F(2b....~H.]J.]..j....F.f-~.@......gg.B.-..Tx.%..pU.u..me....'........;...@7..t.=pN....../_.U8.....r....s...X=g....H........j..c....d._1l:1i..I..T.r..>.....v{Gb...T1*...f.-.x.-i..{..1..h...>..(..3.3..!.$.:.....j.~....:ugv.......%.....?...d..5+......fU.z...X.X.<.c%@fBHO.8.....i..G...{...[..M#.FZk."_.'.n{.

                                        Chrome Cache Entry: 76

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):44098
                                        Entropy (8bit):6.083305387754981
                                        Encrypted:false
                                        SSDEEP:768:zL46tOdGGbDCpQtqyHx/8wwDxDT8+MHiw5GN1Gt6ShiOG5qPq:rtOdGcGpQtqyx8wcV8+MC8GTOG5qPq
                                        MD5:4487A588BF2A07E3D1936D705C5CEEFD
                                        SHA1:DB193B3E2AB9FBEE6EAE99CED2366B1EF5F16971
                                        SHA-256:3821EF20F5904FDB993E34D87FF8FB9C5786A382EFB0EEEE8B4F00C91428B701
                                        SHA-512:5440427A4D89E876278383BD6FAF3EC971617B5FA007FD3B586D862B39ED937AABDEE7082FBB0BB1409762617749FD400AF86877D34B6981F681956415CC2EB5
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR... ... ......V......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F38BECB3B28411EB80F687A851C0DE3C" xmpMM:DocumentID="xmp.did:F38BECB4B28411EB80F687A851C0DE3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F38BECB1B28411EB80F687A851C0DE3C" stRef:documentID="xmp.did:F38BECB2B28411EB80F687A851C0DE3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.a.&....IDATx..........P.............2p..A....@v..E@e.G..........B..-."...w.O..<==............-.......... .......

                                        Chrome Cache Entry: 77

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):44098
                                        Entropy (8bit):6.083305387754981
                                        Encrypted:false
                                        SSDEEP:768:zL46tOdGGbDCpQtqyHx/8wwDxDT8+MHiw5GN1Gt6ShiOG5qPq:rtOdGcGpQtqyx8wcV8+MC8GTOG5qPq
                                        MD5:4487A588BF2A07E3D1936D705C5CEEFD
                                        SHA1:DB193B3E2AB9FBEE6EAE99CED2366B1EF5F16971
                                        SHA-256:3821EF20F5904FDB993E34D87FF8FB9C5786A382EFB0EEEE8B4F00C91428B701
                                        SHA-512:5440427A4D89E876278383BD6FAF3EC971617B5FA007FD3B586D862B39ED937AABDEE7082FBB0BB1409762617749FD400AF86877D34B6981F681956415CC2EB5
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/cross.png
                                        Preview:.PNG........IHDR... ... ......V......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F38BECB3B28411EB80F687A851C0DE3C" xmpMM:DocumentID="xmp.did:F38BECB4B28411EB80F687A851C0DE3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F38BECB1B28411EB80F687A851C0DE3C" stRef:documentID="xmp.did:F38BECB2B28411EB80F687A851C0DE3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.a.&....IDATx..........P.............2p..A....@v..E@e.G..........B..-."...w.O..<==............-.......... .......

                                        Chrome Cache Entry: 78

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):4949
                                        Entropy (8bit):7.859283088219073
                                        Encrypted:false
                                        SSDEEP:96:Q2sXF9k4YFUYvtNgrx52bMH+ZMEtzclS/iIS8woR44j:M1ebUYlNcFUdclSKrse4j
                                        MD5:CC5132B56BA46B03DD998AA1FE220106
                                        SHA1:403E007A0B17D76A9945FA5EC46A9D01733B3040
                                        SHA-256:598699133BE5EEF63E3B9B5540609EC0DC91D7AF9C7F70A3B890E57491A70AE0
                                        SHA-512:A523413B12F9BC9D7B4789FA45C57C5AD28E6C33F5CEDE6B9C13C7CFC59CA04DC09787F706354B4E2062B6CB7604CB89BD9021411968EA2B7C78AB29FF41E963
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/pc.png
                                        Preview:.PNG........IHDR.......\............tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....IDATx..]K............J+..&....1".'...H.....+.<.!..`B ...&...%....X.C..>..$ ...2...E....^....G....z{fggV....

                                        Chrome Cache Entry: 79

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                        Category:downloaded
                                        Size (bytes):321
                                        Entropy (8bit):5.048390456887914
                                        Encrypted:false
                                        SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOcdADIUrkzR2p0haFE:hax0rKRHkhzRH/Un2i2GprK5YWOGADBu
                                        MD5:7A64FBAB78ACAB1D56FD76CDB032E91D
                                        SHA1:FB6BCBCC889ADFA5E38134A469B37FCDD6A86E96
                                        SHA-256:89070943B9798839838CEBDD72984D2B0CDF78F31FE92C27F6F5978BDEFCEB1B
                                        SHA-512:21D615FFF56CF1793523859B0AA2C26CFA579E7DA97559B914BACEAD66419E106B15D9FE425BD40382DF1F67EE4CCCC509E085F34134EDCD5B1AC24A8ED80825
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/wa0lDErtm0s.mp3
                                        Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 2c1c4fe8-501e-001d-14ae-50f55c000000</li><li>TimeStamp : 2024-01-26T23:21:21.5700511Z</li></ul></p></body></html>

                                        Chrome Cache Entry: 80

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):25871
                                        Entropy (8bit):7.94435159360093
                                        Encrypted:false
                                        SSDEEP:768:1jncD3TNUM1xISZ8ONnAfSTFPDYj6z6Xn+N:xnw3RUyISpnAfSTFMj6z0nC
                                        MD5:2C497DFFF84BD8C5AF9254C9D6278CE1
                                        SHA1:667E72E7BA6F00A54629E28133317022D4B59AF6
                                        SHA-256:B2DC4153EE7019C70A1095D5D1304D540E3BBA045D99E141F63E5B13362E5A4E
                                        SHA-512:6138813720D378234F497ED844A6815DF8E78D923B470CE58B9B8819EE87B7118DC79498D02FC5BA6A438094CDE6173A9F348F20503BFBF933081D32B8FD2AD6
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR..............x......sBIT....|.d.....pHYs..........+......tEXtSoftware.www.inkscape.org..<... .IDATx..w.^E.....B..$..:.H...(H..HU.JUT.W`m.....H......i.H....k..K @..l...<k.d...3w....9....s...3g..!D.X.8....NC.....oB.!...m...{@w?2..Z*...B.......[NKd..B.!....O.=.s.K..B...6..Z_.<....B.!J...>......BD.=..B.\Y.....Y!.(.Z..Qm.:~;...B......fh...!....B.!D...@.!..!Z..!..5D..!....h. ..B..-...B......B.QC...B.!j...B.!D...@.!..!Z..!..5D..!....h. ..B..-...B......B.QC...B.!j...B.!D...@.!..!Z..!..5D..!....h. ..B.....!.fA`)`<0...z.9..=.[.X8......;.y....m..7...W.W....].Qp.....,.Lh..$.DC.......Hf]kL.../b...}..)..B.A..!.1.X.........).Y.<.......Y%D...@..t.......V.&.%S.U".....5........(!....B...}..K..F.4.......K..4J.2..........)6...KiP...<.........."!J...B....f..?WOk...........1BwR..((Z...~.......Oi.p.".3pCC^Lk...A..Qw....;.;./.....{.Z.v.....-.D...l.M......6.'.z.j.....-.D]..M.;`[..i...c6p7.3p..DZs...-.D.Y..LCVKl.(...=.B.J......Z....8.)l..(.-........x!.-B.C..Q...v...>

                                        Chrome Cache Entry: 81

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):3834
                                        Entropy (8bit):7.661511605576764
                                        Encrypted:false
                                        SSDEEP:96:UgQ99q3GTte0IZF+gPYLRGssABY1sdaS+9:Qs680IjnPIz8Z9
                                        MD5:77A2FFC5545F87551D74781201DE9B3B
                                        SHA1:C9C3798AFD2AE95AA3BBA3C428335D49C8255B06
                                        SHA-256:316E6A6737BD296AB30ACA2EF7FA36F119D15786A2432D01E31FDC130272F15C
                                        SHA-512:CD1A966E47A63AF86E7AC34D58051EF6EA6E0BB5B8ABE14981BD088462667B5A69974B394E960C61F8ED559FB33A2C638D90C004EE13FA985A3F11455213FC2E
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/def.png
                                        Preview:.PNG........IHDR.............R.l.....tEXtSoftware.Adobe ImageReadyq.e<...siTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:c42f55b0-556c-f647-9b5f-ce457f4ebdde" xmpMM:DocumentID="xmp.did:CC2FE32CB28311EB83B6BD6A3591FD42" xmpMM:InstanceID="xmp.iid:CC2FE32BB28311EB83B6BD6A3591FD42" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:c42f55b0-556c-f647-9b5f-ce457f4ebdde" stRef:documentID="xmp.did:c42f55b0-556c-f647-9b5f-ce457f4ebdde"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>k.1.....IDATx..{.]E....H.. .A....%`..

                                        Chrome Cache Entry: 82

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x105, components 3
                                        Category:downloaded
                                        Size (bytes):4581
                                        Entropy (8bit):7.818756760579781
                                        Encrypted:false
                                        SSDEEP:96:4GeZhQjx0Ng1Ebhkx1IWT6YAaGcFfv3EqKjqJXH8wCqulefXoptGMW:4G00uhkbIJYA2RUHjqJYVEfXo4
                                        MD5:E151FBD463FE638C7B0A16FB1FB94811
                                        SHA1:0499756469FD3255F2946520C7944C80712E0105
                                        SHA-256:D30633CFC7D4A2DB8BB70AB7898D47C2680D568C5180E55B28C67B0A72D7AF7A
                                        SHA-512:4F065133CFAA9B439C4CAFBCF37DAC54B89C0B0C5A2E67328280E9A21FE82159B91FCFEF919B1B92BE483D5DC73CE6CF2DC360752A694AE194037C9A37568C14
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/save.jpg
                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i.@..".........................................Q.............................."S..2V....36BRUbrtu.....#78C...!$%1Ds..4ATc.Ea............................................................?......"qKZ.3....%.P.".@..4H..O.1@]`....{.....KNk>.d..J...Xt...O.......?.#.g...9h.....=(4....R..dzP.....:........GNj..u..J...Xt...O.......?.#.g...9......=(..%.x..uG...S.Q.M)k..0..n.w.Gi.....0..H............t...].j.&.*.s...jL$._..2...6{......KN.=.]A.#.h...:l..u..J.:l..u..J...W.......=(..5....?...h...:l.....=(..6{.vG....+.t........t........@....g...7dzQ.:l.....=(......P...X..5....c.qt..B.....S.w@..... ..E..)..6..l.t.G.B..q.&D=.%.._.&..G...F.vY.].........ZB@*..,....A......t(.............8Y_!.wB.%....y....QK..d..k...m..(......tq..EB....W.h].......6E...,U=..|.[......t(4p..CB......G.+.4..Ph.e|....-@.O.>..;..q.

                                        Chrome Cache Entry: 83

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced
                                        Category:dropped
                                        Size (bytes):349
                                        Entropy (8bit):7.047569859646336
                                        Encrypted:false
                                        SSDEEP:6:6v/lhPfnY+7nDsphbAX6jNYCIh61Uw49/J3BYwmPYYSU+59AyROJwWgZPOIwCMR9:6v/74+U3AANXIsUDdI3+XtRZPONCMROO
                                        MD5:7454C652E0733D92DE6C920C2D646AE0
                                        SHA1:34A5BD8C7401F95E346895B0E5CCFFBF0E9AD638
                                        SHA-256:44F752B0BD2E48052D538BC6ACA5379F3630CA64DA945F794690DDF47E8EAEF7
                                        SHA-512:DDE6D40BEC105003CB93C52DD3322C26985FECC7FF1EAB79547FB7F0365AB2FB7B1CBA96AED81958C08627FC6C0BA6034BCEC53B1B66705D7B04202E7F8B5B59
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR...............s+....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.Q1.E@.e..jQ..3hTJ.J......$J..h)$B).t$._.&....).x....y.w...uu]7.......8..(.e.3MS.e.H.0.#."....Q...QU5.C.@.<...$.Bx..x.8.m.n..'r .}.....x.8..i.q.-........0..9O.A...............a.O..{.W..<......1V..0.O.....I..`.!L.....i....6.B#....~....p..Nq.....IEND.B`.

                                        Chrome Cache Entry: 84

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced
                                        Category:downloaded
                                        Size (bytes):349
                                        Entropy (8bit):7.047569859646336
                                        Encrypted:false
                                        SSDEEP:6:6v/lhPfnY+7nDsphbAX6jNYCIh61Uw49/J3BYwmPYYSU+59AyROJwWgZPOIwCMR9:6v/74+U3AANXIsUDdI3+XtRZPONCMROO
                                        MD5:7454C652E0733D92DE6C920C2D646AE0
                                        SHA1:34A5BD8C7401F95E346895B0E5CCFFBF0E9AD638
                                        SHA-256:44F752B0BD2E48052D538BC6ACA5379F3630CA64DA945F794690DDF47E8EAEF7
                                        SHA-512:DDE6D40BEC105003CB93C52DD3322C26985FECC7FF1EAB79547FB7F0365AB2FB7B1CBA96AED81958C08627FC6C0BA6034BCEC53B1B66705D7B04202E7F8B5B59
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/que.png
                                        Preview:.PNG........IHDR...............s+....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.Q1.E@.e..jQ..3hTJ.J......$J..h)$B).t$._.&....).x....y.w...uu]7.......8..(.e.3MS.e.H.0.#."....Q...QU5.C.@.<...$.Bx..x.8.m.n..'r .}.....x.8..i.q.-........0..9O.A...............a.O..{.W..<......1V..0.O.....I..`.!L.....i....6.B#....~....p..Nq.....IEND.B`.

                                        Chrome Cache Entry: 85

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                        Category:dropped
                                        Size (bytes):364
                                        Entropy (8bit):7.161449027375991
                                        Encrypted:false
                                        SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                        MD5:E144C3378090087C8CE129A30CB6CB4E
                                        SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                        SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                        SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                        Chrome Cache Entry: 86

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):25871
                                        Entropy (8bit):7.94435159360093
                                        Encrypted:false
                                        SSDEEP:768:1jncD3TNUM1xISZ8ONnAfSTFPDYj6z6Xn+N:xnw3RUyISpnAfSTFMj6z0nC
                                        MD5:2C497DFFF84BD8C5AF9254C9D6278CE1
                                        SHA1:667E72E7BA6F00A54629E28133317022D4B59AF6
                                        SHA-256:B2DC4153EE7019C70A1095D5D1304D540E3BBA045D99E141F63E5B13362E5A4E
                                        SHA-512:6138813720D378234F497ED844A6815DF8E78D923B470CE58B9B8819EE87B7118DC79498D02FC5BA6A438094CDE6173A9F348F20503BFBF933081D32B8FD2AD6
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/virus-scan.png
                                        Preview:.PNG........IHDR..............x......sBIT....|.d.....pHYs..........+......tEXtSoftware.www.inkscape.org..<... .IDATx..w.^E.....B..$..:.H...(H..HU.JUT.W`m.....H......i.H....k..K @..l...<k.d...3w....9....s...3g..!D.X.8....NC.....oB.!...m...{@w?2..Z*...B.......[NKd..B.!....O.=.s.K..B...6..Z_.<....B.!J...>......BD.=..B.\Y.....Y!.(.Z..Qm.:~;...B......fh...!....B.!D...@.!..!Z..!..5D..!....h. ..B..-...B......B.QC...B.!j...B.!D...@.!..!Z..!..5D..!....h. ..B..-...B......B.QC...B.!j...B.!D...@.!..!Z..!..5D..!....h. ..B.....!.fA`)`<0...z.9..=.[.X8......;.y....m..7...W.W....].Qp.....,.Lh..$.DC.......Hf]kL.../b...}..)..B.A..!.1.X.........).Y.<.......Y%D...@..t.......V.&.%S.U".....5........(!....B...}..K..F.4.......K..4J.2..........)6...KiP...<.........."!J...B....f..?WOk...........1BwR..((Z...~.......Oi.p.".3pCC^Lk...A..Qw....;.;./.....{.Z.v.....-.D...l.M......6.'.z.j.....-.D]..M.;`[..i...c6p7.3p..DZs...-.D.Y..LCVKl.(...=.B.J......Z....8.)l..(.-........x!.-B.C..Q...v...>

                                        Chrome Cache Entry: 87

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):3834
                                        Entropy (8bit):7.661511605576764
                                        Encrypted:false
                                        SSDEEP:96:UgQ99q3GTte0IZF+gPYLRGssABY1sdaS+9:Qs680IjnPIz8Z9
                                        MD5:77A2FFC5545F87551D74781201DE9B3B
                                        SHA1:C9C3798AFD2AE95AA3BBA3C428335D49C8255B06
                                        SHA-256:316E6A6737BD296AB30ACA2EF7FA36F119D15786A2432D01E31FDC130272F15C
                                        SHA-512:CD1A966E47A63AF86E7AC34D58051EF6EA6E0BB5B8ABE14981BD088462667B5A69974B394E960C61F8ED559FB33A2C638D90C004EE13FA985A3F11455213FC2E
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR.............R.l.....tEXtSoftware.Adobe ImageReadyq.e<...siTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:c42f55b0-556c-f647-9b5f-ce457f4ebdde" xmpMM:DocumentID="xmp.did:CC2FE32CB28311EB83B6BD6A3591FD42" xmpMM:InstanceID="xmp.iid:CC2FE32BB28311EB83B6BD6A3591FD42" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:c42f55b0-556c-f647-9b5f-ce457f4ebdde" stRef:documentID="xmp.did:c42f55b0-556c-f647-9b5f-ce457f4ebdde"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>k.1.....IDATx..{.]E....H.. .A....%`..

                                        Chrome Cache Entry: 88

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 1920 x 1126, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):386648
                                        Entropy (8bit):7.977972541740715
                                        Encrypted:false
                                        SSDEEP:6144:tLfaMQeft3/wemTdFcUxZynpcty+jmoNuAGBEfY9cH5XyCcuqzhVS9g:tL5QUt3obTdyQypct0oNbY+ZXyCcuqzf
                                        MD5:DB2C775D2583118BF4464DD65A58535B
                                        SHA1:45413378BF16997DECF585915931305788E55328
                                        SHA-256:DE9FBE2DE348E17BD4948011260EF297C4102B69068692DAABA02BF632ACD291
                                        SHA-512:C36DE48C37A5E6218D63A1051C3C3D4D0AD493D53DAF693C3474DFA8EAB4E04EA413F50BAC3C5EEEAC4CA1FC807D74D6C1343A4ED4EEFA9CD43B91EDC546900B
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR.......f......W......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1591f8ad-93f1-7044-8d42-50dd0c403119" xmpMM:DocumentID="xmp.did:9675A268FD9111EA911BE4CA74763C81" xmpMM:InstanceID="xmp.iid:9675A267FD9111EA911BE4CA74763C81" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3b34a7a6-64f6-8f46-9c56-262bea989f20" stRef:documentID="adobe:docid:photoshop:b686ffd4-d249-364e-8585-3c9b14110c56"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>}..t...mIDATx....x...7...

                                        Chrome Cache Entry: 89

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3
                                        Category:downloaded
                                        Size (bytes):2247
                                        Entropy (8bit):7.11698697675055
                                        Encrypted:false
                                        SSDEEP:48:a0BvnLUTRRcrJ3e5VJub9u6Q1kkGMikBU/Wf:fo/d5VJmY60IkBh
                                        MD5:1BA392DCE74F8987DCA48BF65D817C8F
                                        SHA1:DB0B8444C46125105B52F272BD422A7F52DA1F72
                                        SHA-256:A05245B6F7FD752AF4A7B0131BBDFDF3EAEE6C5A25A81CB498E0F0759189473C
                                        SHA-512:6B2B0EA6169182C21C42793018FE1D7AAA2BBE047FB6E0990C0AF7FCF577D37A16A210C42D1C283A7CD92E266CD2D3AAFE27C8B9C8B1C90F09DC88DBA36A5100
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/minimize.jpg
                                        Preview:......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a4d48e96-283c-5641-9d61-94bb93d5c56f" xmpMM:DocumentID="xmp.did:24EDD198CA0111EB886E90BAF265EF4A" xmpMM:InstanceID="xmp.iid:24EDD197CA0111EB886E90BAF265EF4A" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:703ef937-70bf-4c45-b7c7-5392c7e98eaf" stRef:documentID="adobe:docid:photoshop:813991c1-7842-4249-b78a-c0b43e96414c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

                                        Chrome Cache Entry: 90

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                        Category:downloaded
                                        Size (bytes):321
                                        Entropy (8bit):5.080102123006553
                                        Encrypted:false
                                        SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOdpyVR2bR2p0hXSoE:hax0rKRHkhzRH/Un2i2GprK5YWOdp0Ec
                                        MD5:5AAF2B129DEC327072BE78B05E890B0C
                                        SHA1:9060E6AD0B81DCE75E97C4ED11AB88F98DD5ECAF
                                        SHA-256:08EC3E6A3FB57F224DC1C5E92F1C37DA25A88E5D3EC5C0006104805E11025280
                                        SHA-512:1CE3F58CC981EF54EF9E7FD4A35082C9DDD4BC573FD938ADD9A86E308A99859A736D12A95B44050EC037AD2FD426441E980BF236317A0D011AA681F08D0EF51C
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/favicon.ico
                                        Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : dc98894a-701e-0068-3bae-509e70000000</li><li>TimeStamp : 2024-01-26T23:21:22.8807998Z</li></ul></p></body></html>

                                        Chrome Cache Entry: 91

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 1920 x 1126, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):386648
                                        Entropy (8bit):7.977972541740715
                                        Encrypted:false
                                        SSDEEP:6144:tLfaMQeft3/wemTdFcUxZynpcty+jmoNuAGBEfY9cH5XyCcuqzhVS9g:tL5QUt3obTdyQypct0oNbY+ZXyCcuqzf
                                        MD5:DB2C775D2583118BF4464DD65A58535B
                                        SHA1:45413378BF16997DECF585915931305788E55328
                                        SHA-256:DE9FBE2DE348E17BD4948011260EF297C4102B69068692DAABA02BF632ACD291
                                        SHA-512:C36DE48C37A5E6218D63A1051C3C3D4D0AD493D53DAF693C3474DFA8EAB4E04EA413F50BAC3C5EEEAC4CA1FC807D74D6C1343A4ED4EEFA9CD43B91EDC546900B
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/background.png
                                        Preview:.PNG........IHDR.......f......W......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1591f8ad-93f1-7044-8d42-50dd0c403119" xmpMM:DocumentID="xmp.did:9675A268FD9111EA911BE4CA74763C81" xmpMM:InstanceID="xmp.iid:9675A267FD9111EA911BE4CA74763C81" xmp:CreatorTool="Adobe Photoshop 21.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3b34a7a6-64f6-8f46-9c56-262bea989f20" stRef:documentID="adobe:docid:photoshop:b686ffd4-d249-364e-8585-3c9b14110c56"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>}..t...mIDATx....x...7...

                                        Chrome Cache Entry: 92

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65450)
                                        Category:downloaded
                                        Size (bytes):224446
                                        Entropy (8bit):5.375737433620303
                                        Encrypted:false
                                        SSDEEP:1536:+CgpYPixMrujY4DZsh8pmHgwAgDbGw5JPZqF22RMwVRG+fUBdIhwwAMCtwIMUzd7:XdixkopmHgwZsF22RMwFfYdw2zdyjY/5
                                        MD5:1EECE8B4A1C07453CA3DFEEB67D909D4
                                        SHA1:30A715B844A2D100BB68FB073CBEE72D5ACA11CD
                                        SHA-256:8788C5E11FCBE23813FDD727053B5311DF2F922C7C2B76F318CE28409186910F
                                        SHA-512:B28CDDB2B6D4826CFF6936263514D53A3C5CC4F218C3EF3B8A40D20D50283AB2F1A2EA15944624571B61E82C855967A4A1F1BF653C032324DFEA95FD81351D54
                                        Malicious:false
                                        Reputation:low
                                        URL:https://script.hotjar.com/modules.0c2aac1b2d1ba79f2a01.js
                                        Preview:/*! For license information please see modules.0c2aac1b2d1ba79f2a01.js.LICENSE.txt */.!function(){var e={4788:function(e,t,n){"use strict";n.d(t,{s:function(){return r}});const r=Object.freeze({IDENTIFY_USER:"identify_user",AUTOTAG_RECORDING:"autotag_recording",TAG_RECORDING:"tag_recording",HEATMAP_HELO:"heatmap_helo",RECORDING_HELO:"recording_helo",REPORT_USER_ID:"report_user_id",MUTATION:"mutation",MOUSE_CLICK:"mouse_click",INPUT_CHOICE_CHANGE:"input_choice_change",KEY_PRESS:"key_press",MOUSE_MOVE:"mouse_move",RELATIVE_MOUSE_MOVE:"relative_mouse_move",CLIPBOARD:"clipboard",PAGE_VISIBILITY:"page_visibility",SCROLL_REACH:"scroll_reach",SCROLL:"scroll",SELECT_CHANGE:"select_change",VIEWPORT_RESIZE:"viewport_resize",SCRIPT_PERFORMANCE:"script_performance",REPORT_CONTENT:"report_content",INSERTED_RULE:"inserted_rule",DELETED_RULE:"deleted_rule"})},6939:function(e,t,n){"use strict";n.d(t,{f:function(){return f},W:function(){return g}});const r=Object.freeze({LIVE:"LIVE",REVIEW_WEBAPP:"REVI

                                        Chrome Cache Entry: 93

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):1108
                                        Entropy (8bit):6.387165438426049
                                        Encrypted:false
                                        SSDEEP:24:I1hSWwjx82lY2T3wQV7bhW2yJ3VyifBZ8Gd2CIfN4:GBNn2cQ9dWtJ3QGBZ8VCIf6
                                        MD5:A3555871399F1F67BFACAF437974B03A
                                        SHA1:B6337DE87CD7A75A73CD804774651D14C83FE76A
                                        SHA-256:2E48FEF820929C21295E13444901F60E3AED61BA6F8C773FF1466E6843E76B49
                                        SHA-512:2C681434FC26CBFDB81B827F230A0A9F9108612585776990F004F7015C72DB6CA93A34F6E9AA973B5395540C8F3027CB942810AB7B833CAB4678FBB1424E1DEE
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:603A2CFBCAAE11EBA08EEC1ED7310156" xmpMM:DocumentID="xmp.did:603A2CFCCAAE11EBA08EEC1ED7310156"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:603A2CF9CAAE11EBA08EEC1ED7310156" stRef:documentID="xmp.did:603A2CFACAAE11EBA08EEC1ED7310156"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..8.....IDATx....0.......:..c..(>.C...:.W(d.9....N... .?p..&..G....u.."!.Yu...p1.RJ..[........C9. .../......[..

                                        Chrome Cache Entry: 94

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:downloaded
                                        Size (bytes):58
                                        Entropy (8bit):4.279552115444215
                                        Encrypted:false
                                        SSDEEP:3:YWQRAW6k3RAcy+yKLrSNMR4:YWQmyRqjKLrVO
                                        MD5:63E54B2D4991F8671CFCD27B0D0CDEE3
                                        SHA1:197D9BE7DCEC4C422D6A8158F5A3B597053E2F09
                                        SHA-256:DF55B8A88E51990519BCD5320B53ADE4CF8D9B778B267953A479F726C7036331
                                        SHA-512:A7AE671398DDE28766AE3079EC7055631340EF9B514F358C146EC6378CCA1FBB60D2AA20CB5D499F978216FCFF84762B505778D35F7D4C15276848B14DB43618
                                        Malicious:false
                                        Reputation:low
                                        URL:https://ipwho.is/?lang=en
                                        Preview:{"success":false,"message":"You've hit the monthly limit"}

                                        Chrome Cache Entry: 95

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):366
                                        Entropy (8bit):4.204963825199097
                                        Encrypted:false
                                        SSDEEP:6:Qg+RX9KaF3fa7qXLZRYj+wZmzW6CkpmqVthreAirbQt4X4:gXcahCuRYjf6TNtVfiHQtP
                                        MD5:87C2DC3AEB373CA8445F7410EF387689
                                        SHA1:688F4BE3CFB8688B4441F382724495A7B82B3F62
                                        SHA-256:31681779C6F394370DAD146169896E9EC2B8F7C716C4B1DB78C459033E48BF95
                                        SHA-512:BE604EC6773904B4BF034CC69466367BB1CE5D54A56149133834AC7F74B6AEEC55CAF380518A01D72827BAEEF5241A11F6EB23392E51A09343C8FDB970AAE22B
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/before.js
                                        Preview:window.addEventListener("beforeunload", function (e) {.. var confirmationMessage = 'It looks like you have been editing something. '.. + 'If you leave before saving, your changes will be lost.';.... (e || window.event).returnValue = confirmationMessage; .. return confirmationMessage;.. });

                                        Chrome Cache Entry: 96

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):1025
                                        Entropy (8bit):4.6934559200532115
                                        Encrypted:false
                                        SSDEEP:24:7vNLWAtaN83Jfmtr2erK2fvrQbqUbFdJiZIYx6REKdIA:7vNW2aKPSK2fvrdYbJi5MREKdr
                                        MD5:2E713C1EF21E25F390D89D4DCBB7E8B8
                                        SHA1:AAB3D8B62454E9A35D74DCC57F94F58C903EF647
                                        SHA-256:692DF7727E357E6741E1B85E3B2C8D0E6D19840EE36812D4196C0A9E76EFFCA3
                                        SHA-512:59D8A752BE5CB765DB0D3441F521413F673D53FE2FFFE18F55563101EC1A578EE96F4509A8F1B13321AEB7FEE96BACD51ABFBD0615186E31F91EEFFEA54F7A3A
                                        Malicious:false
                                        Reputation:low
                                        Preview:{. "About Us": "https:\/\/ipwhois.io",. "ip": "81.181.57.74",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Georgia",. "region_code": "GA",. "city": "Atlanta",. "latitude": 33.7489954,. "longitude": -84.3879824,. "is_eu": false,. "postal": "30303",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 212238,. "org": "Binbox Global Services SRL",. "isp": "Datacamp Limited",. "domain": "binbox.com". },. "timezone": {. "id": "America\/New_York",. "abbr": "EST",. "is_dst": false,. "offset": -18000,. "utc": "-05:00",. "current_time": "2024-01-2

                                        Chrome Cache Entry: 97

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 236 x 47, 8-bit colormap, non-interlaced
                                        Category:dropped
                                        Size (bytes):2605
                                        Entropy (8bit):7.905759039304704
                                        Encrypted:false
                                        SSDEEP:48:qRuA1pKGO/R4pHedzXfDTEXQNtREiJqAqzPNMbinvjeyqJhkRDbZQNxLL48IXv:qzxO/ep8zv/ByWqXzVhn7tqjwDbZQLLa
                                        MD5:001068C638AAB54BF48FFA339D4839D9
                                        SHA1:DC8C419691C4BB93FE49720F16DEAA7EAD0DAA1B
                                        SHA-256:6BCEC512E5EF229100BD2CDD59103617F74D658154C0C6997324EED0C2230BDF
                                        SHA-512:FAA5FEB5FACCC7FFC3BBDD86C4FC1DE514BFF72D9A66A6BD69D7A366FA70334D7EE1EE9BBA188CF0FB41852C9807BAE4023B23F8BF7175F3B91808B8BDE85ECD
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR......./......q.<....sRGB...,.....pHYs...t...t..f.x....PLTE......x..Tc.1C.8I.jv............s..We.CS.3D.%7.>O.bo.........t..JZ.&8.5G.hu............p|.L[.*<.DT.u.............r~.IX.6G.K[............}..P_.':.2C.HW.cp.........o{.Sb.=N.'9.7H..........M\.<L.IY..........fs.BS.);.Q`........ly.!4.........................$7.{....-?.FV....dr...5F....@P.......:K....N].v...........<M.......kw....]j._m...,>.`n.AQ......w.......Wf.....~...........[i.+=...4E...............Vd..........r~............................nz."5.EU.?O...]k.....................Zh.......y....0B.......er.z..../A.............|..(;.....9J.iv.#6....................an.^l.Yg.Xg.;K.....dq..........Ra...............gt....kx....x....mz.......BR....Uc..@..?.GW..............IDATx..X.CUE.. .....(n ......)..]...%.........*....SP!..w.R.....1..,M..%...............7.9..=wf..}..B...*T.P.B.........}gC.KW.n..p....[..}.:9.u.._..u..A.....eE....w.1.n.h.......=v....6....

                                        Chrome Cache Entry: 98

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):1108
                                        Entropy (8bit):6.387165438426049
                                        Encrypted:false
                                        SSDEEP:24:I1hSWwjx82lY2T3wQV7bhW2yJ3VyifBZ8Gd2CIfN4:GBNn2cQ9dWtJ3QGBZ8VCIf6
                                        MD5:A3555871399F1F67BFACAF437974B03A
                                        SHA1:B6337DE87CD7A75A73CD804774651D14C83FE76A
                                        SHA-256:2E48FEF820929C21295E13444901F60E3AED61BA6F8C773FF1466E6843E76B49
                                        SHA-512:2C681434FC26CBFDB81B827F230A0A9F9108612585776990F004F7015C72DB6CA93A34F6E9AA973B5395540C8F3027CB942810AB7B833CAB4678FBB1424E1DEE
                                        Malicious:false
                                        Reputation:low
                                        URL:https://totalpartningonline.z9.web.core.windows.net/bell.png
                                        Preview:.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:603A2CFBCAAE11EBA08EEC1ED7310156" xmpMM:DocumentID="xmp.did:603A2CFCCAAE11EBA08EEC1ED7310156"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:603A2CF9CAAE11EBA08EEC1ED7310156" stRef:documentID="xmp.did:603A2CFACAAE11EBA08EEC1ED7310156"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..8.....IDATx....0.......:..c..(>.C...:.W(d.9....N... .?p..&..G....u.."!.Yu...p1.RJ..[........C9. .../......[..

                                        Static File Info

                                        No static file info

                                        Network Behavior

                                        Download Network PCAP: filteredfull

                                        Network Port Distribution

                                        • Total Packets: 158
                                        • 443 (HTTPS)
                                        • 53 (DNS)
                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 27, 2024 00:21:06.674604893 CET49678443192.168.2.4104.46.162.224
                                        Jan 27, 2024 00:21:08.783765078 CET49675443192.168.2.4173.222.162.32
                                        Jan 27, 2024 00:21:15.052508116 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.052592039 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.052733898 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.052759886 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.052784920 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.052853107 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.052995920 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.053025961 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.053145885 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.053168058 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.307450056 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.307655096 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.307686090 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.308201075 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.308269978 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.309622049 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.309675932 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.309715986 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.310240030 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.310246944 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.310674906 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.310754061 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.310847044 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.310856104 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.311875105 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.312007904 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.312813044 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.312902927 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.312944889 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.353981972 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.360585928 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.360586882 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.360631943 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.521810055 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.522197008 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.522274971 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.522427082 CET49731443192.168.2.4142.251.15.100
                                        Jan 27, 2024 00:21:15.522461891 CET44349731142.251.15.100192.168.2.4
                                        Jan 27, 2024 00:21:15.528244972 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.528322935 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.528343916 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.528599024 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:15.528662920 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.528981924 CET49730443192.168.2.464.233.176.84
                                        Jan 27, 2024 00:21:15.528995991 CET4434973064.233.176.84192.168.2.4
                                        Jan 27, 2024 00:21:17.846040010 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:17.846086025 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:17.846152067 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:17.846590996 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:17.846610069 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.079087973 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.094290018 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:18.094300985 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.097834110 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.097940922 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:18.099131107 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:18.099307060 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.142365932 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:18.142374992 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:18.189088106 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:18.392885923 CET49675443192.168.2.4173.222.162.32
                                        Jan 27, 2024 00:21:19.159955978 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.160041094 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.160109043 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.160322905 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.160360098 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.174185038 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.174217939 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.174271107 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.174480915 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.174496889 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.418064117 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.418262959 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.418441057 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.420101881 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.420176983 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.510220051 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.510447025 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.511656046 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.511687994 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.569581032 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.595695019 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.602588892 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.602603912 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.605357885 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.605433941 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.609977961 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.610116959 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.610630989 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.610641956 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.658366919 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.715711117 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722177029 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722199917 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722229004 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722254038 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722286940 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.722326994 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.722358942 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.722384930 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.722397089 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.723753929 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.723820925 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.730875969 CET49750443192.168.2.418.160.41.49
                                        Jan 27, 2024 00:21:19.730906963 CET4434975018.160.41.49192.168.2.4
                                        Jan 27, 2024 00:21:19.742314100 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.742451906 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.742516041 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.771531105 CET49751443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:19.771550894 CET4434975115.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:19.910974026 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:19.910993099 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:19.911067963 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:19.911987066 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:19.911998987 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.156495094 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.174156904 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.174177885 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.175195932 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.175266027 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.190803051 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.190876961 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.191247940 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.191257954 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.235591888 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.322658062 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.322698116 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.322757959 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.336932898 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.336950064 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.411874056 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.411905050 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.411915064 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.411955118 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.411978006 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.411992073 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.412014008 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.412046909 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.412067890 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.412067890 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.412067890 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.412086964 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.420628071 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.420656919 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.420733929 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.431950092 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.431967020 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.432046890 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.432058096 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.432100058 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.525067091 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.525095940 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.528635025 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.528650999 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.528708935 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.528729916 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.528784990 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.552010059 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.552027941 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.552086115 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.552103996 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.552186012 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.567706108 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.567771912 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.573715925 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.573730946 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.573785067 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.573801994 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.573820114 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.573846102 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.584845066 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.584856033 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.585264921 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.626302004 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.637298107 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.637314081 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.637366056 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.637383938 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.637403011 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.637429953 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.654939890 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.654968977 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.655008078 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.655016899 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.655041933 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.655057907 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.673830032 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.673851967 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.673914909 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.673926115 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.673971891 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.673986912 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.688745975 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.688792944 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.688846111 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.688853979 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.688883066 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.688900948 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.706738949 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.706763983 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.706849098 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.706856966 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.706878901 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.706906080 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.726248026 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.726267099 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.726305008 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.726314068 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.726352930 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.726365089 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.735778093 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.735795975 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.735857964 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.735867977 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.735908031 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.756494999 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.756510019 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.756596088 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.756604910 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.756645918 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.765508890 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.765564919 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.765572071 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.765600920 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.765613079 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.765625954 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.765665054 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.766190052 CET49755443192.168.2.499.84.191.81
                                        Jan 27, 2024 00:21:20.766201019 CET4434975599.84.191.81192.168.2.4
                                        Jan 27, 2024 00:21:20.794037104 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.795329094 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.795342922 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.796767950 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.796838045 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.799041033 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.799124002 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.799170971 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.802938938 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.841985941 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.842000961 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:20.849925041 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.890932083 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:20.906344891 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.906415939 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.906466961 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.906846046 CET49765443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.906866074 CET4434976523.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.946485043 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.946559906 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:20.946652889 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.946965933 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:20.947000980 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.097803116 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:21.097878933 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:21.098066092 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:21.100832939 CET49766443192.168.2.415.204.213.5
                                        Jan 27, 2024 00:21:21.100841045 CET4434976615.204.213.5192.168.2.4
                                        Jan 27, 2024 00:21:21.164608002 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.164839029 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:21.168543100 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:21.168596029 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.169018984 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.170835972 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:21.213943005 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.367966890 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.368117094 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:21.368194103 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:22.251565933 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:22.251565933 CET49772443192.168.2.423.63.206.91
                                        Jan 27, 2024 00:21:22.251647949 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:22.251679897 CET4434977223.63.206.91192.168.2.4
                                        Jan 27, 2024 00:21:28.085341930 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:28.085490942 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:21:28.087692022 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:29.133771896 CET49738443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:21:29.133835077 CET4434973874.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:17.787869930 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:17.787965059 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:17.788038015 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:17.788913012 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:17.788950920 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:18.004272938 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:18.060156107 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:18.217006922 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:18.217044115 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:18.217448950 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:18.218041897 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:18.218122005 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:18.260765076 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:28.021655083 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:28.021720886 CET4434979574.125.138.104192.168.2.4
                                        Jan 27, 2024 00:22:28.021935940 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:29.115118027 CET49795443192.168.2.474.125.138.104
                                        Jan 27, 2024 00:22:29.115153074 CET4434979574.125.138.104192.168.2.4
                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 27, 2024 00:21:14.925714016 CET6299553192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:14.925868988 CET5242753192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:14.926248074 CET5238353192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:14.926394939 CET6289553192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:15.034207106 CET53604821.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:15.044471025 CET53629951.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:15.045206070 CET53523831.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:15.045727015 CET53628951.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:15.045906067 CET53524271.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:15.691145897 CET53631651.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:17.720702887 CET6319353192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:17.720976114 CET5447353192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:17.839652061 CET53631931.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:17.839893103 CET53544731.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.035543919 CET6211553192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.035813093 CET6073553192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.039563894 CET5669953192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.039762020 CET6493553192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.155533075 CET53607351.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.158617973 CET53649351.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.159183025 CET53566991.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.173652887 CET53621151.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.751646042 CET5474153192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.760488987 CET6292953192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:19.872081041 CET53547411.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:19.880848885 CET53629291.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:20.229244947 CET5658953192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:20.229796886 CET5629653192.168.2.41.1.1.1
                                        Jan 27, 2024 00:21:20.350511074 CET53562961.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:20.369401932 CET53565891.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:33.131953955 CET53630991.1.1.1192.168.2.4
                                        Jan 27, 2024 00:21:37.196504116 CET138138192.168.2.4192.168.2.255
                                        Jan 27, 2024 00:21:52.450644016 CET53548991.1.1.1192.168.2.4
                                        Jan 27, 2024 00:22:14.439116001 CET53549281.1.1.1192.168.2.4
                                        Jan 27, 2024 00:22:15.022298098 CET53597401.1.1.1192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jan 27, 2024 00:21:14.925714016 CET192.168.2.41.1.1.10x1e45Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:14.925868988 CET192.168.2.41.1.1.10x1471Standard query (0)clients2.google.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:14.926248074 CET192.168.2.41.1.1.10x4f46Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:14.926394939 CET192.168.2.41.1.1.10xbaa8Standard query (0)accounts.google.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:17.720702887 CET192.168.2.41.1.1.10xfe3eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.720976114 CET192.168.2.41.1.1.10xb9f1Standard query (0)www.google.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:19.035543919 CET192.168.2.41.1.1.10x933cStandard query (0)ipwho.isA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.035813093 CET192.168.2.41.1.1.10x4c6eStandard query (0)ipwho.is65IN (0x0001)false
                                        Jan 27, 2024 00:21:19.039563894 CET192.168.2.41.1.1.10x7567Standard query (0)static.hotjar.comA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.039762020 CET192.168.2.41.1.1.10xdbe9Standard query (0)static.hotjar.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:19.751646042 CET192.168.2.41.1.1.10x5a8dStandard query (0)script.hotjar.comA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.760488987 CET192.168.2.41.1.1.10xf485Standard query (0)script.hotjar.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:20.229244947 CET192.168.2.41.1.1.10x1c29Standard query (0)ipwho.isA (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:20.229796886 CET192.168.2.41.1.1.10x59b9Standard query (0)ipwho.is65IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.100A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.102A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.138A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.113A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.139A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.044471025 CET1.1.1.1192.168.2.40x1e45No error (0)clients.l.google.com142.251.15.101A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.045206070 CET1.1.1.1192.168.2.40x4f46No error (0)accounts.google.com64.233.176.84A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:15.045906067 CET1.1.1.1192.168.2.40x1471No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.104A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.147A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.105A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.106A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.99A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839652061 CET1.1.1.1192.168.2.40xfe3eNo error (0)www.google.com74.125.138.103A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:17.839893103 CET1.1.1.1192.168.2.40xb9f1No error (0)www.google.com65IN (0x0001)false
                                        Jan 27, 2024 00:21:19.158617973 CET1.1.1.1192.168.2.40xdbe9No error (0)static.hotjar.comstatic-cdn.hotjar.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.159183025 CET1.1.1.1192.168.2.40x7567No error (0)static.hotjar.comstatic-cdn.hotjar.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.159183025 CET1.1.1.1192.168.2.40x7567No error (0)static-cdn.hotjar.com18.160.41.49A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.159183025 CET1.1.1.1192.168.2.40x7567No error (0)static-cdn.hotjar.com18.160.41.58A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.159183025 CET1.1.1.1192.168.2.40x7567No error (0)static-cdn.hotjar.com18.160.41.112A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.159183025 CET1.1.1.1192.168.2.40x7567No error (0)static-cdn.hotjar.com18.160.41.53A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.173652887 CET1.1.1.1192.168.2.40x933cNo error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.872081041 CET1.1.1.1192.168.2.40x5a8dNo error (0)script.hotjar.com99.84.191.81A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.872081041 CET1.1.1.1192.168.2.40x5a8dNo error (0)script.hotjar.com99.84.191.43A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.872081041 CET1.1.1.1192.168.2.40x5a8dNo error (0)script.hotjar.com99.84.191.41A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:19.872081041 CET1.1.1.1192.168.2.40x5a8dNo error (0)script.hotjar.com99.84.191.77A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:20.369401932 CET1.1.1.1192.168.2.40x1c29No error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:32.036807060 CET1.1.1.1192.168.2.40xf825No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:32.036807060 CET1.1.1.1192.168.2.40xf825No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:21:46.385013103 CET1.1.1.1192.168.2.40x22b0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:21:46.385013103 CET1.1.1.1192.168.2.40x22b0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:22:07.630790949 CET1.1.1.1192.168.2.40x9969No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:22:07.630790949 CET1.1.1.1192.168.2.40x9969No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                        Jan 27, 2024 00:22:27.436839104 CET1.1.1.1192.168.2.40x90eeNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                        Jan 27, 2024 00:22:27.436839104 CET1.1.1.1192.168.2.40x90eeNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • clients2.google.com
                                        • accounts.google.com
                                        • https:
                                          • static.hotjar.com
                                          • ipwho.is
                                          • script.hotjar.com
                                        • fs.microsoft.com

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449731142.251.15.100443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:15 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                        Host: clients2.google.com
                                        Connection: keep-alive
                                        X-Goog-Update-Interactivity: fg
                                        X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                        X-Goog-Update-Updater: chromecrx-117.0.5938.132
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: empty
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2024-01-26 23:21:15 UTC732INHTTP/1.1 200 OK
                                        Content-Security-Policy: script-src 'report-sample' 'nonce-H3QfRJRE4dUz01LrfIod_Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Fri, 26 Jan 2024 23:21:15 GMT
                                        Content-Type: text/xml; charset=UTF-8
                                        X-Daynum: 6234
                                        X-Daystart: 55275
                                        X-Content-Type-Options: nosniff
                                        X-Frame-Options: SAMEORIGIN
                                        X-XSS-Protection: 1; mode=block
                                        Server: GSE
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Accept-Ranges: none
                                        Vary: Accept-Encoding
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        2024-01-26 23:21:15 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 35 32 37 35 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                        Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6234" elapsed_seconds="55275"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                        2024-01-26 23:21:15 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                        Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                        2024-01-26 23:21:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.44973064.233.176.84443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:15 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                        Host: accounts.google.com
                                        Connection: keep-alive
                                        Content-Length: 1
                                        Origin: https://www.google.com
                                        Content-Type: application/x-www-form-urlencoded
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: empty
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                                        2024-01-26 23:21:15 UTC1OUTData Raw: 20
                                        Data Ascii:
                                        2024-01-26 23:21:15 UTC1799INHTTP/1.1 200 OK
                                        Content-Type: application/json; charset=utf-8
                                        Access-Control-Allow-Origin: https://www.google.com
                                        Access-Control-Allow-Credentials: true
                                        X-Content-Type-Options: nosniff
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Fri, 26 Jan 2024 23:21:15 GMT
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                        Cross-Origin-Opener-Policy: same-origin
                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        Content-Security-Policy: script-src 'report-sample' 'nonce-bXm78ElN6AKJKB4tjR7EOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                        reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6O138urGUTePHv-GNGAL5tGNg"
                                        Server: ESF
                                        X-XSS-Protection: 0
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Accept-Ranges: none
                                        Vary: Accept-Encoding
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        2024-01-26 23:21:15 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                        Data Ascii: 11["gaia.l.a.r",[]]
                                        2024-01-26 23:21:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.44975018.160.41.49443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:19 UTC568OUTGET /c/hotjar-3840748.js?sv=6 HTTP/1.1
                                        Host: static.hotjar.com
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: script
                                        Referer: https://totalpartningonline.z9.web.core.windows.net/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2024-01-26 23:21:19 UTC633INHTTP/1.1 200 OK
                                        Content-Type: application/javascript; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Date: Fri, 26 Jan 2024 23:21:19 GMT
                                        Access-Control-Allow-Origin: *
                                        Cache-Control: max-age=60
                                        Cross-Origin-Resource-Policy: cross-origin
                                        ETag: W/ea0784bc645433cef76f98a2c69e9751
                                        Strict-Transport-Security: max-age=2592000; includeSubDomains
                                        X-Cache-Hit: 1
                                        X-Content-Type-Options: nosniff
                                        Vary: Accept-Encoding
                                        X-Cache: Miss from cloudfront
                                        Via: 1.1 a770e75e0ebdb44f23f7a7ef20bbbffa.cloudfront.net (CloudFront)
                                        X-Amz-Cf-Pop: IAD55-P1
                                        X-Amz-Cf-Id: X1fpwT4xkWtztFO5Z68poTwTXtdJJG1XCUnkj-ZheZ2BCzRP1EB3Zw==
                                        2024-01-26 23:21:19 UTC8856INData Raw: 32 32 39 30 0d 0a 77 69 6e 64 6f 77 2e 68 6a 53 69 74 65 53 65 74 74 69 6e 67 73 20 3d 20 77 69 6e 64 6f 77 2e 68 6a 53 69 74 65 53 65 74 74 69 6e 67 73 20 7c 7c 20 7b 22 73 69 74 65 5f 69 64 22 3a 33 38 34 30 37 34 38 2c 22 72 65 63 5f 76 61 6c 75 65 22 3a 30 2e 31 33 2c 22 73 74 61 74 65 5f 63 68 61 6e 67 65 5f 6c 69 73 74 65 6e 5f 6d 6f 64 65 22 3a 22 61 75 74 6f 6d 61 74 69 63 22 2c 22 72 65 63 6f 72 64 22 3a 74 72 75 65 2c 22 63 6f 6e 74 69 6e 75 6f 75 73 5f 63 61 70 74 75 72 65 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 72 65 63 6f 72 64 69 6e 67 5f 63 61 70 74 75 72 65 5f 6b 65 79 73 74 72 6f 6b 65 73 22 3a 74 72 75 65 2c 22 73 65 73 73 69 6f 6e 5f 63 61 70 74 75 72 65 5f 63 6f 6e 73 6f 6c 65 5f 63 6f 6e 73 65 6e 74 22 3a 74 72 75 65 2c 22 61
                                        Data Ascii: 2290window.hjSiteSettings = window.hjSiteSettings || {"site_id":3840748,"rec_value":0.13,"state_change_listen_mode":"automatic","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":true,"session_capture_console_consent":true,"a
                                        2024-01-26 23:21:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.44975115.204.213.5443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:19 UTC600OUTGET /?lang=en HTTP/1.1
                                        Host: ipwho.is
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://totalpartningonline.z9.web.core.windows.net
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://totalpartningonline.z9.web.core.windows.net/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2024-01-26 23:21:19 UTC255INHTTP/1.1 200 OK
                                        Date: Fri, 26 Jan 2024 23:21:19 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Server: ipwhois
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Headers: *
                                        X-Robots-Tag: noindex
                                        2024-01-26 23:21:19 UTC69INData Raw: 33 61 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 59 6f 75 27 76 65 20 68 69 74 20 74 68 65 20 6d 6f 6e 74 68 6c 79 20 6c 69 6d 69 74 22 7d 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 3a{"success":false,"message":"You've hit the monthly limit"}0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.44975599.84.191.81443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:20 UTC575OUTGET /modules.0c2aac1b2d1ba79f2a01.js HTTP/1.1
                                        Host: script.hotjar.com
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: script
                                        Referer: https://totalpartningonline.z9.web.core.windows.net/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2024-01-26 23:21:20 UTC719INHTTP/1.1 200 OK
                                        Content-Type: application/javascript; charset=utf-8
                                        Content-Length: 224446
                                        Connection: close
                                        Date: Wed, 24 Jan 2024 15:40:11 GMT
                                        Accept-Ranges: bytes
                                        Access-Control-Allow-Origin: *
                                        Cache-Control: max-age=31536000
                                        Cross-Origin-Resource-Policy: cross-origin
                                        ETag: "1eece8b4a1c07453ca3dfeeb67d909d4"
                                        Last-Modified: Wed, 24 Jan 2024 15:39:41 GMT
                                        Strict-Transport-Security: max-age=2592000; includeSubDomains
                                        X-Content-Type-Options: nosniff
                                        X-Robots-Tag: none
                                        Vary: Accept-Encoding
                                        X-Cache: Hit from cloudfront
                                        Via: 1.1 5bbbde7889bb9c7247f5924a32d2fdf0.cloudfront.net (CloudFront)
                                        X-Amz-Cf-Pop: IAD89-C2
                                        X-Amz-Cf-Id: tSvVX3fjHrZoxeCvCPxCtj_PW9gUKnCEJx7FwDu1MxHcLfpDWqBTbA==
                                        Age: 200469
                                        2024-01-26 23:21:20 UTC15665INData Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 6f 64 75 6c 65 73 2e 30 63 32 61 61 63 31 62 32 64 31 62 61 37 39 66 32 61 30 31 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 34 37 38 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 3b 63 6f 6e 73 74 20 72 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 49 44 45 4e 54 49 46 59 5f 55 53 45 52 3a 22 69 64 65 6e 74 69 66 79 5f 75 73 65 72 22 2c 41 55 54 4f 54 41 47 5f 52 45 43 4f 52 44 49 4e 47 3a 22 61 75 74 6f 74 61 67 5f 72 65 63 6f
                                        Data Ascii: /*! For license information please see modules.0c2aac1b2d1ba79f2a01.js.LICENSE.txt */!function(){var e={4788:function(e,t,n){"use strict";n.d(t,{s:function(){return r}});const r=Object.freeze({IDENTIFY_USER:"identify_user",AUTOTAG_RECORDING:"autotag_reco
                                        2024-01-26 23:21:20 UTC16384INData Raw: 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 69 28 65 29 7d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 6a 2e 6c 6f 61 64 65 72 2e 72 65 67 69 73 74 65 72 4d 6f 64 75 6c 65 28 22 43 6f 6d 6d 61 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 2c 74 3d 7b 7d 2c 6e 3d 77 69 6e 64 6f 77 2e 68 6a 2e 71 2c 61 3d 5b 22 72 65 61 64 79 22 2c 22 73 74 61 74 65 43 68 61 6e 67
                                        Data Ascii: return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},i(e)}hj.tryCatch((function(){hj.loader.registerModule("Command",function(){var e={},t={},n=window.hj.q,a=["ready","stateChang
                                        2024-01-26 23:21:20 UTC16384INData Raw: 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 6c 69 73 74 65 6e 28 65 29 7d 29 29 2c 68 6a 2e 61 75 74 6f 74 61 67 2e 73 74 61 72 74 28 29 7d 29 2c 22 62 65 68 61 76 69 6f 72 2d 64 61 74 61 2e 65 76 65 6e 74 73 2e 65 6e 61 62 6c 65 52 65 63 6f 72 64 69 6e 67 22 29 7d 2c 56 3d 6e 28 34 38 35 29 2c 57 3d 6e 28 38 38 36 33 29 2c 7a 3d 6e 28 33 38 38 33 29 2c 42 3d 6e 28 37 32 34 29 3b 66 75 6e 63 74 69 6f 6e 20 46 28 29 7b 72 65 74 75 72 6e 20 46 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 2e 62 69 6e 64 28 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 6e 3d 61 72 67 75 6d 65 6e 74 73
                                        Data Ascii: orEach((function(t){t.listen(e)})),hj.autotag.start()}),"behavior-data.events.enableRecording")},V=n(485),W=n(8863),z=n(3883),B=n(724);function F(){return F=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments
                                        2024-01-26 23:21:20 UTC16384INData Raw: 29 29 7c 7c 74 2e 6f 6c 64 50 72 65 76 69 6f 75 73 2e 73 65 74 28 65 2c 6e 29 7d 7d 29 29 29 7d 29 2c 22 4d 75 74 61 74 69 6f 6e 50 72 6f 6a 65 63 74 69 6f 6e 2e 70 72 6f 63 65 73 73 43 68 69 6c 64 6c 69 73 74 43 68 61 6e 67 65 73 22 29 2c 74 68 69 73 2e 77 61 73 52 65 6f 72 64 65 72 65 64 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 6f 2e 74 72 65 65 43 68 61 6e 67 65 73 2e 61 6e 79 50 61 72 65 6e 74 73 43 68 61 6e 67 65 64 29 72 65 74 75 72 6e 21 31 3b 6f 2e 70 72 6f 63 65 73 73 43 68 69 6c 64 6c 69 73 74 43 68 61 6e 67 65 73 28 29 3b 76 61 72 20 74 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 6e 3d 6f 2e 74 72 65 65 43 68 61 6e 67 65 73 2e 67 65 74 28 65 29 3b 69 66 28 6e 26 26 6e 2e 6f 6c 64 50 61 72 65 6e 74
                                        Data Ascii: ))||t.oldPrevious.set(e,n)}})))}),"MutationProjection.processChildlistChanges"),this.wasReordered=hj.tryCatch((function(e){if(!o.treeChanges.anyParentsChanged)return!1;o.processChildlistChanges();var t=e.parentNode,n=o.treeChanges.get(e);if(n&&n.oldParent
                                        2024-01-26 23:21:20 UTC16384INData Raw: 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 5a 28 65 29 7d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 76 6f 69 64 20 30 21 3d 3d 68 6a 2e 73 63 72 69 70 74 4c 6f 61 64 65 64 29 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3d 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 7c 7c 7b 77 61 72 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 2c 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 48 6f 74 6a 61 72 20 54 72 61 63 6b 69 6e 67 20 57 61 72 6e 69 6e 67 3a 20 4d 75 6c 74 69 70 6c 65 20 48 6f 74 6a 61 72 20 74 72 61 63 6b 69 6e 67 20 63 6f 64 65 73 20 77 65 72 65 20 64 65 74 65 63 74 65 64 20 6f 6e 20 74 68 69 73 20 70
                                        Data Ascii: ymbol&&e!==Symbol.prototype?"symbol":typeof e},Z(e)}hj.tryCatch((function(){if(void 0!==hj.scriptLoaded)return window.console=window.console||{warn:function(){}},console.warn("Hotjar Tracking Warning: Multiple Hotjar tracking codes were detected on this p
                                        2024-01-26 23:21:20 UTC16384INData Raw: 6e 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 65 7c 7c 77 69 6e 64 6f 77 2c 7b 6c 65 66 74 3a 68 6a 2e 68 71 28 65 29 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 6f 70 3a 68 6a 2e 68 71 28 65 29 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 7d 7d 29 2c 22 63 6f 6d 6d 6f 6e 22 29 2c 65 2e 67 65 74 42 6f 74 74 6f 6d 41 73 50 65 72 63 65 6e 74 61 67 65 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 70 61 72 73 65 49 6e 74 28 31 65 33 2a 28 68 6a 2e 68 71 28 77 69 6e 64 6f 77 29 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2b 68 6a 2e 75 69 2e 67 65 74 57 69 6e 64 6f 77 53 69 7a 65 28 29 2e 68 65 69 67 68 74 29 2f 68 6a 2e 68 71 28 64 6f 63 75 6d 65 6e 74 29 2e 68 65 69
                                        Data Ascii: n=hj.tryCatch((function(e){return e=e||window,{left:hj.hq(e).scrollLeft(),top:hj.hq(e).scrollTop()}}),"common"),e.getBottomAsPercentage=hj.tryCatch((function(){var e=parseInt(1e3*(hj.hq(window).scrollTop()+hj.ui.getWindowSize().height)/hj.hq(document).hei
                                        2024-01-26 23:21:20 UTC16384INData Raw: 65 61 72 50 69 6e 67 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 74 2e 5f 70 69 6e 67 49 6e 74 65 72 76 61 6c 49 64 29 7d 2c 74 68 69 73 2e 5f 63 6c 6f 73 65 43 6f 6e 6e 65 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 63 6f 6e 6e 65 63 74 65 64 3d 21 31 2c 74 2e 5f 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 2c 74 2e 5f 69 73 52 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 2c 74 2e 5f 63 6c 6f 73 65 64 50 65 72 6d 61 6e 65 6e 74 6c 79 3d 21 30 7d 7d 79 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 6e 65 63 74 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 5f 73 65 73 73 69 6f 6e 49 73 44 69 73 61 62 6c 65 64 28 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 21 74 68 69
                                        Data Ascii: earPings=function(){clearInterval(t._pingIntervalId)},this._closeConnection=function(){t._connected=!1,t._connecting=!1,t._isReconnecting=!1,t._closedPermanently=!0}}y.prototype.connect=hj.tryCatch((function(){if(this._sessionIsDisabled())return!1;if(!thi
                                        2024-01-26 23:21:20 UTC16384INData Raw: 22 3d 3d 3d 6e 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 28 6e 3d 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 29 2c 22 4d 61 70 22 3d 3d 3d 6e 7c 7c 22 53 65 74 22 3d 3d 3d 6e 3f 41 72 72 61 79 2e 66 72 6f 6d 28 65 29 3a 22 41 72 67 75 6d 65 6e 74 73 22 3d 3d 3d 6e 7c 7c 2f 5e 28 3f 3a 55 69 7c 49 29 6e 74 28 3f 3a 38 7c 31 36 7c 33 32 29 28 3f 3a 43 6c 61 6d 70 65 64 29 3f 41 72 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 3f 73 28 65 2c 74 29 3a 76 6f 69 64 20 30 7d 7d 28 65 2c 74 29 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 6e 76 61 6c 69 64 20 61 74 74 65 6d 70 74 20 74 6f 20 64 65 73 74 72 75 63 74 75 72 65 20 6e 6f 6e 2d 69 74 65 72 61 62 6c 65 20 69 6e 73 74 61 6e 63 65 2e
                                        Data Ascii: "===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?s(e,t):void 0}}(e,t)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.
                                        2024-01-26 23:21:20 UTC16384INData Raw: 3a 69 2e 73 65 73 73 69 6f 6e 52 65 6a 65 63 74 65 64 29 26 26 76 6f 69 64 20 30 21 3d 3d 6d 26 26 6d 2c 73 65 73 73 69 6f 6e 52 65 73 75 6d 65 64 3a 6e 75 6c 6c 21 3d 3d 28 6a 3d 6e 75 6c 6c 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 73 65 73 73 69 6f 6e 52 65 73 75 6d 65 64 29 26 26 76 6f 69 64 20 30 21 3d 3d 6a 26 26 6a 2c 66 69 72 73 74 53 65 65 6e 3a 6e 75 6c 6c 21 3d 3d 28 62 3d 6e 75 6c 6c 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 66 69 72 73 74 53 65 65 6e 29 26 26 76 6f 69 64 20 30 21 3d 3d 62 26 26 62 2c 61 62 73 6f 6c 75 74 65 53 65 73 73 69 6f 6e 49 6e 50 72 6f 67 72 65 73 73 3a 6e 75 6c 6c 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 61 62 73 6f 6c 75 74 65 53 65 73 73 69 6f 6e 49 6e 50 72 6f 67 72 65 73 73 7d 29 3b 66 28 49 29 7d 65 6c 73 65 7b 76 61 72
                                        Data Ascii: :i.sessionRejected)&&void 0!==m&&m,sessionResumed:null!==(j=null==i?void 0:i.sessionResumed)&&void 0!==j&&j,firstSeen:null!==(b=null==i?void 0:i.firstSeen)&&void 0!==b&&b,absoluteSessionInProgress:null==i?void 0:i.absoluteSessionInProgress});f(I)}else{var
                                        2024-01-26 23:21:20 UTC16384INData Raw: 65 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 3d 28 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 5f 68 6a 5f 68 6d 2d 72 65 74 61 6b 65 72 22 29 29 26 26 76 6f 69 64 20 30 21 3d 3d 65 26 26 65 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 72 65 74 75 72 6e 21 21 65 26 26 28 65 2e 73 74 61 72 74 73 57 69 74 68 3f 65 2e 73 74 61 72 74 73 57 69 74 68 28 74 29 3a 28 30 2c 63 2e 4e 29 28 65 2c 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 66 28 29 7b 76 61 72 20 65 3d 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6c 29 3b 69 66 28 65 29 72 65 74 75 72 6e 20 65 3d 3d 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 6f 72 69 67 69 6e 7d 76 61 72 20 67 3d 22 68 74 74 70 73 3a 2f 2f 22 2e 63 6f 6e 63 61 74
                                        Data Ascii: e;return null!==(e=document.getElementById("_hj_hm-retaker"))&&void 0!==e&&e}function d(e,t){return!!e&&(e.startsWith?e.startsWith(t):(0,c.N)(e,t))}function f(){var e=sessionStorage.getItem(l);if(e)return e===window.location.origin}var g="https://".concat


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.44976615.204.213.5443792C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:20 UTC340OUTGET /?lang=en HTTP/1.1
                                        Host: ipwho.is
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2024-01-26 23:21:21 UTC223INHTTP/1.1 200 OK
                                        Date: Fri, 26 Jan 2024 23:21:21 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Server: ipwhois
                                        Access-Control-Allow-Headers: *
                                        X-Robots-Tag: noindex
                                        2024-01-26 23:21:21 UTC1037INData Raw: 34 30 31 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 37 34 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 67 69
                                        Data Ascii: 401{ "About Us": "https:\/\/ipwhois.io", "ip": "81.181.57.74", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Georgi


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.44976523.63.206.91443
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept: */*
                                        Accept-Encoding: identity
                                        User-Agent: Microsoft BITS/7.8
                                        Host: fs.microsoft.com
                                        2024-01-26 23:21:20 UTC531INHTTP/1.1 200 OK
                                        Content-Type: application/octet-stream
                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                        X-Ms-ApiVersion: Distribute 1.2
                                        X-Ms-Region: prod-eus-z1
                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                        X-MSEdge-Ref: Ref A: BC42161386374159892CBFAC8F86E173 Ref B: BLUEDGE1509 Ref C: 2024-01-24T12:58:01Z
                                        Cache-Control: public, max-age=48962
                                        Date: Fri, 26 Jan 2024 23:21:20 GMT
                                        Connection: close
                                        X-CID: 2


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.44977223.63.206.91443
                                        TimestampBytes transferredDirectionData
                                        2024-01-26 23:21:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept: */*
                                        Accept-Encoding: identity
                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                        Range: bytes=0-2147483646
                                        User-Agent: Microsoft BITS/7.8
                                        Host: fs.microsoft.com
                                        2024-01-26 23:21:21 UTC661INHTTP/1.1 200 OK
                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                        Content-Type: application/octet-stream
                                        ApiVersion: Distribute 1.1
                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                        X-CID: 7
                                        X-CCC: US
                                        X-Azure-Ref-OriginShield: Ref A: 77D3A374A575439792C03F9D3B3E5A6A Ref B: CH1AA2040903034 Ref C: 2023-07-19T16:59:25Z
                                        X-MSEdge-Ref: Ref A: 268FB40D90624D4B909B4269BE9DB868 Ref B: CHI30EDGE0106 Ref C: 2023-07-19T17:02:00Z
                                        Cache-Control: public, max-age=56639
                                        Date: Fri, 26 Jan 2024 23:21:21 GMT
                                        Content-Length: 55
                                        Connection: close
                                        X-CID: 2
                                        2024-01-26 23:21:21 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                        Statistics

                                        CPU Usage

                                        020406080s020406080100

                                        Click to jump to process

                                        Memory Usage

                                        020406080s0.0050100MB

                                        Click to jump to process

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:00:21:09
                                        Start date:27/01/2024
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                        Imagebase:0x7ff76e190000
                                        File size:3'242'272 bytes
                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false
                                        Show Windows behavior

                                        File Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Process Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Memory Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Process Token Activities


                                        General

                                        Target ID:2
                                        Start time:00:21:13
                                        Start date:27/01/2024
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2288,i,11747816988005185952,563848142906098611,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                        Imagebase:0x7ff76e190000
                                        File size:3'242'272 bytes
                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false
                                        Show Windows behavior

                                        File Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Memory Activities


                                        General

                                        Target ID:3
                                        Start time:00:21:16
                                        Start date:27/01/2024
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://totalpartningonline.z9.web.core.windows.net/
                                        Imagebase:0x7ff76e190000
                                        File size:3'242'272 bytes
                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                        Disassembly

                                        No disassembly