Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://z.moatads.co/

Overview

General Information

Sample URL:https://z.moatads.co/
Analysis ID:1433982
Infos:
Errors
  • URL not reachable

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 4180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,14919854895804343911,12363454287620243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 5344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2008,i,5974368158524158762,16634714501121764978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 3200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,13260400812998849454,1243882600216017716,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z.moatads.co/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://z.moatads.co/Avira URL Cloud: detection malicious, Label: malware
Source: z.moatads.coVirustotal: Detection: 11%Perma Link
Source: moatads.coVirustotal: Detection: 11%Perma Link
Source: https://z.moatads.co/Virustotal: Detection: 15%Perma Link
Source: unknownHTTPS traffic detected: 173.222.162.42:443 -> 192.168.2.11:49748 version: TLS 1.0
Source: chrome.exeMemory has grown: Private usage: 0MB later: 38MB
Source: unknownHTTPS traffic detected: 173.222.162.42:443 -> 192.168.2.11:49748 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.42
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQi5ys0BCIrTzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: z.moatads.co
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900562FX-BM-CBT: 1696504051X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 4B171369968B4A91B5924AA2614BCFEDX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900562FX-MSEdge-ExternalExp: bfbwsbghf928t,fliptrat6,msaslmc,msbdsborgv2cocf,premsbdsbchtupt3,spofglclickserpf2,urlvalblock_c,websuganno_t4,wsbqfminiserp500,wsbref-t,wsbuatpX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 608Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=315C495C60F94311972996FD0EC32D15&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696503889569&IPMH=1854adde&IPMID=1696504051771&HV=1696503965; CortanaAppUID=D72205917F8099DAA4614C4AC795492B; MUID=499E3C3F75A14FEC9CD93BB8655E56F1; _SS=SID=17CE0BABFB9B6D1E3959180AFA716C3F&CPID=1696504052786&AC=1&CPH=e2adfc70; _EDGE_S=SID=17CE0BABFB9B6D1E3959180AFA716C3F; MUIDB=499E3C3F75A14FEC9CD93BB8655E56F1
Source: chromecache_61.4.drString found in binary or memory: http://www.broofa.com
Source: chromecache_67.4.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_67.4.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_67.4.dr, chromecache_61.4.drString found in binary or memory: https://apis.google.com
Source: chromecache_67.4.drString found in binary or memory: https://clients6.google.com
Source: chromecache_67.4.drString found in binary or memory: https://content.googleapis.com
Source: chromecache_67.4.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_67.4.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_61.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_61.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_61.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_61.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_61.4.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_67.4.drString found in binary or memory: https://plus.google.com
Source: chromecache_67.4.drString found in binary or memory: https://plus.googleapis.com
Source: chromecache_67.4.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_67.4.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_67.4.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_61.4.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_61.4.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_61.4.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: classification engineClassification label: mal64.win@33/22@6/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,14919854895804343911,12363454287620243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2008,i,5974368158524158762,16634714501121764978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z.moatads.co/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,13260400812998849454,1243882600216017716,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,14919854895804343911,12363454287620243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2008,i,5974368158524158762,16634714501121764978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,13260400812998849454,1243882600216017716,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1433982 URL: https://z.moatads.co/ Startdate: 30/04/2024 Architecture: WINDOWS Score: 64 32 Multi AV Scanner detection for domain / URL 2->32 34 Antivirus / Scanner detection for submitted sample 2->34 36 Multi AV Scanner detection for submitted file 2->36 6 chrome.exe 8 2->6         started        9 chrome.exe 2->9         started        11 chrome.exe 2->11         started        13 chrome.exe 2->13         started        process3 dnsIp4 22 192.168.2.11, 443, 49316, 49704 unknown unknown 6->22 24 239.255.255.250 unknown Reserved 6->24 15 chrome.exe 6->15         started        18 chrome.exe 9->18         started        20 chrome.exe 11->20         started        process5 dnsIp6 26 moatads.co 94.137.72.25, 443, 49716, 49717 STC-NET-ASRU Russian Federation 15->26 28 plus.l.google.com 142.250.190.14, 443, 49727 GOOGLEUS United States 15->28 30 3 other IPs or domains 15->30

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://z.moatads.co/100%Avira URL Cloudmalware
https://z.moatads.co/15%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
z.moatads.co12%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
moatads.co12%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.broofa.com0%URL Reputationsafe
https://csp.withgoogle.com/csp/lcreport/0%URL Reputationsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
142.250.190.14
truefalse
    		high
    www.google.com
    		142.250.190.68
    		truefalse
      		high
      moatads.co
      		94.137.72.25
      		truefalseunknown
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalseunknown
      z.moatads.co
      		unknown
      		unknownfalseunknown
      apis.google.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.google.com/async/ddljson?async=ntp:2false
          		high
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
            		high
            https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0false
              		high
              https://www.google.com/async/newtab_promosfalse
                		high
                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                  		high
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://play.google.com/log?format=json&hasfast=truechromecache_61.4.drfalse
                    		high
                    http://www.broofa.comchromecache_61.4.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://csp.withgoogle.com/csp/lcreport/chromecache_67.4.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://apis.google.comchromecache_67.4.dr, chromecache_61.4.drfalse
                      		high
                      https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_67.4.drfalse
                        		high
                        https://domains.google.com/suggest/flowchromecache_67.4.drfalse
                          		high
                          https://clients6.google.comchromecache_67.4.drfalse
                            		high
                            https://plus.google.comchromecache_67.4.drfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              142.250.190.68
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              142.250.190.14
                              		plus.l.google.comUnited States
                              		15169GOOGLEUSfalse
                              94.137.72.25
                              		moatads.coRussian Federation
                              		47645STC-NET-ASRUfalse

                              Private

                              IP
                              192.168.2.11

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1433982
                              Start date and time:2024-04-30 12:26:44 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 2m 11s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:https://z.moatads.co/
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:17
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal64.win@33/22@6/5
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              Cookbook Comments:
                              • URL browsing timeout or error
                              • URL not reachable
                              • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 142.250.190.3, 142.250.190.110, 142.251.178.84, 34.104.35.123, 142.250.191.163, 23.0.218.111, 52.165.165.26, 23.52.42.32, 23.52.42.59, 23.52.42.55, 23.52.42.25, 199.232.210.172, 192.229.211.108, 20.242.39.171
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtSetInformationFile calls found.

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Mar 31 09:27:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2675
                              Entropy (8bit):3.977019587244531
                              Encrypted:false
                              SSDEEP:48:8r6dZTUkgiH8idAKZdA1nehwiZUklqehJy+3:8ro83Cy
                              MD5:826D41066D5578D3D991FA86F2772D12
                              SHA1:FA2E7FBCF7E1D63D2060B8FD5A1DE0E70BE0ABB5
                              SHA-256:303A1999453C720DD57979BFE4AA94347F2162A374527F5956ED0A58693892CA
                              SHA-512:5E9FB007C72D1DA745EC1C54E1C73F02A79AE9666451EEC31600E42B155C105B2BEEF20F72ED7D00A0A0121C6F40F283804B100DD96F07403B4C51185DCAFAC1
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,...._qX........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XwS............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Mar 31 09:27:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9958112294597776
                              Encrypted:false
                              SSDEEP:48:8n6dZTUkgiH8idAKZdA1geh/iZUkAQkqehyy+2:8no8z9Qjy
                              MD5:B3CE30F500D5C8E952465B751CA56047
                              SHA1:54398CDAB31BDB753A780D2E317A173773356D7F
                              SHA-256:E14E80BB0DD61A9A8DC46FF94F2BAE93A74212283D4F2B5C9B88FCF94C8A040A
                              SHA-512:5986DCFC1F6CCA6926585752F556FF03B80185A00A2E429C92A335226DAE19FC3E815ED94112A49707ECFD4BCB7BE0CE8C91D0A699B721A99A24D4F3EB8F1B4F
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,.....{7........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XwS............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 09:52:18 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2691
                              Entropy (8bit):4.002068962355047
                              Encrypted:false
                              SSDEEP:48:876dZTUkgCH8idAKZdA148eh7sFiZUkmgqeh7sky+BX:87o8dnmy
                              MD5:1796F2B5D032C3C19C34C3E0B29F339D
                              SHA1:1FC45ABB84A658F5C46CDF507474ED5EC7F28971
                              SHA-256:B6745C5290B237EB79BD4EAF5AE2C87452BCE50C7B2313ADF663EBB8A22FA5DC
                              SHA-512:DDC6586573D240EB7C732E152E76C420E8EB66839FD0E9B450FF4D95DC93D4A95CA33B589C0A4AB1FE83DB75C10C6FEE3D4B3EACA21047271E0F837A0CAA040C
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,....s4..z.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.V............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Mar 31 09:27:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.9887273190414927
                              Encrypted:false
                              SSDEEP:48:8V6dZTUkgiH8idAKZdA1lehDiZUkwqeh+y+R:8Vo8u8y
                              MD5:9A0A6F57CC3687A2FA7859CAC1A9F222
                              SHA1:7F9250775EB851A9A56C63C6B707087BC996221A
                              SHA-256:2621A1CF2A78EE8B3743928B784F17D19E5FCFF55724935A2714A33B15FBE810
                              SHA-512:806AC364379540981F016D1D5FA00AFA18DC14C502A057FB5A96471BEEB4E6B06E28227B5E7F5322AAA2A88B94803DE58A1191BE81A27B4CBEA2AA8671966DA4
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,....)r)........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XwS............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Mar 31 09:27:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.980190315409235
                              Encrypted:false
                              SSDEEP:48:8u6dZTUkgiH8idAKZdA17ehBiZUk1W1qeh4y+C:8uo8u9Yy
                              MD5:A6505E41D7A2F79F13D2EBB6E715C5DE
                              SHA1:6DD965165C6EE1244AF03A0A4EE32D0B78266EAB
                              SHA-256:8EA524F86A146093A48E3D54F4E27314ECCD4C08D32AF521EB7E9DA74AFE36FB
                              SHA-512:4A0EB47B61B455228D3B85CC441170C051765EB6A401D30ADA38660C3A791A2553BDC8DAE708E378434555B9E9870A5D98C1A0F49DC209DAB4E6C750DD6C3CB5
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,....^ZG........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XwS............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Mar 31 09:27:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2681
                              Entropy (8bit):3.993315683953107
                              Encrypted:false
                              SSDEEP:48:8cQ6dZTUkgiH8idAKZdA1duTiehOuTbbiZUk5OjqehOuTbmy+yT+:8cQo8OTLTbxWOvTbmy7T
                              MD5:73F98ADC8E5E098D6CC790BCDBDAE5C5
                              SHA1:127A76D49BC5241B4E5BC6D6E77A9040E4F38FFF
                              SHA-256:44236EC42F63DC757FFBA11A22B921C77E2519AFFDA5DB93A72162CA0F7C6F14
                              SHA-512:276F19BF3D2C609AA71FD6138324855D9E6D63805B13DF13CF4A4782C55C637DEBBAC33AA0FFDAA6E4BE98945B784A82D7D7F106E4405588F1D3E5322EC67791
                              Malicious:false
                              Reputation:low
                              Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.XuS....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XuS....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.V..Chrome..>......CW.V.XuS....M.....................g.u.C.h.r.o.m.e.....`.1.....EW.V..APPLIC~1..H......CW.V.XuS..........................g.u.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XwS............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              Chrome Cache Entry: 61

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (1746)
                              Category:downloaded
                              Size (bytes):163891
                              Entropy (8bit):5.55061820245277
                              Encrypted:false
                              SSDEEP:3072:S0eiNiuzs8v4HHKWY8s1BgP4IDQ9GURWu8zylA/u8PemUPhDlaY/ADiZ65LpK629:S0eMhzvwHHKWY8s1BgP4IDQ9GURWu8UD
                              MD5:0282D5C4C6038FCEB2FF8607EDAC81A4
                              SHA1:62EBF05C33F8A3115C208BB4D5CE9B38F6D06447
                              SHA-256:AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371
                              SHA-512:E21D25042E41527B62E80F9D9B82B85B915BA6D0698B2FFA5D8D59115F764770D1DE2108B72D82D57BFB7A8D4406FB53D091C1DC6D8BD03BED3BCA29CEFD0EAD
                              Malicious:false
                              Reputation:low
                              URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.oT1FwJRCVC4.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvBynad-nWEy1xIb9j1w6LpLOF6IQ"
                              Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.nj=function(a,b,c){return c?a|b:a&~b};_.oj=function(a,b,c,d){a=_.hb(a,b,c,d);return Array.isArray(a)?a:_.lc};_.pj=function(a,b){a=_.nj(a,2,!!(2&b));a=_.nj(a,32,!0);return a=_.nj(a,2048,!1)};_.qj=function(a,b){0===a&&(a=_.pj(a,b));return a=_.nj(a,1,!0)};_.rj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.sj=function(a,b,c){32&b&&c||(a=_.nj(a,32,!1));return a};._.tj=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.oj(a,b,d);var l=g[_.v]|0;const n=!!(4&l);if(!n){l=_.qj(l,b);var p=g,r=b,t;(t=!!(2&l))&&(r=_.nj(r,2,!0));let C=!t,X=!0,P=0,H=0;for(;P<p.length;P++){const O=_.Sa(p[P],c,r);if(O instanceof c){if(!t){const Fa=!!((O.ma[_.v]|0)&2);C&&(C=!Fa);X&&(X=Fa)}p[H++]=O}}H<P&&(p.length=H);l=_.nj(l,4,!0);l=_.nj(l,16,X);l=_.nj(l,8,C);_.wa(p,l);t&&Object.freeze(p)}c=!!(8&l)||k&&!g.length;if(f&&!c){_.rj(l)&&(g=_.va(g),l=_.pj(l,.b),b=_.gb(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],r=_.eb(l),l

                              Chrome Cache Entry: 62

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (5108)
                              Category:downloaded
                              Size (bytes):5113
                              Entropy (8bit):5.822794360419216
                              Encrypted:false
                              SSDEEP:96:QIJYliUJez2KZRGJECAvrtEMLbX5i9z8ZdMfUmnBGMBYuLGDXms5hZXffffQL:1O1c/GJJATt1bpi9AZdMMArYSYZ5hM
                              MD5:71AE22624C53FFD9F633151F10DD0316
                              SHA1:5A4514E331788203C87519E7766B4716E0D7D7F9
                              SHA-256:9B37E5C9B25C5B2ED02569D8EBE8D217388EE046D503C36F068D212738842DEC
                              SHA-512:2BD0CFA80F5CBB85524816C923BD1ADCCAFFE0C3A2DB8CD5520A3FF758317CC1670BE3237FBE597CAF0EC9638012AEE3E4FA359DACD460555395B212542F1133
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["",["social security payments this month","challengers movie ending explained","apple iphone 16 pro max","winnipeg jets namestnikov injury","nyc cheese balls","faze clan","rivals week pokemon go","chicago cubs"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWZ5XzFkbjNkEhdDb3VudGVyIFN0cmlrZTogR08gdGVhbTLSB2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBdUNBTUFBQUN2U2UvR0FBQUFtVkJNVkVYLy8vOEFBQURpQUN6akFDejM5L2ZjQWl2c0FDN21BQzBUQUFEUEFDbkx6TXpTQVNtcHFhblMwOU5BVFV5d0FCeTZBQ0R0N2UwZE1qQTFORFRDd3NMZzRPQ2duNTg5QUFCTlRFem01dVpEUWtJd0FBQ3dzTEM0dDdjUkVCQWJHUmxqWTJPQWc0TlFWbFk5UmtZZUtDY0pLQ2VXQUJldUFpT1RsSlF2T3pwZEFBQ0lBQmE1QXlVY0FBQ2pBQjdGQVNkMmVYZ3BLQ2h3YjIvN3NONmlBQUFCN2tsRVFWUklpZTJXMjJLaU1CUkY5d0VrMVVJN0tRRnZnYXB6YzFwbnBzUC9mOXljSklDMDFXTHd0ZXZCWU1oZWh

                              Chrome Cache Entry: 63

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):29
                              Entropy (8bit):3.9353986674667634
                              Encrypted:false
                              SSDEEP:3:VQAOx/1n:VQAOd1n
                              MD5:6FED308183D5DFC421602548615204AF
                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/async/newtab_promos
                              Preview:)]}'.{"update":{"promos":{}}}

                              Chrome Cache Entry: 64

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (65531)
                              Category:downloaded
                              Size (bytes):139820
                              Entropy (8bit):5.440969723046373
                              Encrypted:false
                              SSDEEP:1536:yMRA4a4KJXjPInWWt/usD98kiHLnRA0zqevcZ+2haV+trbbbhYxvdU:emKJou8TMyem0shCO
                              MD5:B158A244D8C9A0512AE01D1A49ABFCC2
                              SHA1:443E3DA75707B4A39E3CA5A74FC945BCD94A3B5E
                              SHA-256:9EF3CBEE730EEF783B4CA29E5B224824C908778438AD83AAC59E7A65CEA92EC0
                              SHA-512:A9E8F49ABCA67C0832376BC54C0E38AF51D76792F20AD5F0A616EEEDEA890477ACAF37D5BAE4AFF444BC3573B090EA63595193A7A380CE3CDA94920159D82887
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Id\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_sd gb_ld gb_yd gb_xd\"\u003e\u003cdiv class\u003d\"gb_rd gb_hd\"\u003e\u003cdiv class\u003d\"gb_Pc gb_r\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Pc gb_Sc gb_r\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                              Chrome Cache Entry: 65

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (3572), with no line terminators
                              Category:downloaded
                              Size (bytes):3572
                              Entropy (8bit):5.150542995862274
                              Encrypted:false
                              SSDEEP:96:RJYrcoiktfqqMghOKTEzNx8BSIMw591g8IOl8u8i8DF+Ks:wkktfqqMghxlg8Ig8u78D2
                              MD5:88BC8C86A83B9BD8EDA6FDF225CDC8DD
                              SHA1:473D84930F027A365278C15282725A69721F4B18
                              SHA-256:47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354
                              SHA-512:3BC486D908160D297AD3028C27177A9C41A1D87EF29A456058265FAF74A1DA069D3B0578F05A79F866C2DB752D5E0E42D179158BD62251D4FDA601A7CBA7CC4D
                              Malicious:false
                              Reputation:low
                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.T5bVtXo12IQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTssrVR1lBtzoy_MObv1DSp-vWG36A"
                              Preview:.gb_3e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Hc{text-align:left}.gb_Hc>*{color:#bdc1c6;line-height:16px}.gb_Hc div:first-child{color:white}.gb_qa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_qa:hover{background-color:rgba(68,71,70,.08)}.gb_qa:focus,.gb_qa:active{background-color:rgba(68,71,70,.12)}.gb_qa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_qa:hover,.gb_i .gb_qa:focus,.gb_i .gb_qa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_qa:focus-visible{border-color:#a8c7fa}.gb_ra{-webkit-box

                              Chrome Cache Entry: 66

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:downloaded
                              Size (bytes):1660
                              Entropy (8bit):4.301517070642596
                              Encrypted:false
                              SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                              Malicious:false
                              Reputation:low
                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                              Chrome Cache Entry: 67

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (2124)
                              Category:downloaded
                              Size (bytes):121628
                              Entropy (8bit):5.506662476672723
                              Encrypted:false
                              SSDEEP:3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
                              MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                              SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                              SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                              SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                              Malicious:false
                              Reputation:low
                              URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                              Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

                              Chrome Cache Entry: 68

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):19
                              Entropy (8bit):3.6818808028034042
                              Encrypted:false
                              SSDEEP:3:VQRWN:VQRWN
                              MD5:9FAE2B6737B98261777262B14B586F28
                              SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                              SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                              SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/async/ddljson?async=ntp:2
                              Preview:)]}'.{"ddljson":{}}

                              Static File Info

                              No static file info

                              Network Behavior

                              Download Network PCAP: filteredfull

                              Network Port Distribution

                              • Total Packets: 272
                              • 443 (HTTPS)
                              • 53 (DNS)
                              TimestampSource PortDest PortSource IPDest IP
                              Apr 30, 2024 12:27:33.925792933 CEST49671443192.168.2.11204.79.197.203
                              Apr 30, 2024 12:27:35.557558060 CEST49674443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:35.644570112 CEST49673443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:38.738342047 CEST49671443192.168.2.11204.79.197.203
                              Apr 30, 2024 12:27:41.378170013 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:41.675816059 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:42.378911018 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:43.620569944 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:44.847594976 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:44.847625971 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:44.847686052 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:44.848072052 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:44.848087072 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.068233967 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.068475008 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.068494081 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.069631100 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.069710016 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.070945024 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071029902 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.071505070 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071552038 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.071620941 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071728945 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071737051 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.071837902 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071962118 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.071970940 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.072515965 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.072532892 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.072686911 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.072699070 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.084450006 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.084482908 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.084544897 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.084731102 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.084745884 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.216237068 CEST49674443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:45.216253996 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.266640902 CEST49673443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:45.287977934 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.288136005 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.288561106 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.288589001 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.288992882 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.289001942 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.289002895 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.290045023 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.290117025 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.290430069 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.290498018 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.290555000 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.290906906 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.290971041 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.290998936 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.298178911 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.299047947 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.299101114 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.299149036 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.299204111 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.299226999 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.299272060 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.302809000 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.303116083 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.303189993 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.306374073 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.306391001 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.306793928 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.308569908 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.308659077 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.308698893 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.332129002 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.336111069 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.356115103 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.379136086 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.421884060 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.421909094 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.500942945 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.501029968 CEST44349713142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.501158953 CEST49713443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.519130945 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.519268990 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.519498110 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.543983936 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.544024944 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.544045925 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.544066906 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.544104099 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.545547009 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.545577049 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.545660019 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.545903921 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.545921087 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.550812960 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.550837040 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.550888062 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.550898075 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.550945997 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.557893991 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.557931900 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.557961941 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.557969093 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.558023930 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.564929962 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.564992905 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.572041035 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.572074890 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.572115898 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.572130919 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.572179079 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.634493113 CEST49710443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.634527922 CEST44349710142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.636255026 CEST49711443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.636286974 CEST44349711142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.644766092 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.644798040 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.644821882 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.644836903 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.644956112 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.648066044 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.648139000 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.654741049 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.654778957 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.654791117 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.654798985 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.654841900 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.661813974 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.661844015 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.661870003 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.661878109 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.661917925 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.668865919 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.668900013 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.668926954 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.668936968 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.669004917 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.675960064 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.676016092 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.683023930 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.683080912 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.683089972 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.683144093 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.690107107 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.690154076 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.690160990 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.697012901 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.697050095 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.697088957 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.697097063 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.697139978 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.703936100 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.710872889 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.710911989 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.710942030 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.710951090 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.710995913 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.717793941 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.721246004 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.721292019 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.721301079 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.728400946 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.728446960 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.728456974 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.745146036 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.745383024 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.745393038 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.748512983 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.748599052 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.748605967 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.754956961 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.757707119 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.757714033 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.760838032 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.761460066 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.761507988 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.761514902 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.766691923 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.769700050 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.769714117 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.772243023 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.773700953 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.773709059 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.777415991 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.777468920 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.777476072 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.782227039 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.784601927 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.784615040 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.787081003 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.787131071 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.787137985 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.791955948 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.792004108 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.792010069 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.799381971 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.799420118 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.799442053 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.799455881 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.799742937 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.804200888 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.808962107 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.808994055 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.809041977 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.809052944 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.809103966 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.813540936 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.818206072 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.818238974 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.818264008 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.818274975 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.818315983 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.822531939 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.826760054 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.826787949 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.826811075 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.826819897 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.826859951 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.830982924 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.835021973 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.835077047 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.835109949 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.835122108 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.835272074 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.839039087 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.843050957 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.843082905 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.843131065 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.843141079 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.843178034 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.847058058 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.851049900 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.851110935 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.851119995 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.853090048 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.853189945 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.853199959 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.857146025 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.857295990 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.857305050 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.859699011 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.859734058 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.859778881 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.859788895 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.859829903 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.862205982 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.864675045 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.864706993 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.864723921 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.864732981 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.864794970 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.867155075 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.869679928 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.869719028 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.869770050 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.869779110 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.869822979 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.872148991 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.874357939 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.874382973 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.874593973 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.874622107 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.874676943 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.874685049 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.874727011 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.874874115 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.877083063 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.879507065 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.879538059 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.879580975 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.879590034 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.879632950 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.881928921 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.884377956 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.884450912 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.884458065 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.885646105 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.885710955 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.885716915 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.888184071 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.888678074 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.923610926 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.936250925 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.936397076 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.936680079 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.936717033 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.936816931 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.936868906 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.936985970 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.937001944 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.944777966 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.947401047 CEST49712443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:45.947419882 CEST44349712142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:45.984122992 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:46.011467934 CEST49716443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.011508942 CEST4434971694.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.011596918 CEST49716443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.012494087 CEST49717443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.012521982 CEST4434971794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.012658119 CEST49717443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.012806892 CEST49716443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.012823105 CEST4434971694.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.013030052 CEST49717443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:46.013050079 CEST4434971794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.067640066 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:46.067698002 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:46.067858934 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:46.067945957 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:46.152978897 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:46.282911062 CEST4434971694.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.286731005 CEST4434971794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:46.347362041 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:46.602487087 CEST44349704173.222.162.42192.168.2.11
                              Apr 30, 2024 12:27:46.604315042 CEST49704443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:48.055922985 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.055943012 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.056576967 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.057183981 CEST49718443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.057248116 CEST4434971894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.057342052 CEST49718443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.059501886 CEST49719443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.059530020 CEST4434971994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.059576035 CEST49719443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.061022997 CEST49720443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.061064959 CEST4434972094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.061116934 CEST49720443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.062252998 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.062356949 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.063359022 CEST49718443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.063395023 CEST4434971894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.063852072 CEST49719443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.063867092 CEST4434971994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.064152002 CEST49720443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.064162016 CEST4434972094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.066380978 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.108119011 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.196978092 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.197025061 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.197056055 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.197086096 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.197102070 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.197153091 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.203835011 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.203917027 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.203926086 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.206620932 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.206726074 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.335555077 CEST4434972094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.338011980 CEST4434971994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.339926958 CEST4434971894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.348284006 CEST49671443192.168.2.11204.79.197.203
                              Apr 30, 2024 12:27:48.360613108 CEST49722443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.360676050 CEST4434972294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.360747099 CEST49722443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.362056971 CEST49722443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:48.362071037 CEST4434972294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:48.408339024 CEST49714443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.408355951 CEST44349714142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.411344051 CEST49715443192.168.2.11142.250.190.68
                              Apr 30, 2024 12:27:48.411362886 CEST44349715142.250.190.68192.168.2.11
                              Apr 30, 2024 12:27:48.632091045 CEST4434972294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:49.717855930 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.717909098 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.718099117 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.718312979 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.718329906 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.820477962 CEST49728443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.820506096 CEST4434972894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:49.820581913 CEST49728443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.821886063 CEST49729443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.821919918 CEST4434972994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:49.821990013 CEST49729443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.827646017 CEST49729443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.827667952 CEST4434972994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:49.827920914 CEST49728443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:49.827931881 CEST4434972894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:49.937763929 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.947515011 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.947542906 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.948685884 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.948746920 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.963223934 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.963330030 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:49.963541985 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:49.963557959 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.097210884 CEST4434972994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.097282887 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.115089893 CEST4434972894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.123395920 CEST49730443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.123452902 CEST4434973094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.123671055 CEST49730443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.124280930 CEST49731443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.124314070 CEST4434973194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.124425888 CEST49731443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.125380993 CEST49732443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.125418901 CEST4434973294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.125507116 CEST49732443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.125876904 CEST49730443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.125894070 CEST4434973094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.126267910 CEST49731443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.126281977 CEST4434973194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.126765013 CEST49732443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.126775980 CEST4434973294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.138772011 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.138827085 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.138875008 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.138891935 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.138909101 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.138942003 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.138963938 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.138972998 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.139014006 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.145404100 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.152420998 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.152472973 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.152539968 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.152566910 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.155802965 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.159399033 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.166516066 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.166568995 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.166579008 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.238950968 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.239206076 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.239231110 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.242398977 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.242453098 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.242460966 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.249412060 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.249465942 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.249474049 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.256454945 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.256515026 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.256527901 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.263453007 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.263633966 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.263642073 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.270492077 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.270550966 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.270559072 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.277512074 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.277561903 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.277570009 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.284050941 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.284109116 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.284116983 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.290580034 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.290644884 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.290652990 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.297101021 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.297157049 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.297163963 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.303713083 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.303770065 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.303777933 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.310161114 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.310211897 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.310223103 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.316603899 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.316684961 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.316700935 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.323134899 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.323215961 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.323224068 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.339196920 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.339253902 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.339265108 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.342411041 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.342669010 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.342677116 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.349008083 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.349070072 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.349081039 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.355787039 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.355869055 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.355879068 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.362004995 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.362060070 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.362082005 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.368448973 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.368546963 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.368573904 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.374442101 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.374510050 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.374519110 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.379918098 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.379983902 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.379992962 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.385462046 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.385516882 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.385525942 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.393712044 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.393748999 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.393759966 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.393770933 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.393830061 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.397901058 CEST4434973294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.399185896 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.401797056 CEST4434973194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.402342081 CEST49733443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.402374029 CEST4434973394.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.402445078 CEST49733443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.403290987 CEST49733443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:50.403307915 CEST4434973394.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.404287100 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.404315948 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.404356956 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.404369116 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.404460907 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.409136057 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.413057089 CEST4434973094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.413734913 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.413767099 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.413815975 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.413827896 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.416477919 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.418098927 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.422481060 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.422509909 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.422574997 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.422590017 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.425694942 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.426747084 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.430800915 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.430838108 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.430891037 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.430902958 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.431824923 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.434875011 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.438853979 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.438900948 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.438910007 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.442778111 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.442825079 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.442836046 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.448595047 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.448648930 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.448673964 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.448683023 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.448729992 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.452558994 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.455034971 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.455116034 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.455123901 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.457403898 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.457467079 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.457473040 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.457487106 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.457528114 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.459741116 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.462215900 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.462272882 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.462275982 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.462290049 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.462341070 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.465735912 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.465960979 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:50.466021061 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:50.673223019 CEST4434973394.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:50.970643044 CEST49676443192.168.2.1120.189.173.3
                              Apr 30, 2024 12:27:54.806418896 CEST49727443192.168.2.11142.250.190.14
                              Apr 30, 2024 12:27:54.806449890 CEST44349727142.250.190.14192.168.2.11
                              Apr 30, 2024 12:27:56.049937010 CEST49737443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.049982071 CEST4434973794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.050190926 CEST49737443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.050638914 CEST49738443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.050684929 CEST4434973894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.050789118 CEST49738443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.054775000 CEST49738443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.054794073 CEST4434973894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.055334091 CEST49737443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.055347919 CEST4434973794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.332750082 CEST4434973794.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.347491980 CEST4434973894.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.373395920 CEST49739443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.373439074 CEST4434973994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.373498917 CEST49739443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.374437094 CEST49740443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.374465942 CEST4434974094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.374527931 CEST49740443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.375113010 CEST49741443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.375154972 CEST4434974194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.375207901 CEST49741443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.376178980 CEST49739443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.376197100 CEST4434973994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.376841068 CEST49740443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.376856089 CEST4434974094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.377435923 CEST49741443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:56.377453089 CEST4434974194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.645826101 CEST4434973994.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.647605896 CEST4434974194.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:56.648262978 CEST4434974094.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:58.578793049 CEST49742443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:58.578839064 CEST4434974294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:58.578903913 CEST49742443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:58.579571962 CEST49742443192.168.2.1194.137.72.25
                              Apr 30, 2024 12:27:58.579581022 CEST4434974294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:58.857068062 CEST4434974294.137.72.25192.168.2.11
                              Apr 30, 2024 12:27:59.858458042 CEST49704443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:59.858534098 CEST49704443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:59.871658087 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:59.871695042 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:27:59.871767998 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:59.872760057 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:27:59.872773886 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.006655931 CEST44349704173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.006669044 CEST44349704173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.179518938 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.179600954 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.226775885 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.226794958 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.227109909 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.227289915 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.259218931 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.259258986 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.259679079 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.300143957 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.547723055 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.547801018 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.548286915 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.548337936 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.548362970 CEST44349748173.222.162.42192.168.2.11
                              Apr 30, 2024 12:28:00.548610926 CEST49748443192.168.2.11173.222.162.42
                              Apr 30, 2024 12:28:00.667455912 CEST49676443192.168.2.1120.189.173.3
                              TimestampSource PortDest PortSource IPDest IP
                              Apr 30, 2024 12:27:43.729758024 CEST53526091.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:43.847851992 CEST53493161.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:44.456151962 CEST53573041.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:44.742377043 CEST5789953192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:44.742747068 CEST6052553192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:44.844441891 CEST53605251.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:44.844650984 CEST53578991.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:45.366162062 CEST5639253192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:45.366321087 CEST5560453192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:46.002490997 CEST53563921.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:46.010773897 CEST53556041.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:48.507487059 CEST53524241.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:49.612246990 CEST5555153192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:49.612942934 CEST5634453192.168.2.111.1.1.1
                              Apr 30, 2024 12:27:49.714071035 CEST53555511.1.1.1192.168.2.11
                              Apr 30, 2024 12:27:49.715485096 CEST53563441.1.1.1192.168.2.11
                              Apr 30, 2024 12:28:04.552278042 CEST53498621.1.1.1192.168.2.11

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Apr 30, 2024 12:27:44.742377043 CEST192.168.2.111.1.1.10x819cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:44.742747068 CEST192.168.2.111.1.1.10x25cStandard query (0)www.google.com65IN (0x0001)false
                              Apr 30, 2024 12:27:45.366162062 CEST192.168.2.111.1.1.10x6111Standard query (0)z.moatads.coA (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:45.366321087 CEST192.168.2.111.1.1.10xbf15Standard query (0)z.moatads.co65IN (0x0001)false
                              Apr 30, 2024 12:27:49.612246990 CEST192.168.2.111.1.1.10xdf3cStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:49.612942934 CEST192.168.2.111.1.1.10x6853Standard query (0)apis.google.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Apr 30, 2024 12:27:44.844441891 CEST1.1.1.1192.168.2.110x25cNo error (0)www.google.com65IN (0x0001)false
                              Apr 30, 2024 12:27:44.844650984 CEST1.1.1.1192.168.2.110x819cNo error (0)www.google.com142.250.190.68A (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:46.002490997 CEST1.1.1.1192.168.2.110x6111No error (0)z.moatads.comoatads.coCNAME (Canonical name)IN (0x0001)false
                              Apr 30, 2024 12:27:46.002490997 CEST1.1.1.1192.168.2.110x6111No error (0)moatads.co94.137.72.25A (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:46.010773897 CEST1.1.1.1192.168.2.110xbf15No error (0)z.moatads.comoatads.coCNAME (Canonical name)IN (0x0001)false
                              Apr 30, 2024 12:27:49.714071035 CEST1.1.1.1192.168.2.110xdf3cNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Apr 30, 2024 12:27:49.714071035 CEST1.1.1.1192.168.2.110xdf3cNo error (0)plus.l.google.com142.250.190.14A (IP address)IN (0x0001)false
                              Apr 30, 2024 12:27:49.715485096 CEST1.1.1.1192.168.2.110x6853No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                              Apr 30, 2024 12:27:59.275408983 CEST1.1.1.1192.168.2.110x9b21No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Apr 30, 2024 12:27:59.275408983 CEST1.1.1.1192.168.2.110x9b21No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • www.google.com
                              • apis.google.com
                              • https:
                                • www.bing.com

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.1149710142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:45 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:45 UTC1703INHTTP/1.1 200 OK
                              Date: Tue, 30 Apr 2024 10:27:45 GMT
                              Pragma: no-cache
                              Expires: -1
                              Cache-Control: no-cache, must-revalidate
                              Content-Type: text/javascript; charset=UTF-8
                              Strict-Transport-Security: max-age=31536000
                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-cIEE5TnmIQm916AuKR48cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                              Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                              Content-Disposition: attachment; filename="f.txt"
                              Server: gws
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-04-30 10:27:45 UTC1703INData Raw: 63 34 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 6d 65 72 69 63 61 6e 20 69 64 6f 6c 20 73 69 6e 67 65 72 73 22 2c 22 75 6e 63 20 62 61 73 6b 65 74 62 61 6c 6c 20 63 61 64 65 20 74 79 73 6f 6e 22 2c 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 70 61 79 6d 65 6e 74 73 20 74 68 69 73 20 6d 6f 6e 74 68 22 2c 22 62 61 62 79 20 72 65 69 6e 64 65 65 72 20 6e 65 74 66 6c 69 78 20 74 72 75 65 20 73 74 6f 72 79 22 2c 22 6f 72 65 67 6f 6e 20 6c 6f 74 74 65 72 79 20 70 6f 77 65 72 62 61 6c 6c 20 77 69 6e 6e 65 72 22 2c 22 6b 65 6e 74 75 63 6b 79 20 62 61 73 6b 65 74 62 61 6c 6c 20 61 6e 64 72 65 77 20 63 61 72 72 22 2c 22 67 72 61 79 20 7a 6f 6e 65 20 77 61 72 66 61 72 65 20 65 61 72 6c 79 20 61 63
                              Data Ascii: c44)]}'["",["american idol singers","unc basketball cade tyson","nyt strands hints","social security payments this month","baby reindeer netflix true story","oregon lottery powerball winner","kentucky basketball andrew carr","gray zone warfare early ac
                              2024-04-30 10:27:45 UTC1444INData Raw: 46 5a 56 68 6c 62 48 42 6e 56 6b 6c 36 56 46 46 68 57 6b 35 73 56 46 51 33 53 56 59 34 55 6e 64 4c 62 6e 64 43 4d 33 49 33 51 57 4a 77 4f 44 59 33 51 30 4e 6a 64 56 5a 4a 53 6e 68 31 51 58 6c 79 51 57 52 51 4d 6e 46 35 4d 6b 56 71 63 6b 31 78 55 6b 46 76 65 55 78 4b 5a 30 31 42 51 55 51 30 52 57 34 72 53 33 46 31 55 6a 64 32 53 32 64 47 51 33 5a 50 4d 33 42 71 4f 58 59 32 63 47 63 77 63 6c 4e 69 62 53 74 30 51 55 6c 76 4d 57 74 6b 4d 56 56 43 63 30 46 4c 64 6e 64 71 5a 32 35 47 52 6b 6f 77 61 58 70 49 53 47 56 57 52 31 68 53 54 45 64 4d 56 55 35 53 64 47 4a 4c 59 55 5a 6f 4e 33 6c 53 56 48 4e 6b 55 32 39 4a 4f 46 52 72 59 7a 51 30 4e 58 67 32 4d 54 46 45 57 44 52 4b 54 46 4e 6c 55 7a 42 31 54 44 5a 43 4e 55 56 56 51 6d 31 71 64 45 39 53 61 31 6f 76 54 6b
                              Data Ascii: FZVhlbHBnVkl6VFFhWk5sVFQ3SVY4UndLbndCM3I3QWJwODY3Q0NjdVZJSnh1QXlyQWRQMnF5MkVqck1xUkFveUxKZ01BQUQ0RW4rS3F1Ujd2S2dGQ3ZPM3BqOXY2cGcwclNibSt0QUlvMWtkMVVCc0FLdndqZ25GRkowaXpISGVWR1hSTEdMVU5SdGJLYUZoN3lSVHNkU29JOFRrYzQ0NXg2MTFEWDRKTFNlUzB1TDZCNUVVQm1qdE9Sa1ovTk
                              2024-04-30 10:27:45 UTC40INData Raw: 32 32 0d 0a 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                              Data Ascii: 22ENTITY","QUERY","QUERY","QUERY"]}]
                              2024-04-30 10:27:45 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.1149711142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:45 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:45 UTC1479INHTTP/1.1 200 OK
                              Version: 628208672
                              Content-Type: application/json; charset=UTF-8
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                              Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                              Content-Disposition: attachment; filename="f.txt"
                              Date: Tue, 30 Apr 2024 10:27:45 GMT
                              Server: gws
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-04-30 10:27:45 UTC25INData Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a
                              Data Ascii: 13)]}'{"ddljson":{}}
                              2024-04-30 10:27:45 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.1149712142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:45 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:45 UTC1479INHTTP/1.1 200 OK
                              Version: 628208672
                              Content-Type: application/json; charset=UTF-8
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                              Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                              Content-Disposition: attachment; filename="f.txt"
                              Date: Tue, 30 Apr 2024 10:27:45 GMT
                              Server: gws
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-04-30 10:27:45 UTC1479INData Raw: 38 30 30 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 52 61 20 67 62 5f 69 62 20 67 62 5f 55 64 20 67 62 5f 6f 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                              Data Ascii: 8000)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                              2024-04-30 10:27:45 UTC1479INData Raw: 30 33 64 5c 22 67 62 5f 4a 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 39 64 20 67 62 5f 4b 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c
                              Data Ascii: 03d\"gb_Jc\"\u003e\u003ca class\u003d\"gb_9d gb_Kc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Oc gb_6d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\
                              2024-04-30 10:27:45 UTC1479INData Raw: 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20
                              Data Ascii: aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0
                              2024-04-30 10:27:45 UTC1479INData Raw: 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32
                              Data Ascii: 9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
                              2024-04-30 10:27:45 UTC1479INData Raw: 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 31 33 30 30 31 30 32 2c 33 37 30 30 32 37 32 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 31 30 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69
                              Data Ascii: u-content","metadata":{"bar_height":60,"experiment_id":[1300102,3700272,3700949,3701310],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var wi
                              2024-04-30 10:27:45 UTC1479INData Raw: 63 7b 7d 3b 5f 2e 73 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 72 64 3b 7d 3b 5f 2e 74 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 73 64 28 5f 2e 57 63 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 7a 64 2c 49 64 2c 4b 64 3b 5f 2e 75 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30
                              Data Ascii: c{};_.sd\u003dfunction(a,b){if(b in a.i)return a.i[b];throw new rd;};_.td\u003dfunction(a){return _.sd(_.Wc.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/*\n\n SPDX-License-Identifier: Apache-2.0\n*/\nvar zd,Id,Kd;_.ud\u003dfunction(a){if(null\u003d\u0
                              2024-04-30 10:27:45 UTC1479INData Raw: 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 5f 2e 76 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 5f 2e 76 62 5d 7c 7c 28 61 5b 5f 2e 76 62 5d 5c 75 30 30 33 64 2b 2b 49 64 29 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 75 6c 6c 2c 63 5c 75 30 30 33 64 5f 2e 71 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72
                              Data Ascii: ;_.Jd\u003dfunction(a){return Object.prototype.hasOwnProperty.call(a,_.vb)\u0026\u0026a[_.vb]||(a[_.vb]\u003d++Id)};Kd\u003dfunction(a){return a};_.Ld\u003dfunction(a){var b\u003dnull,c\u003d_.q.trustedTypes;if(!c||!c.createPolicy)return b;try{b\u003dc.cr
                              2024-04-30 10:27:45 UTC1479INData Raw: 74 6f 53 74 72 69 6e 67 28 29 7d 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 57 64 28 5c 22 5c 22 2c 5f 2e 56 64 29 3b 5f 2e 59 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5e 5b 2d 2b 2c 2e 5c 5c 5c 22 5c 75 30 30 32 37 25 5f 21 23 2f 20 61 2d 7a 41 2d 5a 30 2d 39 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 5d 2b 24 5c 22 29 3b 5f 2e 5a 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5c 5c 5c 5c 62 28 75 72 6c 5c 5c 5c 5c 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 29 28 5c 75 30 30 32 37 5b 20 2d 5c 75 30 30 32 36 28 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 75 30 30 32 37 7c 5c 5c 5c 22 5b 20 21 23 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 5c 5c 22 7c 5b 21 23 2d 5c 75 30 30 32 36 2a 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 29 28 5b 20 5c 5c 74 5c
                              Data Ascii: toString()}};_.Xd\u003dnew _.Wd(\"\",_.Vd);_.Yd\u003dRegExp(\"^[-+,.\\\"\u0027%_!#/ a-zA-Z0-9\\\\[\\\\]]+$\");_.Zd\u003dRegExp(\"\\\\b(url\\\\([ \\t\\n]*)(\u0027[ -\u0026(-\\\\[\\\\]-~]*\u0027|\\\"[ !#-\\\\[\\\\]-~]*\\\"|[!#-\u0026*-\\\\[\\\\]-~]*)([ \\t\
                              2024-04-30 10:27:45 UTC1479INData Raw: 32 36 28 61 5c 75 30 30 33 64 61 2e 6e 6f 6e 63 65 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 68 65 2e 74 65 73 74 28 61 29 3f 61 3a 5c 22 5c 22 3a 5c 22 5c 22 7d 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 62 7d 3b 5f 2e 6d 5c 75 30 30 33 64 5f 2e 6a 65 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 61 73 70 65 63 74 52 61 74 69 6f 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 69 64 74 68 2f 74 68 69 73 2e 68 65 69 67 68 74 7d 3b 5f 2e 6d 2e 45 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65
                              Data Ascii: 26(a\u003da.nonce||a.getAttribute(\"nonce\"))\u0026\u0026he.test(a)?a:\"\":\"\"};_.je\u003dfunction(a,b){this.width\u003da;this.height\u003db};_.m\u003d_.je.prototype;_.m.aspectRatio\u003dfunction(){return this.width/this.height};_.m.Eb\u003dfunction(){re
                              2024-04-30 10:27:45 UTC1479INData Raw: 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 39 5c 75 30 30 33 64
                              Data Ascii: ction(a,b){b\u003dString(b);\"application/xhtml+xml\"\u003d\u003d\u003da.contentType\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.ne\u003dfunction(a){for(var b;b\u003da.firstChild;)a.removeChild(b)};_.oe\u003dfunction(a){return 9\u003d


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.1149713142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:45 UTC353OUTGET /async/newtab_promos HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.1149714142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:45 UTC353OUTGET /async/newtab_promos HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:46 UTC1434INHTTP/1.1 200 OK
                              Version: 628208672
                              Content-Type: application/json; charset=UTF-8
                              X-Content-Type-Options: nosniff
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                              Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                              Content-Disposition: attachment; filename="f.txt"
                              Date: Tue, 30 Apr 2024 10:27:46 GMT
                              Server: gws
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-04-30 10:27:46 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                              2024-04-30 10:27:46 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.1149715142.250.190.684434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:48 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQjcvc0BCLnKzQEIq9HNAQiK080BCJ3WzQEIp9jNAQj5wNQVGOuNpRc=
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:48 UTC1703INHTTP/1.1 200 OK
                              Date: Tue, 30 Apr 2024 10:27:48 GMT
                              Pragma: no-cache
                              Expires: -1
                              Cache-Control: no-cache, must-revalidate
                              Content-Type: text/javascript; charset=UTF-8
                              Strict-Transport-Security: max-age=31536000
                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-xBYeZTSK6aMfmWD6L5e8pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                              Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                              Content-Disposition: attachment; filename="f.txt"
                              Server: gws
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-04-30 10:27:48 UTC1703INData Raw: 31 33 66 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 70 61 79 6d 65 6e 74 73 20 74 68 69 73 20 6d 6f 6e 74 68 22 2c 22 63 68 61 6c 6c 65 6e 67 65 72 73 20 6d 6f 76 69 65 20 65 6e 64 69 6e 67 20 65 78 70 6c 61 69 6e 65 64 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 36 20 70 72 6f 20 6d 61 78 22 2c 22 77 69 6e 6e 69 70 65 67 20 6a 65 74 73 20 6e 61 6d 65 73 74 6e 69 6b 6f 76 20 69 6e 6a 75 72 79 22 2c 22 6e 79 63 20 63 68 65 65 73 65 20 62 61 6c 6c 73 22 2c 22 66 61 7a 65 20 63 6c 61 6e 22 2c 22 72 69 76 61 6c 73 20 77 65 65 6b 20 70 6f 6b 65 6d 6f 6e 20 67 6f 22 2c 22 63 68 69 63 61 67 6f 20 63 75 62 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22
                              Data Ascii: 13f9)]}'["",["social security payments this month","challengers movie ending explained","apple iphone 16 pro max","winnipeg jets namestnikov injury","nyc cheese balls","faze clan","rivals week pokemon go","chicago cubs"],["","","","","","","",""],[],{"
                              2024-04-30 10:27:48 UTC1703INData Raw: 4f 55 74 30 59 6d 74 46 55 32 78 56 64 56 56 54 64 45 39 58 64 47 78 56 62 32 78 4b 57 58 46 53 4d 6d 78 35 51 55 34 79 52 46 64 30 4e 30 46 44 64 55 70 59 51 7a 4e 59 57 58 49 77 53 57 39 78 4d 44 42 6c 54 6d 52 70 4d 56 68 71 4e 6d 46 6a 59 57 52 6d 4d 58 5a 44 4c 30 6c 71 5a 55 45 76 55 7a 46 7a 61 6b 39 77 63 6b 68 73 57 55 56 42 51 55 46 42 51 56 4e 56 56 6b 39 53 53 7a 56 44 57 55 6c 4a 50 54 6f 4a 52 6d 46 61 5a 53 42 44 62 47 46 75 53 67 63 6a 59 54 4d 77 4d 44 49 77 55 6a 64 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 56 6c 41 78 65 6d 4d 77 56 45 74 31 54 55 34 77 65 6b 70 4e 4d 44 52 34 57 56 42 55 61 56 52 46 64 58 4e 54 62 46 5a 4a 65 6d 74 75 54 55 46 33 51 6d 35 79 55 57 5a 66 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30
                              Data Ascii: OUt0YmtFU2xVdVVTdE9XdGxVb2xKWXFSMmx5QU4yRFd0N0FDdUpYQzNYWXIwSW9xMDBlTmRpMVhqNmFjYWRmMXZDL0lqZUEvUzFzak9wckhsWUVBQUFBQVNVVk9SSzVDWUlJPToJRmFaZSBDbGFuSgcjYTMwMDIwUjdnc19zc3A9ZUp6ajR0VlAxemMwVEt1TU4wekpNMDR4WVBUaVRFdXNTbFZJemtuTUF3Qm5yUWZfcAc\u003d","zl":100
                              2024-04-30 10:27:48 UTC1703INData Raw: 31 52 6f 4d 48 63 34 63 33 55 31 63 56 4e 4b 57 6d 39 33 4d 6b 74 4a 53 7a 46 42 65 6b 68 73 64 47 39 47 56 30 31 59 65 6d 5a 44 57 55 70 76 53 6a 46 53 56 44 56 4f 54 46 6c 34 4f 55 52 6c 56 6a 4a 57 4f 46 56 6b 65 54 41 79 62 6d 74 61 63 47 46 32 54 32 39 55 4e 45 45 76 4d 47 68 6c 54 57 64 54 63 32 52 77 63 45 5a 58 56 6c 64 33 61 58 5a 69 56 6d 46 61 54 48 46 78 53 57 46 7a 52 30 4e 44 53 6c 41 78 51 32 46 77 63 6d 68 54 4d 55 73 30 53 6c 68 59 53 7a 4e 34 52 57 45 31 57 55 70 43 63 58 52 6a 59 6a 52 34 5a 7a 42 6f 53 56 56 52 65 47 52 70 53 55 35 73 63 32 5a 4a 65 47 70 44 4c 7a 5a 6e 4c 30 4a 44 57 6e 56 70 4d 6b 49 34 55 54 42 43 59 55 46 43 57 6b 56 47 55 56 5a 57 55 6d 35 35 64 56 55 76 51 56 68 43 61 54 46 4d 63 31 4a 45 52 6e 6f 32 61 55 64 58
                              Data Ascii: 1RoMHc4c3U1cVNKWm93MktJSzFBekhsdG9GV01YemZDWUpvSjFSVDVOTFl4OURlVjJWOFVkeTAybmtacGF2T29UNEEvMGhlTWdTc2RwcEZXVld3aXZiVmFaTHFxSWFzR0NDSlAxQ2FwcmhTMUs0SlhYSzN4RWE1WUpCcXRjYjR4ZzBoSVVReGRpSU5sc2ZJeGpDLzZnL0JDWnVpMkI4UTBCYUFCWkVGUVZWUm55dVUvQVhCaTFMc1JERno2aUdX
                              2024-04-30 10:27:48 UTC12INData Raw: 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a
                              Data Ascii: ENTITY"]}]
                              2024-04-30 10:27:48 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.1149727142.250.190.144434180C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:27:49 UTC737OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                              Host: apis.google.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              X-Client-Data: CKS1yQEIl7bJAQijtskBCKmdygEIr4fLAQiTocsBCIWgzQEIjafNAQi5ys0BCIrTzQEY642lFw==
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-04-30 10:27:50 UTC914INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Access-Control-Allow-Origin: *
                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                              Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                              Content-Length: 121628
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Date: Tue, 30 Apr 2024 08:13:44 GMT
                              Expires: Wed, 30 Apr 2025 08:13:44 GMT
                              Cache-Control: public, max-age=31536000
                              Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                              Content-Type: text/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Age: 8046
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-04-30 10:27:50 UTC341INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                              Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                              2024-04-30 10:27:50 UTC1255INData Raw: 3b 63 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f
                              Data Ascii: ;ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"o
                              2024-04-30 10:27:50 UTC1255INData Raw: 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64 65 66
                              Data Ascii: "===typeof d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="undef
                              2024-04-30 10:27:50 UTC1255INData Raw: 66 29 7b 74 68 69 73 2e 50 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75
                              Data Ascii: f){this.Pf=[];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=nu
                              2024-04-30 10:27:50 UTC1255INData Raw: 74 79 70 65 2e 6e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74 75 72
                              Data Ascii: type.nea=function(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)retur
                              2024-04-30 10:27:50 UTC1255INData Raw: 68 69 73 2e 73 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63 28 5b
                              Data Ascii: his.sV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c([
                              2024-04-30 10:27:50 UTC1255INData Raw: 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28
                              Data Ascii: .seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)||3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e(
                              2024-04-30 10:27:50 UTC1255INData Raw: 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d 2e 6e
                              Data Ascii: =new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m.n
                              2024-04-30 10:27:50 UTC1255INData Raw: 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66 75 6e
                              Data Ascii: b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key||l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(fun
                              2024-04-30 10:27:50 UTC1255INData Raw: 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d 0a 5f
                              Data Ascii: n!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||4!=f.value[0].x||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=_


                              Session IDSource IPSource PortDestination IPDestination Port
                              7192.168.2.1149748173.222.162.42443
                              TimestampBytes transferredDirectionData
                              2024-04-30 10:28:00 UTC2257OUTPOST /threshold/xls.aspx HTTP/1.1
                              Origin: https://www.bing.com
                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                              Accept: */*
                              Accept-Language: en-CH
                              Content-type: text/xml
                              X-Agent-DeviceId: 01000A410900562F
                              X-BM-CBT: 1696504051
                              X-BM-DateFormat: dd/MM/yyyy
                              X-BM-DeviceDimensions: 784x984
                              X-BM-DeviceDimensionsLogical: 784x984
                              X-BM-DeviceScale: 100
                              X-BM-DTZ: 120
                              X-BM-Market: CH
                              X-BM-Theme: 000000;0078d7
                              X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                              X-Device-ClientSession: 4B171369968B4A91B5924AA2614BCFED
                              X-Device-isOptin: false
                              X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                              X-Device-OSSKU: 48
                              X-Device-Touch: false
                              X-DeviceID: 01000A410900562F
                              X-MSEdge-ExternalExp: bfbwsbghf928t,fliptrat6,msaslmc,msbdsborgv2cocf,premsbdsbchtupt3,spofglclickserpf2,urlvalblock_c,websuganno_t4,wsbqfminiserp500,wsbref-t,wsbuatp
                              X-MSEdge-ExternalExpType: JointCoord
                              X-PositionerType: Desktop
                              X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                              X-Search-CortanaAvailableCapabilities: None
                              X-Search-SafeSearch: Moderate
                              X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                              X-UserAgeClass: Unknown
                              Accept-Encoding: gzip, deflate, br
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                              Host: www.bing.com
                              Content-Length: 608
                              Connection: Keep-Alive
                              Cache-Control: no-cache
                              Cookie: SRCHUID=V=2&GUID=315C495C60F94311972996FD0EC32D15&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696503889569&IPMH=1854adde&IPMID=1696504051771&HV=1696503965; CortanaAppUID=D72205917F8099DAA4614C4AC795492B; MUID=499E3C3F75A14FEC9CD93BB8655E56F1; _SS=SID=17CE0BABFB9B6D1E3959180AFA716C3F&CPID=1696504052786&AC=1&CPH=e2adfc70; _EDGE_S=SID=17CE0BABFB9B6D1E3959180AFA716C3F; MUIDB=499E3C3F75A14FEC9CD93BB8655E56F1
                              2024-04-30 10:28:00 UTC1OUTData Raw: 3c
                              Data Ascii: <
                              2024-04-30 10:28:00 UTC607OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 39 39 45 33 43 33 46 37 35 41 31 34 46 45 43 39 43 44 39 33 42 42 38 36 35 35 45 35 36 46 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 38 33 33 33 35 39 31 44 32 36 31 34 32 44 34 38 30 33 30 33 44 44 33 42 30 36 36 30 34 32 33 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                              Data Ascii: ClientInstRequest><CID>499E3C3F75A14FEC9CD93BB8655E56F1</CID><Events><E><T>Event.ClientInst</T><IG>38333591D26142D480303DD3B0660423</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                              2024-04-30 10:28:00 UTC479INHTTP/1.1 204 No Content
                              Access-Control-Allow-Origin: *
                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              X-MSEdge-Ref: Ref A: 794E528103FA4664A78A7F18D46996FE Ref B: LAX311000111049 Ref C: 2024-04-30T10:28:00Z
                              Date: Tue, 30 Apr 2024 10:28:00 GMT
                              Connection: close
                              Alt-Svc: h3=":443"; ma=93600
                              X-CDN-TraceID: 0.2aa6dc17.1714472880.5f71066


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:12:27:36
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false
                              Show Windows behavior

                              File Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Process Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Process Token Activities


                              General

                              Target ID:4
                              Start time:12:27:41
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,14919854895804343911,12363454287620243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false
                              Show Windows behavior

                              File Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities


                              General

                              Target ID:7
                              Start time:12:27:43
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Process Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:8
                              Start time:12:27:43
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Process Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:9
                              Start time:12:27:43
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2008,i,5974368158524158762,16634714501121764978,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Memory Activities


                              General

                              Target ID:10
                              Start time:12:27:43
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z.moatads.co/"
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:11
                              Start time:12:27:44
                              Start date:30/04/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,13260400812998849454,1243882600216017716,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff6a3150000
                              File size:3'242'272 bytes
                              MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Memory Activities


                              Disassembly

                              No disassembly