Edit tour

Windows Analysis Report
https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe

Overview

General Information

Sample URL:	https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe
Analysis ID:	1544007
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected BlockedWebSite

AI detected suspicious URL

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Very long command line found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1872,i,11548563748980018258,2418912097983396861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_129	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
dropped/chromecache_128	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_129, type: DROPPED
Source: Yara match	File source: dropped/chromecache_128, type: DROPPED

Source: https://993d5bec.423144957447176b2bc9850b.workers.dev/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.16:49727 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49717 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.16:60814 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.16:49727 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/drawings/client/css/1162194821-preview_css_ltr.css HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
Source: global traffic	HTTP traffic detected: GET /static/drawings/client/js/1238060196-preview_core.js HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
Source: global traffic	HTTP traffic detected: GET /static/drawings/client/js/1238060196-preview_core.js HTTP/1.1Host: docs.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GChDbAwla9978rk&MD=ebZrlMdN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GChDbAwla9978rk&MD=ebZrlMdN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe HTTP/1.1Host: docs.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKN
Source: global traffic	HTTP traffic detected: GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1Host: lh7-rt.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://docs.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1Host: lh7-rt.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35 Safari/537.36Host: lh7-rt.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 993d5bec.423144957447176b2bc9850b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: 993d5bec.423144957447176b2bc9850b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://993d5bec.423144957447176b2bc9850b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: 993d5bec.423144957447176b2bc9850b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://993d5bec.423144957447176b2bc9850b.workers.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 993d5bec.423144957447176b2bc9850b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://993d5bec.423144957447176b2bc9850b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: 993d5bec.423144957447176b2bc9850b.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 993d5bec.423144957447176b2bc9850b.workers.dev
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 440Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 28 Oct 2024 16:54:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d9c7293ed038c56-DFW
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 28 Oct 2024 16:54:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukEad09w3jBvq8eFKwVxY7u7CvMHR69JJGaoylDO4BR6hjxCFcDw5hEnsSrqpIksZL%2BoAhsWq9SEbm27AYjMXGRQQpkA50rCEwa40mgvm7sVFMdDAYrcWfwIVxTJvXLXcEGUr1wHFZCmqleX6YPtNNNXEJRXcN3y5Dx5jPZEddY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d9c72a6cad545f0-DFW

Source: chromecache_136.1.dr, chromecache_132.1.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_136.1.dr, chromecache_132.1.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_136.1.dr, chromecache_132.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_128.1.dr, chromecache_129.1.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_128.1.dr, chromecache_129.1.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60816
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60815
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49717 version: TLS 1.2

Source: unknown

Process created: Commandline size = 2058

Source: classification engine

Classification label: mal60.phis.win@23/28@16/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1872,i,11548563748980018258,2418912097983396861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1872,i,11548563748980018258,2418912097983396861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected suspicious URL: URL: https://993d5bec.423144957447176b2bc9850b.workers.dev

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Command and Scripting Interpreter	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
993d5bec.423144957447176b2bc9850b.workers.dev	172.67.167.25	true	true	unknown
docs.google.com	172.217.18.110	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://docs.google.com/static/drawings/client/js/1238060196-preview_core.js	false	unknown
https://a.nel.cloudflare.com/report/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D	false	unknown
https://993d5bec.423144957447176b2bc9850b.workers.dev/cdn-cgi/styles/cf.errors.css	false	unknown
https://993d5bec.423144957447176b2bc9850b.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637	false	unknown
https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe	true	unknown
https://993d5bec.423144957447176b2bc9850b.workers.dev/	false	unknown
https://993d5bec.423144957447176b2bc9850b.workers.dev/favicon.ico	false	unknown
https://lh7-rt.googleusercontent.com/drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V	false	unknown
https://docs.google.com/static/drawings/client/css/1162194821-preview_css_ltr.css	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_128.1.dr, chromecache_129.1.dr	false		unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_136.1.dr, chromecache_132.1.dr	false	URL Reputation: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_128.1.dr, chromecache_129.1.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
172.67.167.25	993d5bec.423144957447176b2bc9850b.workers.dev	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
104.21.49.204	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
172.217.18.97	unknown	United States	15169	GOOGLEUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.18.110	docs.google.com	United States	15169	GOOGLEUS	false
142.250.186.33	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544007
Start date and time:	2024-10-28 17:52:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@23/28@16/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 216.58.206.78, 64.233.167.84, 34.104.35.123, 93.184.221.240, 142.250.186.67, 142.250.185.99, 142.250.186.35, 142.250.185.67, 142.250.186.46
Excluded domains from analysis (whitelisted): clients1.google.com, ssl.gstatic.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, lh7-rt.googleusercontent.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:52:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.977213701021961
Encrypted:	false
SSDEEP:	48:8yUdeTaOaHTidAKZdA1FehwiZUklqehgy+3:8Yvmzy
MD5:	C6B3CB8A1C08F676CF9BAA7F2461EA35
SHA1:	61D079F052D13B2C3CC8C81673AD3BCCB2982397
SHA-256:	923E05B14BE51ADC8A867F02B620DB9ACA10F262708B95604388E710D017ACF6
SHA-512:	79B075308CBB85076652DECE06CD60E9105FAA0D20213F080377F9657D3109AA07CAE21A9254B46A47CDC34653B6CE362811883D22AA0526C43085154AD498E4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....n.B.Y)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 17:52:52.607131958 CET	53	55038	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:52.624463081 CET	53	62466	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:53.412311077 CET	64191	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:53.412472010 CET	56603	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:53.420047045 CET	53	56603	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:53.420232058 CET	53	64191	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:53.896311045 CET	53	58090	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:57.414324045 CET	61207	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:57.414592981 CET	58631	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:57.422334909 CET	53	61207	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:57.422792912 CET	53	58631	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:57.559387922 CET	56493	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:57.559530973 CET	63536	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:52:57.566934109 CET	53	56493	1.1.1.1	192.168.2.16
Oct 28, 2024 17:52:57.568097115 CET	53	63536	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:10.938266039 CET	53	57088	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:29.963613033 CET	53	60018	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:52.489424944 CET	53	57386	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:52.571670055 CET	53	64203	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:57.436140060 CET	138	138	192.168.2.16	192.168.2.255
Oct 28, 2024 17:53:57.478558064 CET	59631	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:53:57.478844881 CET	53234	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:53:57.488240957 CET	53	59631	1.1.1.1	192.168.2.16
Oct 28, 2024 17:53:57.488985062 CET	53	53234	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:10.429275036 CET	59103	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:10.429395914 CET	49255	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:10.436877966 CET	53	59103	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:10.437387943 CET	53	49255	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:14.750399113 CET	53	55954	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:16.000791073 CET	53	56885	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:21.197360039 CET	53	59086	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:22.721496105 CET	63420	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:22.723463058 CET	59628	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:23.289880037 CET	53	63420	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:23.290498972 CET	53	59628	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:24.697515965 CET	52706	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:24.697680950 CET	53616	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:24.705032110 CET	53	52706	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:24.705069065 CET	53	53616	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:26.265592098 CET	53	57150	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:26.352992058 CET	63189	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:26.353118896 CET	54754	53	192.168.2.16	1.1.1.1
Oct 28, 2024 17:54:26.369676113 CET	53	54754	1.1.1.1	192.168.2.16
Oct 28, 2024 17:54:26.373949051 CET	53	63189	1.1.1.1	192.168.2.16

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:52:54 UTC	2787	OUT	GET /drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8 [TRUNCATED] Host: docs.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:52:55 UTC	3289	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 x-robots-tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 28 Oct 2024 16:52:54 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Content-Security-Policy: base-uri 'self';object-src 'self' blob:;report-uri https://docs.google.com/drawings/cspreport;script-src 'report-sample' 'nonce-o2TCIBBV2NwwoZu1igo9lQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' reporting-endpoints: default="/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/web-reports?bl=editors.drawings-frontend_20241015.02_p1&clss=1&context=eJwNzHtYzXccB_Bv39_n-6OrCqGZZB6xlEJjiqNOh4NR0_R1C9FBmcqJGDJ6NM_acntsxTxOKZVyWnOPWZZWc49HCHPPpYtbzhwttfcfr7_eF7s7jq6tkcyWSTZAlewHMHWW7IydZGvtJTPDIQfJcp0le9dNMq_uklXCrz0kK4fBPSXbDpPdJcvrI1msh2QBXpK5DJbM2weZr2SZGskKIXecZIenYg9e0yUbAcoMybpCzUzJ7sONaMmegm2MZL3gzULJ-CLJzsZJVgc310v2DEZmSKaH9izJnHZK1q1Usv5w95RkL8CzSjJ_qLmMX9DUSBYGmY8lK4CD9ZJVQBVch2ntkhmgtncjt0Lqp408HW7Mfs3vgdvi17wP2Ax4w22hx8M33ANyfFv4frg5rYXfh2edLfwVnPG18POw08_CH_hb-HPwSbHwANix3sJ3w-0NFv4I4k5YuBEylrzjP8E_QVZeD4WjrbwUhi608lHwLt3KO2DUufc8BFa6tvJvIT-7lZeAZlcbHw_Df2njQTDW1Mb10Da1nVNEO197q51vhJmsg8-Hwt4dvBQurOrg12Dh6g4eD75LmbLYyJRESL7PlHXwfq-NMjzPRgkC-wyudIUXlVy5rSjKIygcqCil4BGhKF5Q_pWiVEPNRkW5CYs2KYoRztUrylXYYkfKb31JKYOgl6MoFC42BFItRL8IpFi4-jqQbsG3lkDaBBVhQfQiM4j-hZQDQZQGEe6jaRY8HjGamoBljSZ7mNt_DC2C9GFjaDv8HDOG9kCJ0NBRMG_W0BFo-FtDb-BBjYaeg0vtWOoF1fpgugq9JgWTJ7QWBhPfH0yzmoNpAUSGhNAcuJIVQnWwtTiEsuD7Ay [TRUNCATED] Referrer-Policy: strict-origin-when-cross-origin Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Set-Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q; expires=Tue, 29-Apr-2025 16:52:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 36 65 65 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6f 32 54 43 49 42 42 56 32 4e 77 77 6f 5a 75 31 69 67 6f 39 6c 51 22 3e 76 61 72 20 44 4f 43 53 5f 74 69 6d 69 6e 67 3d 7b 7d 3b 20 44 4f 43 53 5f 74 69 6d 69 6e 67 5b 27 70 6c 73 27 5d 3d 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 69 67 6e 61 74 75 72 65 20 52 65 71 75 65 73 74 65 64 20 7c 7c 7c 20 53 65 63 75 72 65 20 53 68 61 72 65 64 20 44 6f 63 73 20 56 69 61 20 65 2d 44 6f 63 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: 6ee6<!DOCTYPE html><html lang="en"><head><script nonce="o2TCIBBV2NwwoZu1igo9lQ">var DOCS_timing={}; DOCS_timing['pls']=new Date().getTime();</script><meta property="og:title" content="Signature Requested \|\|\| Secure Shared Docs Via e-Doc"><meta property=
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 67 6b 6a 6c 68 61 6c 66 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 63 68 72 6f 6d 65 2d 65 78 74 65 6e 73 69 6f 6e 3a 2f 2f 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 2f 70 61 67 65 5f 65 6d 62 65 64 5f 73 63 72 69 70 74 2e 6a 73 22 20 6e 6f 6e 63 65 3d 22 6f 32 54 43 49 42 42 56 32 4e 77 77 6f 5a 75 31 69 67 6f 39 6c 51 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 69 64 3d 22 5f 67 64 22 20 6e 6f 6e 63 65 3d 22 6f 32 54 43 49 42 42 56 32 4e 77 77 6f 5a 75 31 69 67 6f 39 6c 51 22 3e 77 69 6e 64 6f 77 2e 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 20 3d 20 7b 22 54 53 44 74 56 22 3a 22 25 2e 40 2e 5d 22 2c 22 6e 51 79 41 45 22 3a 7b 7d 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 Data Ascii: gkjlhalf"><script src="chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js" nonce="o2TCIBBV2NwwoZu1igo9lQ"></script><script data-id="_gd" nonce="o2TCIBBV2NwwoZu1igo9lQ">window.WIZ_global_data = {"TSDtV":"%.@.]","nQyAE":{}};</script><s
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 30 30 30 30 2c 22 64 6f 63 73 2d 6f 66 66 6c 69 6e 65 2d 75 65 62 69 65 22 3a 31 2c 22 64 6f 63 73 2d 6c 6f 63 61 6c 73 74 6f 72 65 2d 65 70 6c 61 6d 22 3a 30 2c 22 64 6f 63 73 2d 65 6d 61 73 6c 22 3a 30 2c 22 66 61 74 72 61 22 3a 31 2c 22 64 6f 63 73 2d 65 65 63 73 6f 6f 69 22 3a 31 2c 22 64 6f 63 73 2d 65 65 69 63 22 3a 30 2c 22 64 6f 63 73 2d 73 77 2d 65 66 63 72 22 3a 31 2c 22 64 6f 63 73 2d 73 77 2d 65 68 6e 75 72 22 3a 30 2c 22 64 6f 63 73 2d 65 69 6f 61 77 6f 22 3a 30 2c 22 64 6f 63 73 2d 65 6d 63 63 74 22 3a 30 2c 22 64 6f 63 73 2d 73 73 6e 64 6c 22 3a 31 2c 22 64 6f 63 73 2d 65 75 63 73 75 61 63 22 3a 31 2c 22 64 6f 63 73 2d 73 77 2d 65 63 66 72 22 3a 30 2c 22 64 6f 63 73 2d 63 6d 62 73 22 3a 35 30 30 2c 22 64 6f 63 73 2d 64 6f 69 65 22 3a 30 2c Data Ascii: 0000,"docs-offline-uebie":1,"docs-localstore-eplam":0,"docs-emasl":0,"fatra":1,"docs-eecsooi":1,"docs-eeic":0,"docs-sw-efcr":1,"docs-sw-ehnur":0,"docs-eioawo":0,"docs-emcct":0,"docs-ssndl":1,"docs-eucsuac":1,"docs-sw-ecfr":0,"docs-cmbs":500,"docs-doie":0,
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 31 35 36 31 35 36 39 2c 37 31 35 37 33 39 33 30 2c 37 31 35 37 33 39 33 38 2c 37 31 35 39 32 34 37 30 2c 37 31 35 39 32 34 37 38 2c 37 31 36 31 36 38 30 33 2c 37 31 36 31 36 38 31 31 2c 37 31 36 31 36 38 31 33 2c 37 31 36 31 36 38 32 31 2c 37 31 36 31 36 38 33 33 2c 37 31 36 31 36 38 34 31 2c 37 31 36 31 36 38 38 33 2c 37 31 36 31 36 38 39 31 2c 37 31 36 33 38 35 30 33 2c 37 31 36 33 38 35 31 31 2c 37 31 36 34 32 30 34 33 2c 37 31 36 34 32 30 35 31 2c 37 31 36 35 37 39 38 30 2c 37 31 36 35 37 39 38 38 2c 37 31 36 35 39 38 33 33 2c 37 31 36 35 39 38 34 31 2c 37 31 36 37 39 34 36 30 2c 37 31 36 37 39 34 36 38 2c 37 31 36 38 31 39 39 30 2c 37 31 36 38 31 39 39 38 2c 37 31 36 38 38 39 31 38 2c 37 31 36 38 38 39 32 36 2c 37 31 36 38 39 39 34 30 2c 37 31 36 38 Data Ascii: 1561569,71573930,71573938,71592470,71592478,71616803,71616811,71616813,71616821,71616833,71616841,71616883,71616891,71638503,71638511,71642043,71642051,71657980,71657988,71659833,71659841,71679460,71679468,71681990,71681998,71688918,71688926,71689940,7168
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 39 31 31 31 33 2c 39 34 39 32 39 33 34 34 2c 35 30 31 30 38 39 39 39 2c 39 35 31 30 34 33 37 33 2c 39 34 33 35 39 30 34 32 2c 34 39 39 32 34 36 37 34 2c 37 31 35 32 38 33 32 35 2c 35 30 31 30 39 32 34 34 2c 34 39 37 36 39 33 36 35 2c 39 34 34 33 34 33 34 35 2c 37 31 35 33 36 36 32 37 2c 37 31 36 35 39 38 34 31 2c 39 34 34 33 35 34 34 36 2c 34 39 34 32 33 38 38 31 2c 39 35 32 32 34 38 36 34 2c 39 34 36 32 39 38 38 35 2c 39 34 34 36 31 34 39 33 2c 34 39 36 32 32 37 33 31 2c 37 31 38 39 37 39 31 35 2c 35 30 32 39 37 34 35 34 2c 37 31 38 39 39 34 32 36 2c 37 31 30 33 36 35 32 31 2c 39 34 34 32 30 39 30 35 2c 34 39 38 33 33 35 33 30 2c 37 31 35 33 30 32 31 31 2c 35 37 32 34 38 39 36 2c 35 30 36 30 32 31 36 39 2c 35 37 35 30 32 35 34 2c 39 35 32 37 31 30 31 33 Data Ascii: 91113,94929344,50108999,95104373,94359042,49924674,71528325,50109244,49769365,94434345,71536627,71659841,94435446,49423881,95224864,94629885,94461493,49622731,71897915,50297454,71899426,71036521,94420905,49833530,71530211,5724896,50602169,5750254,95271013
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 30 6b 4c 55 6b 70 73 50 31 39 30 51 55 52 68 76 4a 6e 32 22 2c 22 4b 46 6b 73 37 55 65 5a 33 30 6b 4c 55 6b 70 73 50 31 39 30 55 55 4d 52 36 63 76 68 22 2c 22 4c 63 54 61 36 45 6a 65 43 30 6b 4c 55 6b 70 73 50 31 39 30 52 4b 67 76 57 35 71 69 22 2c 22 73 33 55 46 63 6a 47 6a 74 30 6b 4c 55 6b 70 73 50 31 39 30 5a 34 35 66 74 57 52 72 22 2c 22 6f 39 39 65 77 42 51 58 79 30 6b 4c 55 6b 70 73 50 31 39 30 4e 71 32 71 72 36 74 66 22 2c 22 50 48 56 79 79 35 75 53 53 30 6b 4c 55 6b 70 73 50 31 39 30 53 55 73 59 6f 38 67 51 22 2c 22 79 5a 6e 32 31 61 6b 69 64 30 69 53 46 54 43 62 69 45 42 30 57 50 69 47 45 53 54 33 22 2c 22 68 32 54 74 71 7a 6d 51 46 30 6b 4c 55 6b 70 73 50 31 39 30 59 50 4a 69 51 74 37 70 22 2c 22 4d 5a 69 39 76 62 35 55 43 30 6b 4c 55 6b 70 73 Data Ascii: 0kLUkpsP190QURhvJn2","KFks7UeZ30kLUkpsP190UUMR6cvh","LcTa6EjeC0kLUkpsP190RKgvW5qi","s3UFcjGjt0kLUkpsP190Z45ftWRr","o99ewBQXy0kLUkpsP190Nq2qr6tf","PHVyy5uSS0kLUkpsP190SUsYo8gQ","yZn21akid0iSFTCbiEB0WPiGEST3","h2TtqzmQF0kLUkpsP190YPJiQt7p","MZi9vb5UC0kLUkps
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f Data Ascii: EkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuO
2024-10-28 16:52:55 UTC	3289	IN	Data Raw: 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 Data Ascii: a9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCY
2024-10-28 16:52:55 UTC	2086	IN	Data Raw: 70 6d 22 3a 30 2c 22 64 6f 63 73 2d 6d 65 66 75 22 3a 30 2c 22 64 6f 63 73 2d 69 69 63 70 22 3a 30 2c 22 64 6f 63 73 2d 65 61 65 6c 70 22 3a 30 2c 22 64 6f 63 73 2d 65 64 76 6d 22 3a 30 2c 22 64 6f 63 73 2d 65 6c 70 67 22 3a 30 2c 22 64 6f 63 73 2d 65 6c 70 61 72 22 3a 30 2c 22 64 6f 63 73 2d 61 63 61 70 22 3a 5b 22 64 6f 63 73 2e 73 65 63 75 72 69 74 79 2e 61 63 63 65 73 73 5f 63 61 70 61 62 69 6c 69 74 69 65 73 22 2c 31 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 31 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 31 2c 30 5d 2c 22 64 6f 63 73 2d 63 69 22 3a 22 31 4f 37 4c 36 6a 6e 75 6e 70 4b 59 59 52 79 31 5a 58 58 35 44 4e 34 45 4e 65 5a 34 70 78 78 57 46 38 42 47 30 6d 63 44 64 46 69 30 22 2c 22 64 6f 63 Data Ascii: pm":0,"docs-mefu":0,"docs-iicp":0,"docs-eaelp":0,"docs-edvm":0,"docs-elpg":0,"docs-elpar":0,"docs-acap":["docs.security.access_capabilities",1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"docs-ci":"1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0","doc
2024-10-28 16:52:55 UTC	1378	IN	Data Raw: 31 31 30 63 0d 0a 70 22 3a 31 2c 22 64 6f 63 73 2d 65 75 73 63 61 22 3a 30 2c 22 64 6f 63 73 2d 65 77 6c 69 70 22 3a 31 2c 22 64 6f 63 73 2d 65 7a 74 63 69 22 3a 30 2c 22 64 6f 63 73 2d 65 7a 64 75 6f 6c 65 22 3a 30 2c 22 64 6f 63 73 2d 68 63 77 69 64 75 22 3a 30 2c 22 64 6f 63 73 2d 68 6d 67 22 3a 30 2c 22 64 6f 63 73 2d 69 70 6d 6d 70 22 3a 31 2c 22 64 6f 63 73 2d 69 70 75 76 22 3a 31 2c 22 64 6f 63 73 2d 70 6c 69 6d 69 66 22 3a 32 30 2e 30 2c 22 64 6f 63 73 2d 73 70 74 6d 22 3a 31 2c 22 64 6f 63 73 2d 73 73 69 22 3a 30 2c 22 64 6f 63 73 2d 65 73 6c 69 6e 22 3a 31 2c 22 64 6f 63 73 2d 75 6f 63 69 22 3a 22 22 2c 22 64 6f 63 73 2d 67 74 68 22 3a 22 22 2c 22 64 6f 63 73 2d 6e 64 73 6f 6d 22 3a 5b 5d 2c 22 64 6f 63 73 2d 64 6d 22 3a 22 61 70 70 6c 69 63 61 Data Ascii: 110cp":1,"docs-eusca":0,"docs-ewlip":1,"docs-eztci":0,"docs-ezduole":0,"docs-hcwidu":0,"docs-hmg":0,"docs-ipmmp":1,"docs-ipuv":1,"docs-plimif":20.0,"docs-sptm":1,"docs-ssi":0,"docs-eslin":1,"docs-uoci":"","docs-gth":"","docs-ndsom":[],"docs-dm":"applica

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:52:56 UTC	2911	OUT	GET /static/drawings/client/css/1162194821-preview_css_ltr.css HTTP/1.1 Host: docs.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw== Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJ [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
2024-10-28 16:52:56 UTC	781	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="docs" Report-To: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]} Content-Length: 312557 Date: Mon, 28 Oct 2024 16:52:56 GMT Expires: Tue, 28 Oct 2025 16:52:56 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2024 17:35:18 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:52:56 UTC	597	IN	Data Raw: 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 30 73 20 6c 69 6e 65 61 72 20 31 73 2c 6f 70 61 63 69 74 79 20 31 73 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 68 65 69 67 68 74 3a 30 3b 6f 70 61 63 69 74 79 3a 30 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e Data Ascii: .jfk-butterBar{border-radius:2px;box-shadow:0 2px 4px rgba(0,0,0,.2);transition:all 0s linear 1s,opacity 1s;border-style:solid;border-width:0;font-size:11px;height:0;opacity:0;visibility:hidden;overflow:hidden;padding:0;text-align:center}.jfk-butterBar-in
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 31 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 34 70 78 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6f 70 61 63 69 74 79 3a 31 3b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 31 36 70 78 7d 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 6d 69 6e 69 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 73 68 6f 77 6e 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 36 70 78 7d 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 68 65 69 67 68 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 6f 70 3a 33 32 70 78 3b 77 69 64 74 68 3a 31 30 30 25 3b Data Ascii: border-width:1px;min-height:14px;height:auto;opacity:1;visibility:visible;padding:6px 16px}.jfk-butterBar-mini.jfk-butterBar-shown{padding:2px 16px}.docs-butterbar-container{font-weight:500;height:0;position:absolute;text-align:center;top:32px;width:100%;
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 36 70 78 7d 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 62 75 74 74 65 72 2d 61 63 74 69 6f 6e 2c 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 64 69 73 6d 69 73 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 66 6c 65 78 3a 31 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 65 6e 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 64 69 73 6d Data Ascii: d{padding-left:6px}.docs-gm .docs-butterbar-butter-action,.docs-gm .docs-butterbar-dismiss{font-size:16px;text-decoration:none;flex:1;text-align:end;white-space:nowrap;font-family:Google Sans,Roboto,Helvetica,Arial,sans-serif}.docs-gm .docs-butterbar-dism
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 69 6e 66 6f 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 61 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 3a 6c 69 6e 6b 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 61 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 3a 76 69 73 69 74 65 64 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 61 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 61 2e 64 6f 63 73 2d 62 Data Ascii: info .docs-butterbar-link-no-pad,.docs-gm .jfk-butterBar-info a.docs-butterbar-link-no-pad:link,.docs-gm .jfk-butterBar-info a.docs-butterbar-link-no-pad:visited,.docs-gm .jfk-butterBar-info a.docs-butterbar-link:link,.docs-gm .jfk-butterBar-info a.docs-b
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 65 72 62 61 72 2d 64 69 73 6d 69 73 73 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 69 6e 66 6f 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 38 35 61 62 63 7d 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 77 61 72 6e 69 6e 67 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 62 75 74 74 65 72 2d 61 63 74 69 6f 6e 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 2d 67 6d 20 2e 6a 66 6b 2d 62 75 74 74 65 72 42 61 72 2d 77 61 72 6e 69 6e 67 20 2e 64 Data Ascii: erbar-dismiss:hover,.docs-gm .jfk-butterBar-info .docs-butterbar-link-no-pad:hover,.docs-gm .jfk-butterBar-info .docs-butterbar-link:hover{color:#185abc}.docs-gm .jfk-butterBar-warning .docs-butterbar-butter-action:hover,.docs-gm .jfk-butterBar-warning .d
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 2d 62 75 74 74 65 72 62 61 72 2d 64 69 73 6d 69 73 73 2c 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 77 72 61 70 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 47 6f 6f 67 6c 65 20 53 61 6e 73 2c 52 6f 62 6f 74 6f 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 Data Ascii: -butterbar-dismiss,.docs-grille-gm3.docs-grille-gm3.docs-gm .docs-butterbar-wrap .docs-butterbar-link{border:1px solid transparent;border-radius:100px;box-sizing:border-box;cursor:pointer;font-family:Google Sans,Roboto,sans-serif;font-size:14px;font-weigh
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 72 62 61 72 2d 77 72 61 70 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 62 75 74 74 65 72 2d 61 63 74 69 6f 6e 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 64 69 73 6d 69 73 73 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 62 75 74 74 65 72 62 61 72 2d 6c 69 6e 6b 2d 6e 6f 2d 70 61 64 3a 68 6f 76 65 72 2c 2e 64 6f 63 73 Data Ascii: rbar-wrap .docs-butterbar-link-no-pad{border-radius:4px;margin:0;padding:0}.docs-grille-gm3.docs-gm .docs-butterbar-butter-action:hover,.docs-grille-gm3.docs-gm .docs-butterbar-dismiss:hover,.docs-grille-gm3.docs-gm .docs-butterbar-link-no-pad:hover,.docs
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 63 6f 6d 6d 6f 6e 2f 6d 61 74 65 72 69 61 6c 5f 63 6f 6d 6d 6f 6e 5f 73 70 72 69 74 65 37 35 38 2e 73 76 67 29 7d 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 63 6f 6d 6d 6f 6e 2f 6d 61 74 65 72 69 61 6c 5f 63 6f 6d 6d 6f 6e 5f 73 70 72 69 74 65 37 35 38 5f 67 72 65 79 5f 6d 65 64 69 75 6d 2e 73 76 67 29 7d 2e 64 6f 63 73 2d 67 72 69 6c 6c 65 2d 67 6d 33 20 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 Data Ascii: /ssl.gstatic.com/docs/common/material_common_sprite758.svg)}.docs-gm .docs-material .docs-icon-img:before{content:url(https://ssl.gstatic.com/docs/common/material_common_sprite758_grey_medium.svg)}.docs-grille-gm3 .docs-material .docs-icon-img:before{cont
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 67 6f 6f 67 2d 6d 65 6e 75 69 74 65 6d 2d 69 63 6f 6e 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 73 70 72 65 61 64 73 68 65 65 74 7b 6f 70 61 63 69 74 79 3a 31 7d 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 67 6f 6f 67 2d 74 6f 6f 6c 62 61 72 2d 62 75 74 74 6f 6e 2d 69 6e 6e 65 72 2d 62 6f 78 20 2e 64 6f 63 73 2d 69 63 6f 6e 2c 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 67 6f 6f 67 2d 74 6f 6f 6c 62 61 72 2d 6d 65 6e 75 2d 62 75 74 74 6f 6e 2d 63 61 70 74 69 6f 6e 20 2e 64 6f 63 73 2d 69 63 6f 6e 2c 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 67 6f 6f 67 2d 74 6f 6f 6c 62 61 72 2d 6d 65 6e 75 2d 62 75 74 74 6f 6e 2d 63 61 70 74 69 6f 6e 20 2e 67 6f 6f 67 2d 63 6f 6c 6f 72 2d 6d 65 6e 75 2d 62 75 74 74 6f Data Ascii: docs-material .goog-menuitem-icon .docs-icon-spreadsheet{opacity:1}.docs-material .goog-toolbar-button-inner-box .docs-icon,.docs-material .goog-toolbar-menu-button-caption .docs-icon,.docs-material .goog-toolbar-menu-button-caption .goog-color-menu-butto
2024-10-28 16:52:56 UTC	1378	IN	Data Raw: 6f 6e 74 2d 31 38 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 2c 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 76 69 64 65 6f 2d 63 61 6d 65 72 61 2d 66 72 6f 6e 74 2d 32 34 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 2c 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 64 6f 63 73 2d 61 6e 61 6c 79 74 69 63 73 2d 73 69 64 65 62 61 72 2d 74 61 62 2d 73 65 6c 65 63 74 65 64 20 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 2c 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 64 6f 63 73 2d 73 6d 61 72 74 2d 73 75 6d 6d 61 72 79 2d 74 69 6e 74 65 64 2e 64 6f 63 73 2d 69 63 6f 6e 2d 69 6d 67 2c 2e 64 6f 63 73 2d 67 6d 20 2e 64 6f 63 73 2d 6d 61 74 65 72 69 61 6c 20 2e 6b 69 78 2d 63 61 6c 65 6e 64 Data Ascii: ont-18 .docs-icon-img,.docs-gm .docs-icon-video-camera-front-24 .docs-icon-img,.docs-gm .docs-material .docs-analytics-sidebar-tab-selected .docs-icon-img,.docs-gm .docs-material .docs-smart-summary-tinted.docs-icon-img,.docs-gm .docs-material .kix-calend

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:52:56 UTC	2892	OUT	GET /static/drawings/client/js/1238060196-preview_core.js HTTP/1.1 Host: docs.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw== Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJ [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
2024-10-28 16:52:57 UTC	800	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="docs" Report-To: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]} Content-Length: 104042 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 28 Oct 2024 08:21:54 GMT Expires: Tue, 28 Oct 2025 08:21:54 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2024 17:35:18 GMT Content-Type: text/javascript Vary: Accept-Encoding, Origin Age: 30663 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:52:57 UTC	578	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 28 5b 5d 29 3b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 61 61 3d 22 24 24 63 6c Data Ascii: function _F_toggles_initialize(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]}_F_toggles_initialize([]);/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var aa="$$cl
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 79 22 2c 75 61 3d 22 73 65 76 65 72 69 74 79 2d 75 6e 70 72 65 66 69 78 65 64 22 2c 75 3d 22 73 74 72 69 6e 67 22 2c 76 61 3d 22 73 75 63 63 65 73 73 22 2c 77 61 3d 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 3b 66 75 6e 63 74 69 6f 6e 20 78 61 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 77 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 79 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 5b 61 5d 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 7d 76 61 72 20 78 2c 41 61 3d 5b Data Ascii: y",ua="severity-unprefixed",u="string",va="success",wa="unhandledrejection";function xa(){return function(a){return a}}function w(){return function(){}}function ya(a){return function(){return this[a]}}function za(a){return function(){return a}}var x,Aa=[
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 22 29 3b 66 6f 72 28 76 61 72 20 63 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 79 5b 63 5b 64 5d 5d 3b 74 79 70 65 6f 66 20 65 3d 3d 3d 70 26 26 74 79 70 65 6f 66 20 65 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 70 26 26 45 61 28 65 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 Data Ascii: ");for(var c="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),d=0;d<c.length;d++){var e=y[c[d]];typeof e===p&&typeof e.prototype[a]!=p&&Ea(e.prototype,a,{configurable:!0,writ
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 65 6c 73 65 20 61 5b 64 5d 3d 63 5b 64 5d 3b 61 2e 52 3d 63 2e 70 72 6f 74 6f 74 79 70 65 7d 0a 7a 28 22 50 72 6f 6d 69 73 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 68 29 7b 74 68 69 73 2e 67 3d 30 3b 74 68 69 73 2e 6c 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 6a 3d 5b 5d 3b 74 68 69 73 2e 76 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6f 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 74 68 69 73 2e 67 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 72 65 74 75 72 6e 20 68 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 68 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f 6e 28 6b Data Ascii: else a[d]=c[d];a.R=c.prototype}z("Promise",function(a){function c(h){this.g=0;this.l=void 0;this.j=[];this.v=!1;var k=this.o();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}}function d(){this.g=null}function e(h){return h instanceof c?h:new c(function(k
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 7b 69 66 28 68 2e 44 28 29 29 7b 76 61 72 20 6b 3d 79 2e 63 6f 6e 73 6f 6c 65 3b 74 79 70 65 6f 66 20 6b 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 6b 2e 65 72 72 6f 72 28 68 2e 6c 29 7d 7d 2c 31 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 44 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 76 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 79 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 79 2e 45 76 65 6e 74 2c 6c 3d 79 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 0a 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 68 3d 3d 3d 70 3f 68 3d 6e 65 77 20 68 28 77 61 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 70 3f 68 3d 6e Data Ascii: {if(h.D()){var k=y.console;typeof k!=="undefined"&&k.error(h.l)}},1)};c.prototype.D=function(){if(this.v)return!1;var h=y.CustomEvent,k=y.Event,l=y.dispatchEvent;if(typeof l==="undefined")return!0;typeof h===p?h=new h(wa,{cancelable:!0}):typeof k===p?h=n
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 20 44 28 53 63 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 54 63 29 7b 4e 5b 53 63 5d 3d 54 63 3b 43 61 2d 2d 3b 43 61 3d 3d 30 26 26 6d 28 4e 29 7d 7d 76 61 72 20 4e 3d 5b 5d 2c 43 61 3d 30 3b 64 6f 20 4e 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 43 61 2b 2b 2c 65 28 6c 2e 76 61 6c 75 65 29 2e 6d 61 28 44 28 4e 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 63 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 2c 63 2c 64 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 69 60 22 2b 64 29 3b 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 Data Ascii: D(Sc){return function(Tc){N[Sc]=Tc;Ca--;Ca==0&&m(N)}}var N=[],Ca=0;do N.push(void 0),Ca++,e(l.value).ma(D(N.length-1),n),l=k.next();while(!l.done)})};return c});function Qa(a,c,d){if(a==null)throw new TypeError("i`"+d);if(c instanceof RegExp)throw new Ty
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 6e 28 6e 29 7b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 64 29 72 65 74 75 72 6e 20 6e 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6e 29 26 26 66 28 6e 29 3b 72 65 74 75 72 6e 20 6d 28 6e 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 0a 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 6e 2e 67 65 74 28 6c 29 21 3d 32 7c 7c 6e 2e 67 65 74 28 6d 29 21 3d 33 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e Data Ascii: n(n){if(n instanceof d)return n;Object.isExtensible(n)&&f(n);return m(n)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(n.get(l)!=2\|\|n.get(m)!=3)return!1;n.delete(l);n.set(m,4);return!n.
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 70 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 70 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6c 3d 6e 65 77 20 61 28 41 28 5b 5b 6b 2c 22 73 22 5d 5d 29 29 3b 69 66 28 6c 2e 67 65 74 28 6b 29 21 3d 22 73 22 7c 7c 6c 2e 73 69 7a 65 21 3d 31 7c 7c 6c 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6c 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6c 7c 7c 6c 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 6d 3d 6c 2e 65 6e 74 72 69 65 73 28 29 2c 6e 3d 6d 2e Data Ascii: l[0],l[1])}}if(function(){if(!a\|\|typeof a!=p\|\|!a.prototype.entries\|\|typeof Object.seal!=p)return!1;try{var k=Object.seal({x:4}),l=new a(A([[k,"s"]]));if(l.get(k)!="s"\|\|l.size!=1\|\|l.get({x:4})\|\|l.set({x:4},"t")!=l\|\|l.size!=2)return!1;var m=l.entries(),n=m.
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 76 61 6c 75 65 2c 6b 2e 63 61 6c 6c 28 6c 2c 6e 5b 31 5d 2c 6e 5b 30 5d 2c 0a 74 68 69 73 29 7d 3b 66 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 68 3d 30 3b 72 65 74 75 72 6e 20 66 7d 29 3b 0a 7a 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 64 29 7b 74 68 69 73 2e 67 3d 6e 65 77 20 4d 61 70 3b 69 66 28 64 29 7b 64 3d 41 28 64 29 3b 66 6f 72 28 76 61 72 20 65 3b 21 28 65 3d 64 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 74 68 69 73 2e 61 64 64 28 65 2e 76 61 6c 75 65 29 7d 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 67 2e 73 69 7a 65 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c Data Ascii: value,k.call(l,n[1],n[0],this)};f.prototype[Symbol.iterator]=f.prototype.entries;var h=0;return f});z("Set",function(a){function c(d){this.g=new Map;if(d){d=A(d);for(var e;!(e=d.next()).done;)this.add(e.value)}this.size=this.g.size}if(function(){if(!a\|\|
2024-10-28 16:52:57 UTC	1378	IN	Data Raw: 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 72 65 74 75 72 6e 20 63 3d 3d 3d 64 3f 63 21 3d 3d 30 7c 7c 31 2f 63 3d 3d 3d 31 2f 64 3a 63 21 3d 3d 63 26 26 64 21 3d 3d 64 7d 7d 29 3b 0a 7a 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 65 3d 53 74 72 69 6e 67 28 65 29 29 3b 76 61 72 20 66 3d 65 2e 6c 65 6e 67 74 68 3b 64 3d 64 7c 7c 30 3b 66 6f 72 28 64 3c 30 26 26 28 64 3d 4d 61 74 68 2e 6d 61 78 28 64 2b 66 2c 30 29 29 3b 64 3c 66 3b 64 2b 2b 29 7b 76 61 72 20 67 3d 65 5b 64 5d 3b 69 Data Ascii: eturn a?a:function(c,d){return c===d?c!==0\|\|1/c===1/d:c!==c&&d!==d}});z("Array.prototype.includes",function(a){return a?a:function(c,d){var e=this;e instanceof String&&(e=String(e));var f=e.length;d=d\|\|0;for(d<0&&(d=Math.max(d+f,0));d<f;d++){var g=e[d];i

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:52:58 UTC	680	OUT	GET /static/drawings/client/js/1238060196-preview_core.js HTTP/1.1 Host: docs.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
2024-10-28 16:52:58 UTC	800	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="docs" Report-To: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]} Content-Length: 104042 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 28 Oct 2024 08:29:13 GMT Expires: Tue, 28 Oct 2025 08:29:13 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2024 17:35:18 GMT Content-Type: text/javascript Vary: Accept-Encoding, Origin Age: 30225 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:52:58 UTC	578	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 28 5b 5d 29 3b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 61 61 3d 22 24 24 63 6c Data Ascii: function _F_toggles_initialize(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]}_F_toggles_initialize([]);/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var aa="$$cl
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 79 22 2c 75 61 3d 22 73 65 76 65 72 69 74 79 2d 75 6e 70 72 65 66 69 78 65 64 22 2c 75 3d 22 73 74 72 69 6e 67 22 2c 76 61 3d 22 73 75 63 63 65 73 73 22 2c 77 61 3d 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 3b 66 75 6e 63 74 69 6f 6e 20 78 61 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 77 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 79 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 5b 61 5d 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 7d 76 61 72 20 78 2c 41 61 3d 5b Data Ascii: y",ua="severity-unprefixed",u="string",va="success",wa="unhandledrejection";function xa(){return function(a){return a}}function w(){return function(){}}function ya(a){return function(){return this[a]}}function za(a){return function(){return a}}var x,Aa=[
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 22 29 3b 66 6f 72 28 76 61 72 20 63 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 79 5b 63 5b 64 5d 5d 3b 74 79 70 65 6f 66 20 65 3d 3d 3d 70 26 26 74 79 70 65 6f 66 20 65 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 70 26 26 45 61 28 65 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 Data Ascii: ");for(var c="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),d=0;d<c.length;d++){var e=y[c[d]];typeof e===p&&typeof e.prototype[a]!=p&&Ea(e.prototype,a,{configurable:!0,writ
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 65 6c 73 65 20 61 5b 64 5d 3d 63 5b 64 5d 3b 61 2e 52 3d 63 2e 70 72 6f 74 6f 74 79 70 65 7d 0a 7a 28 22 50 72 6f 6d 69 73 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 68 29 7b 74 68 69 73 2e 67 3d 30 3b 74 68 69 73 2e 6c 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 6a 3d 5b 5d 3b 74 68 69 73 2e 76 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6f 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 74 68 69 73 2e 67 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 72 65 74 75 72 6e 20 68 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 68 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f 6e 28 6b Data Ascii: else a[d]=c[d];a.R=c.prototype}z("Promise",function(a){function c(h){this.g=0;this.l=void 0;this.j=[];this.v=!1;var k=this.o();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}}function d(){this.g=null}function e(h){return h instanceof c?h:new c(function(k
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 7b 69 66 28 68 2e 44 28 29 29 7b 76 61 72 20 6b 3d 79 2e 63 6f 6e 73 6f 6c 65 3b 74 79 70 65 6f 66 20 6b 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 6b 2e 65 72 72 6f 72 28 68 2e 6c 29 7d 7d 2c 31 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 44 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 76 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 79 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 79 2e 45 76 65 6e 74 2c 6c 3d 79 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 0a 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 68 3d 3d 3d 70 3f 68 3d 6e 65 77 20 68 28 77 61 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 70 3f 68 3d 6e Data Ascii: {if(h.D()){var k=y.console;typeof k!=="undefined"&&k.error(h.l)}},1)};c.prototype.D=function(){if(this.v)return!1;var h=y.CustomEvent,k=y.Event,l=y.dispatchEvent;if(typeof l==="undefined")return!0;typeof h===p?h=new h(wa,{cancelable:!0}):typeof k===p?h=n
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 20 44 28 53 63 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 54 63 29 7b 4e 5b 53 63 5d 3d 54 63 3b 43 61 2d 2d 3b 43 61 3d 3d 30 26 26 6d 28 4e 29 7d 7d 76 61 72 20 4e 3d 5b 5d 2c 43 61 3d 30 3b 64 6f 20 4e 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 43 61 2b 2b 2c 65 28 6c 2e 76 61 6c 75 65 29 2e 6d 61 28 44 28 4e 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 63 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 51 61 28 61 2c 63 2c 64 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 69 60 22 2b 64 29 3b 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 Data Ascii: D(Sc){return function(Tc){N[Sc]=Tc;Ca--;Ca==0&&m(N)}}var N=[],Ca=0;do N.push(void 0),Ca++,e(l.value).ma(D(N.length-1),n),l=k.next();while(!l.done)})};return c});function Qa(a,c,d){if(a==null)throw new TypeError("i`"+d);if(c instanceof RegExp)throw new Ty
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 6e 28 6e 29 7b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 64 29 72 65 74 75 72 6e 20 6e 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6e 29 26 26 66 28 6e 29 3b 72 65 74 75 72 6e 20 6d 28 6e 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 0a 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 6e 2e 67 65 74 28 6c 29 21 3d 32 7c 7c 6e 2e 67 65 74 28 6d 29 21 3d 33 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e Data Ascii: n(n){if(n instanceof d)return n;Object.isExtensible(n)&&f(n);return m(n)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(n.get(l)!=2\|\|n.get(m)!=3)return!1;n.delete(l);n.set(m,4);return!n.
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 70 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 70 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6c 3d 6e 65 77 20 61 28 41 28 5b 5b 6b 2c 22 73 22 5d 5d 29 29 3b 69 66 28 6c 2e 67 65 74 28 6b 29 21 3d 22 73 22 7c 7c 6c 2e 73 69 7a 65 21 3d 31 7c 7c 6c 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6c 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6c 7c 7c 6c 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 6d 3d 6c 2e 65 6e 74 72 69 65 73 28 29 2c 6e 3d 6d 2e Data Ascii: l[0],l[1])}}if(function(){if(!a\|\|typeof a!=p\|\|!a.prototype.entries\|\|typeof Object.seal!=p)return!1;try{var k=Object.seal({x:4}),l=new a(A([[k,"s"]]));if(l.get(k)!="s"\|\|l.size!=1\|\|l.get({x:4})\|\|l.set({x:4},"t")!=l\|\|l.size!=2)return!1;var m=l.entries(),n=m.
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 76 61 6c 75 65 2c 6b 2e 63 61 6c 6c 28 6c 2c 6e 5b 31 5d 2c 6e 5b 30 5d 2c 0a 74 68 69 73 29 7d 3b 66 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 68 3d 30 3b 72 65 74 75 72 6e 20 66 7d 29 3b 0a 7a 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 64 29 7b 74 68 69 73 2e 67 3d 6e 65 77 20 4d 61 70 3b 69 66 28 64 29 7b 64 3d 41 28 64 29 3b 66 6f 72 28 76 61 72 20 65 3b 21 28 65 3d 64 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 74 68 69 73 2e 61 64 64 28 65 2e 76 61 6c 75 65 29 7d 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 67 2e 73 69 7a 65 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c Data Ascii: value,k.call(l,n[1],n[0],this)};f.prototype[Symbol.iterator]=f.prototype.entries;var h=0;return f});z("Set",function(a){function c(d){this.g=new Map;if(d){d=A(d);for(var e;!(e=d.next()).done;)this.add(e.value)}this.size=this.g.size}if(function(){if(!a\|\|
2024-10-28 16:52:58 UTC	1378	IN	Data Raw: 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 72 65 74 75 72 6e 20 63 3d 3d 3d 64 3f 63 21 3d 3d 30 7c 7c 31 2f 63 3d 3d 3d 31 2f 64 3a 63 21 3d 3d 63 26 26 64 21 3d 3d 64 7d 7d 29 3b 0a 7a 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 65 3d 53 74 72 69 6e 67 28 65 29 29 3b 76 61 72 20 66 3d 65 2e 6c 65 6e 67 74 68 3b 64 3d 64 7c 7c 30 3b 66 6f 72 28 64 3c 30 26 26 28 64 3d 4d 61 74 68 2e 6d 61 78 28 64 2b 66 2c 30 29 29 3b 64 3c 66 3b 64 2b 2b 29 7b 76 61 72 20 67 3d 65 5b 64 5d 3b 69 Data Ascii: eturn a?a:function(c,d){return c===d?c!==0\|\|1/c===1/d:c!==c&&d!==d}});z("Array.prototype.includes",function(a){return a?a:function(c,d){var e=this;e instanceof String&&(e=String(e));var f=e.length;d=d\|\|0;for(d<0&&(d=Math.max(d+f,0));d<f;d++){var g=e[d];i

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:53:00 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-28 16:53:00 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=158508 Date: Mon, 28 Oct 2024 16:53:00 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:53:01 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-28 16:53:01 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=158561 Date: Mon, 28 Oct 2024 16:53:01 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-28 16:53:01 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:53:05 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GChDbAwla9978rk&MD=ebZrlMdN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-28 16:53:06 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 21ab72ab-98e3-426a-8203-2c230e95982b MS-RequestId: 385b9b55-b4b6-46bf-8ed5-cbcdd008ce83 MS-CV: hjKnwrhqpk6a5p9k.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 16:53:05 GMT Connection: close Content-Length: 24490
2024-10-28 16:53:06 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-28 16:53:06 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:53:43 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GChDbAwla9978rk&MD=ebZrlMdN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-28 16:53:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 0f9c3c1f-a05a-45a8-8c53-21f8c1e6388a MS-RequestId: 27e9d34f-7216-4040-a051-67587a67c7f9 MS-CV: 4d4SqEDtlkGf1RGs.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 16:53:43 GMT Connection: close Content-Length: 30005
2024-10-28 16:53:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-28 16:53:44 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:11 UTC	3009	OUT	GET /drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8 [TRUNCATED] Host: docs.google.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=xInRmtU10FZP6zXGIqK4QH-X7gyRuM3-_57lzi7sTOO5ToIO5YeUdDU7XH9R-AMOPeHlQRfolRxDGq8ssv3e57Bjyvr5ledNlFJX86Nnoo2lD5Y8TnHBDuxMWoGnJp6P-CiCW-dtJ4s_uYa_e4eYQPGKqoeThKcpL84C3sRy3_zKNjQW7Q
2024-10-28 16:54:11 UTC	2928	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 x-robots-tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 28 Oct 2024 16:54:11 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Content-Security-Policy: base-uri 'self';object-src 'self' blob:;report-uri https://docs.google.com/drawings/cspreport;script-src 'report-sample' 'nonce-fMV42O5hZil-iTd2lbBtAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' reporting-endpoints: default="/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/web-reports?bl=editors.drawings-frontend_20241015.02_p1&clss=1&context=eJwNzHtYzXccB_Bv39_n-6MruUQNyTxiKYXGVI46nW7mMo2vW64d6pjiRAyZ6zxrc31sxTxOKTnktCYhZhlNc4-HFJtrDd1ccuboSe39x-uv98WhxrlLyxRmzyQboEr2PZg6SnbBQbI1jpJZoMhJspzOkr3rJpl3d8nK4JcekpXC4J6S7YJxHpLl9pEs0VOyQG_JXAdL5uOLzE-yDI1kZsiJkOz4JOzBe6pkI0CZJllXqJgu2SO4O1eyZ2AfL5k7vFkgGV8o2SWDZNVQtU6y5zByq2RR0JYpmcseyboVStYfHpyVrAm8LkoWABU38AuaCskmQEaNZIfgWK1k5-EiVMLkNsn0cKdXPbfBhk_qeTrcnfmaPwS3hNe8D9gNeMPtoceTN9wTsv2a-WGomtzMH8Hzjlb-Ci74WfkV2ONv5Y8DrPwF-KZZeSDsXmfl--D-eit_CobTVm6ErYve8R_hn2AbrwVziI0XwtAFNj4K3qXbeDuMuvyeh8GKLi38G8jLauEFoNnbyiNh-M-tPBjGmFp5FLROauMU28bX3Gvjm2A6a-fzwNyrnRfC1ZXt_DYsWNXOk8BvMVMSjExZAqmPmLIW3h-wU4bn2inB4LiVK12hqYwr9xVFeQrmgYpSCJ6xiuINpV8qSjlUbFKUKli4RVGMcLlWUW7BdgdSfu1LSgkEvxxF4XCtLojuwNymIEqEW6-D6B58Yw2iLXB-QjA1ZQTTf5B2NJg2Q6xHCM2AmhEh1AAsM4QcYXb_0bQQ0oeNpl3wU_xo2g8FQkMnwLJNQ8VQ95eG3sDjCg29ANc7Y8gd5vUOJQOUR4XSLXAfG0pe0GIOJX44lGY0htJ8mBIWRrPgZmYYVcOO_D [TRUNCATED] Referrer-Policy: strict-origin-when-cross-origin Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-28 16:54:11 UTC	2928	IN	Data Raw: 37 33 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 66 4d 56 34 32 4f 35 68 5a 69 6c 2d 69 54 64 32 6c 62 42 74 41 51 22 3e 76 61 72 20 44 4f 43 53 5f 74 69 6d 69 6e 67 3d 7b 7d 3b 20 44 4f 43 53 5f 74 69 6d 69 6e 67 5b 27 70 6c 73 27 5d 3d 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 69 67 6e 61 74 75 72 65 20 52 65 71 75 65 73 74 65 64 20 7c 7c 7c 20 53 65 63 75 72 65 20 53 68 61 72 65 64 20 44 6f 63 73 20 56 69 61 20 65 2d 44 6f 63 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: 7345<!DOCTYPE html><html lang="en"><head><script nonce="fMV42O5hZil-iTd2lbBtAQ">var DOCS_timing={}; DOCS_timing['pls']=new Date().getTime();</script><meta property="og:title" content="Signature Requested \|\|\| Secure Shared Docs Via e-Doc"><meta property=
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 72 65 20 53 68 61 72 65 64 20 44 6f 63 73 20 56 69 61 20 65 2d 44 6f 63 20 2d 20 47 6f 6f 67 6c 65 20 44 72 61 77 69 6e 67 73 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 64 72 61 77 69 6e 67 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 35 2e 69 63 6f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 68 72 6f 6d 65 2d 77 65 62 73 74 6f 72 65 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 68 72 6f 6d 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 77 65 62 73 74 6f 72 65 2f 64 65 74 61 69 6c 2f 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 Data Ascii: re Shared Docs Via e-Doc - Google Drawings</title><link rel="shortcut icon" href="https://ssl.gstatic.com/docs/drawings/images/favicon5.ico"><link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/ghbmnnjooekpmoecnnnilnnbdlolhkhi"
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 69 73 70 6c 61 79 22 2c 22 50 54 20 53 61 6e 73 20 4e 61 72 72 6f 77 22 2c 22 4d 75 6c 69 22 2c 22 4d 6f 6e 74 73 65 72 72 61 74 22 2c 22 52 6f 62 6f 74 6f 20 53 6c 61 62 22 2c 22 52 61 6c 65 77 61 79 22 2c 22 4f 70 65 6e 20 53 61 6e 73 22 2c 22 4f 73 77 61 6c 64 22 2c 22 41 6d 61 74 69 63 20 53 43 22 2c 22 53 6f 75 72 63 65 20 53 61 6e 73 20 50 72 6f 22 2c 22 52 6f 62 6f 74 6f 22 2c 22 45 63 6f 6e 6f 6d 69 63 61 22 2c 22 52 65 65 6e 69 65 20 42 65 65 6e 69 65 22 2c 22 53 74 69 6e 74 20 55 6c 74 72 61 20 45 78 70 61 6e 64 65 64 22 2c 22 41 6c 65 67 72 65 79 61 22 2c 22 4d 65 72 72 69 77 65 61 74 68 65 72 22 5d 2c 22 64 6f 63 73 2d 6f 66 66 6c 69 6e 65 2d 74 6f 6f 6d 65 6d 22 3a 30 2c 22 6b 69 78 4f 66 66 6c 69 6e 65 55 72 6c 22 3a 22 2f 64 6f 63 75 6d 65 Data Ascii: isplay","PT Sans Narrow","Muli","Montserrat","Roboto Slab","Raleway","Open Sans","Oswald","Amatic SC","Source Sans Pro","Roboto","Economica","Reenie Beenie","Stint Ultra Expanded","Alegreya","Merriweather"],"docs-offline-toomem":0,"kixOfflineUrl":"/docume
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 34 2c 35 30 31 31 30 32 37 32 2c 35 30 31 31 30 32 38 30 2c 35 30 32 32 31 38 32 30 2c 35 30 32 32 31 38 32 38 2c 35 30 32 35 36 35 30 38 2c 35 30 32 35 36 35 31 36 2c 35 30 32 36 36 32 30 32 2c 35 30 32 36 36 32 31 30 2c 35 30 32 37 33 34 34 38 2c 35 30 32 37 33 34 35 36 2c 35 30 32 39 37 30 33 36 2c 35 30 32 39 37 30 34 34 2c 35 30 32 39 37 34 34 36 2c 35 30 32 39 37 34 35 34 2c 35 30 33 35 39 35 39 38 2c 35 30 33 36 30 39 33 36 2c 35 30 33 36 30 39 34 34 2c 35 30 33 38 39 31 31 30 2c 35 30 33 38 39 31 31 38 2c 35 30 34 33 38 39 30 35 2c 35 30 34 33 39 32 32 30 2c 35 30 34 33 39 32 32 38 2c 35 30 34 39 38 38 32 37 2c 35 30 34 39 38 38 33 35 2c 35 30 35 31 33 31 33 34 2c 35 30 35 32 39 32 34 33 2c 35 30 35 32 39 32 35 31 2c 35 30 35 33 38 36 36 34 2c 35 Data Ascii: 4,50110272,50110280,50221820,50221828,50256508,50256516,50266202,50266210,50273448,50273456,50297036,50297044,50297446,50297454,50359598,50360936,50360944,50389110,50389118,50438905,50439220,50439228,50498827,50498835,50513134,50529243,50529251,50538664,5
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 31 38 34 38 2c 31 30 31 37 39 37 39 34 37 5d 2c 22 63 72 63 22 3a 31 2c 22 63 76 69 22 3a 5b 33 33 30 30 31 30 37 2c 33 33 30 30 31 33 34 2c 33 33 31 33 33 32 31 2c 33 33 32 31 39 31 30 2c 33 33 33 30 31 39 35 2c 33 33 36 31 39 31 30 2c 33 33 36 32 38 32 31 2c 33 33 36 36 36 32 30 2c 33 33 36 38 32 34 39 2c 33 33 36 39 31 35 39 2c 33 33 36 39 33 35 33 2c 33 33 36 39 34 33 36 2c 33 33 36 39 38 30 33 2c 33 33 36 39 38 34 34 2c 33 33 36 39 38 36 36 2c 33 33 37 30 30 32 33 2c 34 35 34 32 34 37 36 31 5d 7d 2c 22 64 6f 63 73 2d 63 63 64 69 6c 22 3a 31 2c 22 64 6f 63 73 2d 65 69 6c 22 3a 31 2c 22 64 6f 63 73 2d 65 63 75 61 63 68 22 3a 30 2c 22 64 6f 63 73 2d 63 63 6c 74 22 3a 39 30 35 2c 22 64 6f 63 73 2d 65 63 63 69 22 3a 31 2c 22 64 6f 63 73 2d 65 73 69 22 3a Data Ascii: 1848,101797947],"crc":1,"cvi":[3300107,3300134,3313321,3321910,3330195,3361910,3362821,3366620,3368249,3369159,3369353,3369436,3369803,3369844,3369866,3370023,45424761]},"docs-ccdil":1,"docs-eil":1,"docs-ecuach":0,"docs-cclt":905,"docs-ecci":1,"docs-esi":
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 31 36 30 36 38 30 38 2c 35 37 35 30 32 33 38 2c 37 31 31 32 30 38 36 38 2c 35 30 35 36 32 39 31 39 2c 37 31 35 39 32 34 37 30 2c 37 31 35 36 31 35 36 31 2c 35 37 31 37 39 31 31 2c 37 31 36 31 36 38 30 33 2c 37 31 36 38 38 39 31 38 2c 34 39 34 32 33 38 37 33 2c 39 35 31 32 35 30 38 35 2c 37 31 39 36 31 31 30 36 2c 34 39 36 32 32 37 32 33 2c 31 30 31 36 31 34 31 39 32 2c 39 39 33 37 35 32 34 38 2c 37 31 31 34 35 34 37 32 2c 34 39 34 39 31 36 31 37 2c 35 37 36 36 37 34 31 2c 31 30 31 34 35 36 34 36 32 2c 39 35 32 33 34 39 33 31 2c 37 31 36 31 36 38 31 33 2c 37 31 32 38 39 30 36 36 2c 34 39 38 32 32 39 34 31 2c 39 34 33 35 33 32 34 38 2c 37 31 30 33 38 33 33 35 2c 35 30 31 30 38 39 39 31 2c 39 35 32 36 36 38 30 30 2c 34 38 39 36 32 37 37 33 2c 39 34 36 32 39 Data Ascii: 1606808,5750238,71120868,50562919,71592470,71561561,5717911,71616803,71688918,49423873,95125085,71961106,49622723,101614192,99375248,71145472,49491617,5766741,101456462,95234931,71616813,71289066,49822941,94353248,71038335,50108991,95266800,48962773,94629
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 48 71 33 6a 6d 56 36 6f 30 57 58 42 51 69 79 7a 69 22 2c 22 50 35 35 76 38 70 34 4c 6b 30 6d 48 71 33 6a 6d 56 36 6f 30 56 6a 67 67 6a 48 4d 56 22 2c 22 36 6e 72 33 31 7a 39 57 76 30 6d 45 52 71 53 47 6b 47 66 30 56 68 75 76 41 58 57 43 22 2c 22 52 4c 48 65 59 4e 6d 34 31 30 6d 45 52 71 53 47 6b 47 66 30 59 38 31 37 45 55 46 4b 22 2c 22 76 6d 78 36 38 58 74 66 4a 30 6d 45 52 71 53 47 6b 47 66 30 52 43 55 42 66 73 51 72 22 2c 22 36 38 37 4a 37 79 44 31 71 30 6d 45 52 71 53 47 6b 47 66 30 52 56 6d 4d 59 48 6f 31 22 2c 22 71 77 68 57 51 79 38 5a 69 30 6d 45 52 71 53 47 6b 47 66 30 57 32 74 64 79 70 55 46 22 2c 22 77 46 38 53 6b 32 34 31 65 30 6d 45 52 71 53 47 6b 47 66 30 59 4e 74 4e 36 67 70 56 22 2c 22 69 6a 55 68 64 78 32 51 4e 30 6d 45 52 71 53 47 6b 47 Data Ascii: Hq3jmV6o0WXBQiyzi","P55v8p4Lk0mHq3jmV6o0VjggjHMV","6nr31z9Wv0mERqSGkGf0VhuvAXWC","RLHeYNm410mERqSGkGf0Y817EUFK","vmx68XtfJ0mERqSGkGf0RCUBfsQr","687J7yD1q0mERqSGkGf0RVmMYHo1","qwhWQy8Zi0mERqSGkGf0W2tdypUF","wF8Sk241e0mERqSGkGf0YNtN6gpV","ijUhdx2QN0mERqSGkG
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e Data Ascii: VenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbN
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 22 2c 22 64 6f 63 73 2d 63 72 70 22 3a 22 2f 64 72 61 77 69 6e 67 73 2f 64 2f 31 4f 37 4c 36 6a 6e 75 6e 70 4b 59 59 52 79 31 5a 58 58 35 44 4e 34 45 4e 65 5a 34 70 78 78 57 46 38 42 47 30 6d 63 44 64 46 69 30 2f 70 72 65 76 69 65 77 22 2c 22 64 6f 63 73 2d 63 72 71 22 3a 22 70 6c 69 5c 75 30 30 33 64 31 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 4f 56 4b 57 57 57 41 67 4f 61 66 6b 45 53 63 55 38 5a 6a 52 73 78 56 65 6e 62 4e 52 55 30 55 6f 72 58 37 4f 4b 6a 4a 61 39 61 43 59 57 47 45 6b 7a 75 Data Ascii: WWAgOafkEScU8ZjRsxVe","docs-crp":"/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview","docs-crq":"pli\u003d1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzu
2024-10-28 16:54:12 UTC	2928	IN	Data Raw: 30 2c 22 64 6f 63 73 2d 6d 65 66 75 22 3a 30 2c 22 64 6f 63 73 2d 69 69 63 70 22 3a 30 2c 22 64 6f 63 73 2d 65 61 65 6c 70 22 3a 30 2c 22 64 6f 63 73 2d 65 64 76 6d 22 3a 30 2c 22 64 6f 63 73 2d 65 6c 70 67 22 3a 30 2c 22 64 6f 63 73 2d 65 6c 70 61 72 22 3a 30 2c 22 64 6f 63 73 2d 61 63 61 70 22 3a 5b 22 64 6f 63 73 2e 73 65 63 75 72 69 74 79 2e 61 63 63 65 73 73 5f 63 61 70 61 62 69 6c 69 74 69 65 73 22 2c 31 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 31 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 30 2c 31 2c 30 5d 2c 22 64 6f 63 73 2d 63 69 22 3a 22 31 4f 37 4c 36 6a 6e 75 6e 70 4b 59 59 52 79 31 5a 58 58 35 44 4e 34 45 4e 65 5a 34 70 78 78 57 46 38 42 47 30 6d 63 44 64 46 69 30 22 2c 22 64 6f 63 73 2d 65 63 Data Ascii: 0,"docs-mefu":0,"docs-iicp":0,"docs-eaelp":0,"docs-edvm":0,"docs-elpg":0,"docs-elpar":0,"docs-acap":["docs.security.access_capabilities",1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"docs-ci":"1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0","docs-ec

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:13 UTC	944	OUT	GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1 Host: lh7-rt.googleusercontent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://docs.google.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://docs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:14 UTC	605	IN	HTTP/1.1 200 OK Content-Type: image/png Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://docs.google.com Timing-Allow-Origin: https://docs.google.com Access-Control-Expose-Headers: Content-Length ETag: "v0" Expires: Tue, 29 Oct 2024 16:54:13 GMT Cache-Control: public, max-age=86400, no-transform Content-Disposition: inline;filename="unnamed.png" X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 16:54:13 GMT Server: fife Content-Length: 91552 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:54:14 UTC	773	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 d2 00 00 05 bc 08 06 00 00 00 ef 86 ac 4d 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 40 42 09 20 20 25 f4 26 88 48 09 20 25 84 16 40 7a b7 11 92 00 a1 c4 18 08 2a 76 64 51 c1 b5 a0 62 01 1b ba 2a a2 d8 69 76 c4 ce a2 d8 fb 62 41 41 59 17 0b 76 e5 4d 0a e8 ba af 7c ef 7c df dc fb df 7f ce fc e7 cc b9 73 cb 00 a0 7e 82 2b 16 e7 a0 1a 00 e4 8a f2 25 31 c1 fe 8c a4 e4 14 06 a9 1b 90 01 02 54 01 03 d0 b8 bc 3c 31 2b 2a 2a 1c 40 1b 3c ff dd de dd 80 be d0 ae 3a c8 b4 fe d9 ff 5f 4d 93 2f c8 e3 01 80 44 41 9c c6 cf e3 e5 42 7c 10 00 bc 8a 27 96 e4 03 40 94 f1 e6 53 f3 c5 32 0c 1b d0 96 c0 04 21 5e 28 c3 19 0a 5c 25 c3 69 0a bc 57 ee 13 17 c3 86 b8 Data Ascii: PNGIHDRM>iCCPICC ProfileHWXS[@B %&H %@zvdQbivbAAYvM\|\|s~+%1T<1+**@<:_M/DAB\|'@S2!^(\%iW
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: 3a a1 93 70 7b 92 b0 48 f2 53 96 63 41 27 d4 0f 52 d6 22 ed c7 5a e0 56 50 d3 15 f7 c7 bd a1 3a 54 c6 75 71 03 e0 80 bb c0 38 2c dc 17 46 76 85 2c 5b 99 b7 ac 2a 8c 9f b4 ff 36 83 1f ee 86 d2 8f ec 44 46 c9 c3 c8 7e 64 9b 9f 47 d2 ec 68 ae 43 2a b2 5a ff 58 1f 45 ae 69 43 f5 66 0f f5 fc 1c 9f fd 43 f5 f9 f0 1c f6 b3 27 b6 10 3b 80 9d c5 4e 62 e7 b1 23 58 03 60 60 c7 b1 46 ac 0d 3b 2a c3 43 ab eb 89 7c 75 0d 46 8b 91 e7 93 0d 75 84 ff 88 37 78 67 65 95 cc 73 aa 75 ea 71 fa a2 e8 cb 17 4c 93 bd a3 01 7b b2 78 ba 44 98 91 99 cf 60 c1 2f 82 80 c1 11 f1 1c 47 30 9c 9d 9c 5d 00 90 7d 5f 14 af af 37 d1 f2 ef 06 a2 db f6 9d 9b ff 07 00 de c7 07 06 06 0e 7f e7 42 8f 03 b0 cf 1d 3e fe 4d df 39 1b 26 fc 74 a8 02 70 ae 89 27 95 14 28 38 5c 76 20 c0 b7 84 3a 7c d2 f4 Data Ascii: :p{HScA'R"ZVP:Tuq8,Fv,[6DF~dGhCZXEiCfC';Nb#X``F;*C\|uFu7xgesuqL{xD`/G0]}_7B>M9&tp'(8\v :\|
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: fa 42 dd 43 67 85 b6 86 a9 85 c5 86 ad 0b 7b 14 6e 17 2e 09 6f 1e 8b 8e 0d 1d bb 62 ec bd 08 cb 08 51 44 43 24 88 e4 44 ae 88 bc 1f 65 1d 35 25 ea 70 34 31 3a 2a ba 32 fa 69 cc a8 98 99 31 67 63 e9 b1 93 62 77 c6 be 8b f3 8f 5b 1a 77 37 de 26 5e 1a df 92 a0 9e 30 3e a1 26 e1 7d 62 40 62 79 62 67 d2 c8 a4 59 49 17 93 0d 92 85 c9 8d 29 a4 94 84 94 6d 29 fd e3 02 c7 ad 1a d7 35 de 75 7c c9 f8 1b 13 ac 27 4c 9b 70 7e a2 c1 c4 9c 89 47 27 a9 4f e2 4e 3a 90 4a 48 4d 4c dd 99 fa 85 1b c9 ad e6 f6 a7 71 d2 aa d2 fa 78 6c de 6a de 0b be 1f 7f 25 bf 47 e0 2d 28 17 3c 4b f7 4e 2f 4f ef ce f0 ce 58 91 d1 93 e9 9b 59 91 d9 2b 64 0b d7 09 5f 65 85 64 6d cc 7a 9f 1d 99 bd 3d 7b 20 27 31 67 4f ae 4a 6e 6a 6e 93 48 4b 94 2d 6a 9d 6c 3c 79 da e4 0e b1 bd b8 44 dc 39 c5 73 Data Ascii: BCg{n.obQDC$De5%p41:*2i1gcbw[w7&^0>&}b@bybgYI)m)5u\|'Lp~G'ON:JHMLqxlj%G-(<KN/OXY+d_edmz={ '1gOJnjnHK-jl<yD9s
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 65 78 69 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 65 78 69 66 2f 31 2e 30 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 31 34 36 38 3c 2f 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 31 32 33 34 3c 2f 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 53 63 72 65 65 6e 73 68 6f 74 3c 2f 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 0a 20 20 20 20 20 20 Data Ascii: tion rdf:about="" xmlns:exif="http://ns.adobe.com/exif/1.0/"> <exif:PixelYDimension>1468</exif:PixelYDimension> <exif:PixelXDimension>1234</exif:PixelXDimension> <exif:UserComment>Screenshot</exif:UserComment>
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: 3f ff f9 cf 4b b7 d2 3f 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 81 1e 0b 5c e9 4a 57 5a f7 da a7 5c b5 53 90 b6 ee 3a 68 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 60 8e 02 82 b4 39 e2 6a 9a 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 60 79 04 04 69 cb 53 4b 6b 42 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 30 47 01 41 da 1c 71 35 4d 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 b0 3c 02 82 b4 e5 a9 a5 35 21 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 98 a3 80 20 6d 8e b8 9a 26 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 Data Ascii: ?K? @ @\JWZ\S:h @ @`9j @ @`yiSKkB @ 0GAq5M @ <5!@ @ m&@ @XA @ @Q@6G\M @ @, myji
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: 01 02 04 08 10 20 30 47 01 41 da 1c 71 35 4d 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 b0 3c 02 82 b4 e5 a9 a5 35 21 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 98 a3 80 20 6d 8e b8 9a 26 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 4d 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 e6 28 20 48 9b 23 ae a6 09 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 96 47 40 90 b6 3c b5 b4 26 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 73 14 10 a4 cd 11 57 d3 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 cb 23 20 48 5b 9e 5a 5a 13 02 04 Data Ascii: 0GAq5M @ <5!@ @ m&@ @XA @ @Q@6G\M @ @, myjiM @ @( H# @ @G@<& @ @sW @ @# H[ZZ
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: 5b dc a2 39 6b 18 ac cd f2 ba 91 3f f2 60 28 10 bf d2 7f fa d3 9f 1e d1 d8 67 9f 7d aa df f9 9d df 19 99 b7 9a 07 fb ed b7 5f 15 bf 8a 37 a7 2f 7e f1 8b c3 3d 01 9a f3 fa 70 3f f6 88 b8 d9 cd 6e 36 b2 aa bb ec b2 4b 75 f2 c9 27 8f cc f3 60 73 0a 7c e8 43 1f aa e2 4b 7d 73 ba e6 35 af 59 7d ed 6b 5f 6b ce 9a f9 7e 76 7b 33 2f 78 c6 17 66 f6 6f 1e ef 3d 33 ae 86 97 6d b0 40 6c df fd e3 3f fe 63 da 52 1f f7 b8 c7 55 2f 79 c9 4b 46 da 8b 1f 6f 8e 3c f2 c8 ea ad 6f 7d 6b 15 7b 3e cd 3a ed b4 d3 4e 55 fc 30 fc a4 27 3d a9 da 6e bb ed 66 fd b3 89 af 7b ca 53 9e 52 c5 8f 47 6b 99 62 db f9 fe f7 bf 7f f5 ac 67 3d ab 8a cf d2 69 53 09 eb 3d eb b6 5a ec 0d f8 b3 9f fd 6c 64 95 8e 39 e6 98 a9 3f be 8f fc c1 2a 1e 78 8f 59 05 96 97 f6 5e 40 90 d6 fb 21 00 60 23 05 c6 Data Ascii: [9k?`(g}_7/~=p?n6Ku'`s\|CK}s5Y}k_k~v{3/xfo=3m@l?cRU/yKFo<o}k{>:NU0'=nf{SRGkbg=iS=Zld9?*xY^@!`#
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: fa d2 97 aa f8 2f 96 1f bf 44 47 fd 6e 7f fb db 0f af a0 36 ad ed a8 43 9c c7 26 f6 2c 38 fe f8 e3 ab 08 aa e2 2a 60 71 3e 99 a8 c1 41 07 1d b4 75 0f 84 49 6d c5 c9 a8 e3 17 fd 4f 7d ea 53 c3 b1 fc bd ef 7d 6f f8 ef 28 be 44 d5 ed c4 5e 0f 31 4e d7 33 4d 0a d2 e2 fc 36 71 15 da 7f fb b7 7f 1b 5e 9d 76 c7 1d 77 ac 7e f3 37 7f 73 f8 df ef ff fe ef 57 d7 be f6 b5 67 5a f4 7a c7 55 73 21 eb 69 2b 73 7c 36 fb b4 9a fb 59 e3 a3 5e 66 ec bd f2 99 cf 7c 66 b8 17 4b d8 c4 fb 46 7c 21 8e ff e2 f3 2d ae be ba 9a 8b 0d 64 b7 17 fd 5c 4f cd ea f5 ac 6f e7 d1 bf ba ed fa 36 e3 bd 27 eb 33 a6 ee 53 d7 6d 5c 59 bc 7d d5 e8 dd 77 df bd 8a 13 dd 8f 9b 5e f3 9a d7 54 f1 79 d3 9c e2 df 72 9c 7f ab 3d ad 77 1d e2 82 2e 6f 78 c3 1b 46 ae 4c 19 9f 5f b1 77 d6 ce 3b ef dc 5e dc Data Ascii: /DGn6C&,8*`q>AuImO}S}o(D^1N3M6q^vw~7sWgZzUs!i+s\|6Y^f\|fKF\|!-d\Oo6'3Sm\Y}w^Tyr=w.oxFL_w;^
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: e3 ce 29 d6 7c 4d 7d 3f f6 dc 8f cf ec f6 9e 87 f1 43 5b fc 08 d0 dc 46 ac ff 66 96 db b5 06 69 d1 76 9c 9f ed 7d ef 7b df 8a c5 c4 76 70 fc c8 59 e2 7a 4f db 06 ab 57 66 96 20 2d e3 33 7a 3d ef 31 75 5f dd 12 e8 9b 80 20 ad 6f 15 b7 be 0b 15 e8 0a d2 22 44 89 3d bd e2 b0 ab e6 14 bb de c7 a1 81 f5 34 6b 90 16 bf 14 46 c8 b2 da 29 da 7f ce 73 9e 33 fc b3 d8 8b 28 f6 aa 69 4f 31 3f f6 5a 89 29 0e b1 38 e0 80 03 46 0e 91 a8 5f 1f 87 4e dc ff fe f7 af 1f 76 fe 12 18 cb 8a 65 ae 66 ca 58 b7 58 5e d7 97 d7 d5 f4 23 0e 7f b8 c3 1d ee b0 f5 4f ba 82 b4 ad 4f b6 ee 34 83 b4 08 9b 62 ef bf d8 c8 5b ed 14 1b c3 71 88 61 9c 57 af 39 cd ba 71 36 ed 75 e3 82 b4 e6 b2 32 ee c7 1e 46 ed c3 32 b2 ea 1c fd cb ac f5 3c 37 34 d7 db cf e6 bf cd 58 ef d8 13 35 ce 77 13 1b d8 Data Ascii: )\|M}?C[Ffiv}{vpYzOWf -3z=1u_ o"D=4kF)s3(iO1?Z)8F_NvefXX^#OO4b[qaW9q6u2F2<74X5w
2024-10-28 16:54:14 UTC	1378	IN	Data Raw: b6 c6 d5 7d ad ef 45 c3 95 9d e1 ff b2 c6 47 2c 2a c6 68 1c 4e db 9e 62 8f c8 08 33 eb f7 a7 b8 30 49 9c 00 bc bd f7 75 fc 5d 33 48 cb 6e 2f da cf ac d9 3c fa 17 7d 9c 65 5a cd 7b cf bc 3e 63 a6 f5 33 7e 5c 89 1f 82 da 53 84 19 71 41 9a 7a ea da ab 2a 3e 57 e2 3d 2e 3e 37 63 ca 5e 87 8d 0e d2 c6 7d fe d7 06 6b bd ed b2 8b b6 a6 9d 23 2d 4e 05 d2 3e 1d 48 fc dd b8 73 d8 c5 73 5d 53 d7 38 8c d7 b5 43 d0 ae bf 1d 37 af 6b fb 60 dc 55 3b db 6d c4 21 9c 5d e7 5b 7d e1 0b 5f 58 3d e9 49 4f 1a ae 73 69 eb 3d 6d 1b ac 5e c7 69 41 5a f6 67 74 57 6d 67 ad 43 dd 67 b7 04 fa 22 20 48 eb 4b a5 ad 67 11 02 93 82 b4 f8 22 1a 5f 3c 9a 5f 90 63 ef b0 b8 ea 61 fc 6a 3b 4b 90 16 bb d4 b7 f7 5c 8a 90 ae 7d 0e 92 c0 88 2f 3e f1 85 a0 39 35 4f 92 1e 27 3a 8f 0d 9b e6 14 5f 4a Data Ascii: }EG,hNb30Iu]3Hn/<}eZ{>c3~\SqAz>W=.>7c^}k#-N>Hss]S8C7k`U;m!][}_X=IOsi=m^iAZgtWmgCg" HKg"_<_caj;K\}/>95O':_J

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:15 UTC	619	OUT	GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1 Host: lh7-rt.googleusercontent.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:16 UTC	521	IN	HTTP/1.1 200 OK Content-Type: image/png Vary: Origin Access-Control-Allow-Origin: * Timing-Allow-Origin: * Access-Control-Expose-Headers: Content-Length ETag: "v0" Expires: Tue, 29 Oct 2024 16:54:15 GMT Cache-Control: public, max-age=86400, no-transform Content-Disposition: inline;filename="unnamed.png" X-Content-Type-Options: nosniff Date: Mon, 28 Oct 2024 16:54:15 GMT Server: fife Content-Length: 91552 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:54:16 UTC	857	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 d2 00 00 05 bc 08 06 00 00 00 ef 86 ac 4d 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 40 42 09 20 20 25 f4 26 88 48 09 20 25 84 16 40 7a b7 11 92 00 a1 c4 18 08 2a 76 64 51 c1 b5 a0 62 01 1b ba 2a a2 d8 69 76 c4 ce a2 d8 fb 62 41 41 59 17 0b 76 e5 4d 0a e8 ba af 7c ef 7c df dc fb df 7f ce fc e7 cc b9 73 cb 00 a0 7e 82 2b 16 e7 a0 1a 00 e4 8a f2 25 31 c1 fe 8c a4 e4 14 06 a9 1b 90 01 02 54 01 03 d0 b8 bc 3c 31 2b 2a 2a 1c 40 1b 3c ff dd de dd 80 be d0 ae 3a c8 b4 fe d9 ff 5f 4d 93 2f c8 e3 01 80 44 41 9c c6 cf e3 e5 42 7c 10 00 bc 8a 27 96 e4 03 40 94 f1 e6 53 f3 c5 32 0c 1b d0 96 c0 04 21 5e 28 c3 19 0a 5c 25 c3 69 0a bc 57 ee 13 17 c3 86 b8 Data Ascii: PNGIHDRM>iCCPICC ProfileHWXS[@B %&H %@zvdQbivbAAYvM\|\|s~+%1T<1+**@<:_M/DAB\|'@S2!^(\%iW
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: ff 58 1f 45 ae 69 43 f5 66 0f f5 fc 1c 9f fd 43 f5 f9 f0 1c f6 b3 27 b6 10 3b 80 9d c5 4e 62 e7 b1 23 58 03 60 60 c7 b1 46 ac 0d 3b 2a c3 43 ab eb 89 7c 75 0d 46 8b 91 e7 93 0d 75 84 ff 88 37 78 67 65 95 cc 73 aa 75 ea 71 fa a2 e8 cb 17 4c 93 bd a3 01 7b b2 78 ba 44 98 91 99 cf 60 c1 2f 82 80 c1 11 f1 1c 47 30 9c 9d 9c 5d 00 90 7d 5f 14 af af 37 d1 f2 ef 06 a2 db f6 9d 9b ff 07 00 de c7 07 06 06 0e 7f e7 42 8f 03 b0 cf 1d 3e fe 4d df 39 1b 26 fc 74 a8 02 70 ae 89 27 95 14 28 38 5c 76 20 c0 b7 84 3a 7c d2 f4 81 31 30 07 36 70 3e ce c0 0d 78 01 3f 10 08 42 41 24 88 03 c9 60 22 cc 3e 13 ae 73 09 98 0a 66 82 79 a0 04 94 81 65 60 15 58 07 36 82 2d 60 07 d8 0d f6 83 06 70 04 9c 04 67 c0 45 70 19 5c 07 77 e1 ea e9 02 2f 40 1f 78 07 3e 23 08 42 42 a8 08 1d d1 47 Data Ascii: XEiCfC';Nb#X``F;*C\|uFu7xgesuqL{xD`/G0]}_7B>M9&tp'(8\v :\|106p>x?BA$`">sfye`X6-`pgEp\w/@x>#BBG
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 92 a0 9e 30 3e a1 26 e1 7d 62 40 62 79 62 67 d2 c8 a4 59 49 17 93 0d 92 85 c9 8d 29 a4 94 84 94 6d 29 fd e3 02 c7 ad 1a d7 35 de 75 7c c9 f8 1b 13 ac 27 4c 9b 70 7e a2 c1 c4 9c 89 47 27 a9 4f e2 4e 3a 90 4a 48 4d 4c dd 99 fa 85 1b c9 ad e6 f6 a7 71 d2 aa d2 fa 78 6c de 6a de 0b be 1f 7f 25 bf 47 e0 2d 28 17 3c 4b f7 4e 2f 4f ef ce f0 ce 58 91 d1 93 e9 9b 59 91 d9 2b 64 0b d7 09 5f 65 85 64 6d cc 7a 9f 1d 99 bd 3d 7b 20 27 31 67 4f ae 4a 6e 6a 6e 93 48 4b 94 2d 6a 9d 6c 3c 79 da e4 0e b1 bd b8 44 dc 39 c5 73 ca aa 29 7d 92 30 c9 b6 3c 24 6f 42 5e 63 be 36 fc 91 6f 93 da 48 7f 91 3e 2c f0 29 a8 2c f8 30 35 61 ea 81 69 9a d3 44 d3 da a6 db 4d 5f 34 fd 59 61 50 e1 6f 33 f0 19 bc 19 2d 33 4d 67 ce 9b f9 70 16 6b d6 e6 d9 c8 ec b4 d9 2d 73 cc e7 14 cf e9 9a 1b Data Ascii: 0>&}b@bybgYI)m)5u\|'Lp~G'ON:JHMLqxlj%G-(<KN/OXY+d_edmz={ '1gOJnjnHK-jl<yD9s)}0<$oB^c6oH>,),05aiDM_4YaPo3-3Mgpk-s
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 31 34 36 38 3c 2f 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 31 32 33 34 3c 2f 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 53 63 72 65 65 6e 73 68 6f 74 3c 2f 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 0a 20 20 20 20 20 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 20 20 20 3c 2f 72 64 66 3a 52 44 46 3e 0a 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 0a 33 da 9e 10 00 00 00 1c 69 44 4f 54 00 00 00 02 00 00 00 00 00 00 02 de 00 00 00 28 00 00 02 de 00 00 02 de 00 01 Data Ascii: exif:PixelYDimension>1468</exif:PixelYDimension> <exif:PixelXDimension>1234</exif:PixelXDimension> <exif:UserComment>Screenshot</exif:UserComment> </rdf:Description> </rdf:RDF></x:xmpmeta>3iDOT(
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 08 10 20 40 60 79 04 04 69 cb 53 4b 6b 42 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 30 47 01 41 da 1c 71 35 4d 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 b0 3c 02 82 b4 e5 a9 a5 35 21 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 98 a3 80 20 6d 8e b8 9a 26 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 4d 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 e6 28 20 48 9b 23 ae a6 09 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 96 47 40 90 b6 3c b5 b4 26 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 73 14 10 a4 cd 11 57 d3 04 08 10 20 Data Ascii: @`yiSKkB @ 0GAq5M @ <5!@ @ m&@ @XA @ @Q@6G\M @ @, myjiM @ @( H# @ @G@<& @ @sW
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 4d 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 e6 28 20 48 9b 23 ae a6 09 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 96 47 40 90 b6 3c b5 b4 26 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 73 14 10 a4 cd 11 57 d3 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 cb 23 20 48 5b 9e 5a 5a 13 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 81 39 0a 08 d2 e6 88 ab 69 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 81 e5 11 10 a4 2d 4f 2d ad 09 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 c0 1c 05 04 69 73 c4 d5 34 01 02 04 08 10 20 40 Data Ascii: XA @ @Q@6G\M @ @, myjiM @ @( H# @ @G@<& @ @sW @ @# H[ZZ @ @9i @ @-O- @ @is4 @
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 43 1f aa e2 4b 7d 73 ba e6 35 af 59 7d ed 6b 5f 6b ce 9a f9 7e 76 7b 33 2f 78 c6 17 66 f6 6f 1e ef 3d 33 ae 86 97 6d b0 40 6c df fd e3 3f fe 63 da 52 1f f7 b8 c7 55 2f 79 c9 4b 46 da 8b 1f 6f 8e 3c f2 c8 ea ad 6f 7d 6b 15 7b 3e cd 3a ed b4 d3 4e 55 fc 30 fc a4 27 3d a9 da 6e bb ed 66 fd b3 89 af 7b ca 53 9e 52 c5 8f 47 6b 99 62 db f9 fe f7 bf 7f f5 ac 67 3d ab 8a cf d2 69 53 09 eb 3d eb b6 5a ec 0d f8 b3 9f fd 6c 64 95 8e 39 e6 98 a9 3f be 8f fc c1 2a 1e 78 8f 59 05 96 97 f6 5e 40 90 d6 fb 21 00 60 23 05 c6 05 69 d1 87 f8 85 ef 51 8f 7a d4 d8 ee 08 d2 c6 d2 78 a2 21 30 eb c6 d9 ac af 6b 34 ed ee af 04 62 2f 81 87 3d ec 61 23 1e b7 ba d5 ad d6 b5 f7 80 20 ed 72 4e 41 da e5 16 cb 78 2f 33 58 0a 9f ec f6 b2 cd 33 fb 37 8f f7 9e ec f5 d5 5e 8e c0 bc 83 b4 08 Data Ascii: CK}s5Y}k_k~v{3/xfo=3m@l?cRU/yKFo<o}k{>:NU0'=nf{SRGkbg=iS=Zld9?*xY^@!`#iQzx!0k4b/=a# rNAx/3X37^
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 4d 0a d2 e2 fc 36 71 15 da 7f fb b7 7f 1b 5e 9d 76 c7 1d 77 ac 7e f3 37 7f 73 f8 df ef ff fe ef 57 d7 be f6 b5 67 5a f4 7a c7 55 73 21 eb 69 2b 73 7c 36 fb b4 9a fb 59 e3 a3 5e 66 ec bd f2 99 cf 7c 66 b8 17 4b d8 c4 fb 46 7c 21 8e ff e2 f3 2d ae be ba 9a 8b 0d 64 b7 17 fd 5c 4f cd ea f5 ac 6f e7 d1 bf ba ed fa 36 e3 bd 27 eb 33 a6 ee 53 d7 6d 5c 59 bc 7d d5 e8 dd 77 df bd 8a 13 dd 8f 9b 5e f3 9a d7 54 f1 79 d3 9c e2 df 72 9c 7f ab 3d ad 77 1d e2 82 2e 6f 78 c3 1b 46 ae 4c 19 9f 5f b1 77 d6 ce 3b ef dc 5e dc 70 1c c7 45 5f 9a 53 f4 2b fa 57 4f 19 9f ff 75 5b b3 de ae 27 48 7b d1 8b 5e 54 bd f2 95 af 5c b1 a8 58 a7 d8 06 99 74 f1 80 f8 fc 89 2b cc 47 28 d5 9e 62 1b 28 de ff d7 3a ad 26 48 ab 97 11 f6 71 d1 83 08 ff da d3 03 1e f0 80 ea f5 af 7f fd d6 d9 a5 Data Ascii: M6q^vw~7sWgZzUs!i+s\|6Y^f\|fKF\|!-d\Oo6'3Sm\Y}w^Tyr=w.oxFL_w;^pE_S+WOu['H{^T\Xt+G(b(:&Hq
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 22 44 89 3d bd e2 b0 ab e6 14 bb de c7 a1 81 f5 34 6b 90 16 bf 14 46 c8 b2 da 29 da 7f ce 73 9e 33 fc b3 d8 8b 28 f6 aa 69 4f 31 3f f6 5a 89 29 0e b1 38 e0 80 03 46 0e 91 a8 5f 1f 87 4e dc ff fe f7 af 1f 76 fe 12 18 cb 8a 65 ae 66 ca 58 b7 58 5e d7 97 d7 d5 f4 23 0e 7f b8 c3 1d ee b0 f5 4f ba 82 b4 ad 4f b6 ee 34 83 b4 08 9b 62 ef bf d8 c8 5b ed 14 1b c3 71 88 61 9c 57 af 39 cd ba 71 36 ed 75 e3 82 b4 e6 b2 32 ee c7 1e 46 ed c3 32 b2 ea 1c fd cb ac f5 3c 37 34 d7 db cf e6 bf cd 58 ef d8 13 35 ce 77 13 1b d8 ab 9d e2 30 e6 d8 5b 30 a6 08 0c 22 44 8b 3d 47 56 3b c5 e1 27 b1 f7 e4 6a a7 71 41 da ac ed c4 17 b9 d8 1b b4 bd 77 45 e6 b8 ca 6a 6b bd 75 6f bf 17 cd 6a 94 35 3e ea e5 c5 bf e1 a7 3f fd e9 f5 c3 55 df b6 83 b4 ec f6 a2 43 59 35 8b b6 e6 d1 bf 68 77 Data Ascii: "D=4kF)s3(iO1?Z)8F_NvefXX^#OO4b[qaW9q6u2F2<74X5w0[0"D=GV;'jqAwEjkuoj5>?UCY5hw
2024-10-28 16:54:16 UTC	1378	IN	Data Raw: 3e 57 e2 3d 2e 3e 37 63 ca 5e 87 8d 0e d2 c6 7d fe d7 06 6b bd ed b2 8b b6 a6 9d 23 2d 4e 05 d2 3e 1d 48 fc dd b8 73 d8 c5 73 5d 53 d7 38 8c d7 b5 43 d0 ae bf 1d 37 af 6b fb 60 dc 55 3b db 6d c4 21 9c 5d e7 5b 7d e1 0b 5f 58 3d e9 49 4f 1a ae 73 69 eb 3d 6d 1b ac 5e c7 69 41 5a f6 67 74 57 6d 67 ad 43 dd 67 b7 04 fa 22 20 48 eb 4b a5 ad 67 11 02 93 82 b4 f8 22 1a 5f 3c 9a 5f 90 63 ef b0 b8 ea 61 fc 6a 3b 4b 90 16 bb d4 b7 f7 5c 8a 90 ae 7d 0e 92 c0 88 2f 3e f1 85 a0 39 35 4f 92 1e 27 3a 8f 0d 9b e6 14 5f 4a eb 73 7e c5 79 b0 22 50 e9 9a a2 df f1 a5 29 f6 1c 89 ab 78 c5 86 4c 73 8a bd da 62 ef b6 d5 4c 99 eb d6 f5 e5 35 c2 a0 ae 43 62 bb 02 ce 66 50 18 eb 30 2e 48 8b bd 30 e2 8a 4b f1 25 ae 3d 3d f9 c9 4f 1e 9e 97 ae 39 3f f6 3e 8c 0d c2 fa 8b 67 f3 b9 f8 Data Ascii: >W=.>7c^}k#-N>Hss]S8C7k`U;m!][}_X=IOsi=m^iAZgtWmgCg" HKg"_<_caj;K\}/>95O':_Js~y"P)xLsbL5CbfP0.H0K%==O9?>g

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:17 UTC	377	OUT	GET /drawingsz/AHiSRb301hXi5CbmGn9gExOeAeggPFGgQzgrkwWCixNIypjlI1avT66M3dJC50fo8zBm9U2KdVh8V2B48stZkb8xThbiw7qy2PjbNoJreurY1LfBQPUIhrJ-j1W9-GNN0jHweU4?key=XkQBqeFgsA29UZRqAjsaDM2V HTTP/1.1 Accept: / User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35 Safari/537.36 Host: lh7-rt.googleusercontent.com Connection: Keep-Alive
2024-10-28 16:54:18 UTC	529	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Timing-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Content-Disposition: inline;filename="unnamed.png" X-Content-Type-Options: nosniff Server: fife Content-Length: 91552 X-XSS-Protection: 0 Date: Mon, 28 Oct 2024 16:54:15 GMT Expires: Tue, 29 Oct 2024 16:54:15 GMT Cache-Control: public, max-age=86400, no-transform ETag: "v0" Content-Type: image/png Vary: Origin Age: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-28 16:54:18 UTC	849	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 d2 00 00 05 bc 08 06 00 00 00 ef 86 ac 4d 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 40 42 09 20 20 25 f4 26 88 48 09 20 25 84 16 40 7a b7 11 92 00 a1 c4 18 08 2a 76 64 51 c1 b5 a0 62 01 1b ba 2a a2 d8 69 76 c4 ce a2 d8 fb 62 41 41 59 17 0b 76 e5 4d 0a e8 ba af 7c ef 7c df dc fb df 7f ce fc e7 cc b9 73 cb 00 a0 7e 82 2b 16 e7 a0 1a 00 e4 8a f2 25 31 c1 fe 8c a4 e4 14 06 a9 1b 90 01 02 54 01 03 d0 b8 bc 3c 31 2b 2a 2a 1c 40 1b 3c ff dd de dd 80 be d0 ae 3a c8 b4 fe d9 ff 5f 4d 93 2f c8 e3 01 80 44 41 9c c6 cf e3 e5 42 7c 10 00 bc 8a 27 96 e4 03 40 94 f1 e6 53 f3 c5 32 0c 1b d0 96 c0 04 21 5e 28 c3 19 0a 5c 25 c3 69 0a bc 57 ee 13 17 c3 86 b8 Data Ascii: PNGIHDRM>iCCPICC ProfileHWXS[@B %&H %@zvdQbivbAAYvM\|\|s~+%1T<1+**@<:_M/DAB\|'@S2!^(\%iW
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: d2 ec 68 ae 43 2a b2 5a ff 58 1f 45 ae 69 43 f5 66 0f f5 fc 1c 9f fd 43 f5 f9 f0 1c f6 b3 27 b6 10 3b 80 9d c5 4e 62 e7 b1 23 58 03 60 60 c7 b1 46 ac 0d 3b 2a c3 43 ab eb 89 7c 75 0d 46 8b 91 e7 93 0d 75 84 ff 88 37 78 67 65 95 cc 73 aa 75 ea 71 fa a2 e8 cb 17 4c 93 bd a3 01 7b b2 78 ba 44 98 91 99 cf 60 c1 2f 82 80 c1 11 f1 1c 47 30 9c 9d 9c 5d 00 90 7d 5f 14 af af 37 d1 f2 ef 06 a2 db f6 9d 9b ff 07 00 de c7 07 06 06 0e 7f e7 42 8f 03 b0 cf 1d 3e fe 4d df 39 1b 26 fc 74 a8 02 70 ae 89 27 95 14 28 38 5c 76 20 c0 b7 84 3a 7c d2 f4 81 31 30 07 36 70 3e ce c0 0d 78 01 3f 10 08 42 41 24 88 03 c9 60 22 cc 3e 13 ae 73 09 98 0a 66 82 79 a0 04 94 81 65 60 15 58 07 36 82 2d 60 07 d8 0d f6 83 06 70 04 9c 04 67 c0 45 70 19 5c 07 77 e1 ea e9 02 2f 40 1f 78 07 3e 23 Data Ascii: hCZXEiCfC';Nb#X``F;C\|uFu7xgesuqL{xD`/G0]}_7B>M9&tp'(8\v :\|106p>x?BA$`">sfye`X6-`pgEp\w/@x>#
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 1a 77 37 de 26 5e 1a df 92 a0 9e 30 3e a1 26 e1 7d 62 40 62 79 62 67 d2 c8 a4 59 49 17 93 0d 92 85 c9 8d 29 a4 94 84 94 6d 29 fd e3 02 c7 ad 1a d7 35 de 75 7c c9 f8 1b 13 ac 27 4c 9b 70 7e a2 c1 c4 9c 89 47 27 a9 4f e2 4e 3a 90 4a 48 4d 4c dd 99 fa 85 1b c9 ad e6 f6 a7 71 d2 aa d2 fa 78 6c de 6a de 0b be 1f 7f 25 bf 47 e0 2d 28 17 3c 4b f7 4e 2f 4f ef ce f0 ce 58 91 d1 93 e9 9b 59 91 d9 2b 64 0b d7 09 5f 65 85 64 6d cc 7a 9f 1d 99 bd 3d 7b 20 27 31 67 4f ae 4a 6e 6a 6e 93 48 4b 94 2d 6a 9d 6c 3c 79 da e4 0e b1 bd b8 44 dc 39 c5 73 ca aa 29 7d 92 30 c9 b6 3c 24 6f 42 5e 63 be 36 fc 91 6f 93 da 48 7f 91 3e 2c f0 29 a8 2c f8 30 35 61 ea 81 69 9a d3 44 d3 da a6 db 4d 5f 34 fd 59 61 50 e1 6f 33 f0 19 bc 19 2d 33 4d 67 ce 9b f9 70 16 6b d6 e6 d9 c8 ec b4 d9 2d Data Ascii: w7&^0>&}b@bybgYI)m)5u\|'Lp~G'ON:JHMLqxlj%G-(<KN/OXY+d_edmz={ '1gOJnjnHK-jl<yD9s)}0<$oB^c6oH>,),05aiDM_4YaPo3-3Mgpk-
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 20 20 20 20 20 20 20 3c 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 31 34 36 38 3c 2f 65 78 69 66 3a 50 69 78 65 6c 59 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 31 32 33 34 3c 2f 65 78 69 66 3a 50 69 78 65 6c 58 44 69 6d 65 6e 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 53 63 72 65 65 6e 73 68 6f 74 3c 2f 65 78 69 66 3a 55 73 65 72 43 6f 6d 6d 65 6e 74 3e 0a 20 20 20 20 20 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 20 20 20 3c 2f 72 64 66 3a 52 44 46 3e 0a 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 0a 33 da 9e 10 00 00 00 1c 69 44 4f 54 00 00 00 02 00 00 00 00 00 00 02 de 00 00 00 28 00 00 Data Ascii: <exif:PixelYDimension>1468</exif:PixelYDimension> <exif:PixelXDimension>1234</exif:PixelXDimension> <exif:UserComment>Screenshot</exif:UserComment> </rdf:Description> </rdf:RDF></x:xmpmeta>3iDOT(
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 10 20 40 80 00 01 02 04 08 10 20 40 60 79 04 04 69 cb 53 4b 6b 42 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 30 47 01 41 da 1c 71 35 4d 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 b0 3c 02 82 b4 e5 a9 a5 35 21 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 98 a3 80 20 6d 8e b8 9a 26 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 4d 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 e6 28 20 48 9b 23 ae a6 09 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 96 47 40 90 b6 3c b5 b4 26 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 73 14 10 a4 Data Ascii: @ @`yiSKkB @ 0GAq5M @ <5!@ @ m&@ @XA @ @Q@6G\M @ @, myjiM @ @( H# @ @G@<& @ @s
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 20 40 80 00 01 02 04 08 10 58 1e 01 41 da f2 d4 d2 9a 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 cc 51 40 90 36 47 5c 4d 13 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 08 2c 8f 80 20 6d 79 6a 69 4d 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 e6 28 20 48 9b 23 ae a6 09 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 04 96 47 40 90 b6 3c b5 b4 26 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 73 14 10 a4 cd 11 57 d3 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 01 02 cb 23 20 48 5b 9e 5a 5a 13 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 81 39 0a 08 d2 e6 88 ab 69 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 00 81 e5 11 10 a4 2d 4f 2d ad 09 01 02 04 08 10 20 40 80 00 01 02 04 08 10 20 40 80 c0 1c 05 04 69 73 c4 d5 Data Ascii: @XA @ @Q@6G\M @ @, myjiM @ @( H# @ @G@<& @ @sW @ @# H[ZZ @ @9i @ @-O- @ @is
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 8f cc f3 60 73 0a 7c e8 43 1f aa e2 4b 7d 73 ba e6 35 af 59 7d ed 6b 5f 6b ce 9a f9 7e 76 7b 33 2f 78 c6 17 66 f6 6f 1e ef 3d 33 ae 86 97 6d b0 40 6c df fd e3 3f fe 63 da 52 1f f7 b8 c7 55 2f 79 c9 4b 46 da 8b 1f 6f 8e 3c f2 c8 ea ad 6f 7d 6b 15 7b 3e cd 3a ed b4 d3 4e 55 fc 30 fc a4 27 3d a9 da 6e bb ed 66 fd b3 89 af 7b ca 53 9e 52 c5 8f 47 6b 99 62 db f9 fe f7 bf 7f f5 ac 67 3d ab 8a cf d2 69 53 09 eb 3d eb b6 5a ec 0d f8 b3 9f fd 6c 64 95 8e 39 e6 98 a9 3f be 8f fc c1 2a 1e 78 8f 59 05 96 97 f6 5e 40 90 d6 fb 21 00 60 23 05 c6 05 69 d1 87 f8 85 ef 51 8f 7a d4 d8 ee 08 d2 c6 d2 78 a2 21 30 eb c6 d9 ac af 6b 34 ed ee af 04 62 2f 81 87 3d ec 61 23 1e b7 ba d5 ad d6 b5 f7 80 20 ed 72 4e 41 da e5 16 cb 78 2f 33 58 0a 9f ec f6 b2 cd 33 fb 37 8f f7 9e ec f5 Data Ascii: `s\|CK}s5Y}k_k~v{3/xfo=3m@l?cRU/yKFo<o}k{>:NU0'=nf{SRGkbg=iS=Zld9?*xY^@!`#iQzx!0k4b/=a# rNAx/3X37
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: ed c4 5e 0f 31 4e d7 33 4d 0a d2 e2 fc 36 71 15 da 7f fb b7 7f 1b 5e 9d 76 c7 1d 77 ac 7e f3 37 7f 73 f8 df ef ff fe ef 57 d7 be f6 b5 67 5a f4 7a c7 55 73 21 eb 69 2b 73 7c 36 fb b4 9a fb 59 e3 a3 5e 66 ec bd f2 99 cf 7c 66 b8 17 4b d8 c4 fb 46 7c 21 8e ff e2 f3 2d ae be ba 9a 8b 0d 64 b7 17 fd 5c 4f cd ea f5 ac 6f e7 d1 bf ba ed fa 36 e3 bd 27 eb 33 a6 ee 53 d7 6d 5c 59 bc 7d d5 e8 dd 77 df bd 8a 13 dd 8f 9b 5e f3 9a d7 54 f1 79 d3 9c e2 df 72 9c 7f ab 3d ad 77 1d e2 82 2e 6f 78 c3 1b 46 ae 4c 19 9f 5f b1 77 d6 ce 3b ef dc 5e dc 70 1c c7 45 5f 9a 53 f4 2b fa 57 4f 19 9f ff 75 5b b3 de ae 27 48 7b d1 8b 5e 54 bd f2 95 af 5c b1 a8 58 a7 d8 06 99 74 f1 80 f8 fc 89 2b cc 47 28 d5 9e 62 1b 28 de ff d7 3a ad 26 48 ab 97 11 f6 71 d1 83 08 ff da d3 03 1e f0 80 Data Ascii: ^1N3M6q^vw~7sWgZzUs!i+s\|6Y^f\|fKF\|!-d\Oo6'3Sm\Y}w^Tyr=w.oxFL_w;^pE_S+WOu['H{^T\Xt+G(b(:&Hq
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 15 b7 be 0b 15 e8 0a d2 22 44 89 3d bd e2 b0 ab e6 14 bb de c7 a1 81 f5 34 6b 90 16 bf 14 46 c8 b2 da 29 da 7f ce 73 9e 33 fc b3 d8 8b 28 f6 aa 69 4f 31 3f f6 5a 89 29 0e b1 38 e0 80 03 46 0e 91 a8 5f 1f 87 4e dc ff fe f7 af 1f 76 fe 12 18 cb 8a 65 ae 66 ca 58 b7 58 5e d7 97 d7 d5 f4 23 0e 7f b8 c3 1d ee b0 f5 4f ba 82 b4 ad 4f b6 ee 34 83 b4 08 9b 62 ef bf d8 c8 5b ed 14 1b c3 71 88 61 9c 57 af 39 cd ba 71 36 ed 75 e3 82 b4 e6 b2 32 ee c7 1e 46 ed c3 32 b2 ea 1c fd cb ac f5 3c 37 34 d7 db cf e6 bf cd 58 ef d8 13 35 ce 77 13 1b d8 ab 9d e2 30 e6 d8 5b 30 a6 08 0c 22 44 8b 3d 47 56 3b c5 e1 27 b1 f7 e4 6a a7 71 41 da ac ed c4 17 b9 d8 1b b4 bd 77 45 e6 b8 ca 6a 6b bd 75 6f bf 17 cd 6a 94 35 3e ea e5 c5 bf e1 a7 3f fd e9 f5 c3 55 df b6 83 b4 ec f6 a2 43 59 Data Ascii: "D=4kF)s3(iO1?Z)8F_NvefXX^#OO4b[qaW9q6u2F2<74X5w0[0"D=GV;'jqAwEjkuoj5>?UCY
2024-10-28 16:54:18 UTC	1378	IN	Data Raw: 71 41 9a 7a ea da ab 2a 3e 57 e2 3d 2e 3e 37 63 ca 5e 87 8d 0e d2 c6 7d fe d7 06 6b bd ed b2 8b b6 a6 9d 23 2d 4e 05 d2 3e 1d 48 fc dd b8 73 d8 c5 73 5d 53 d7 38 8c d7 b5 43 d0 ae bf 1d 37 af 6b fb 60 dc 55 3b db 6d c4 21 9c 5d e7 5b 7d e1 0b 5f 58 3d e9 49 4f 1a ae 73 69 eb 3d 6d 1b ac 5e c7 69 41 5a f6 67 74 57 6d 67 ad 43 dd 67 b7 04 fa 22 20 48 eb 4b a5 ad 67 11 02 93 82 b4 f8 22 1a 5f 3c 9a 5f 90 63 ef b0 b8 ea 61 fc 6a 3b 4b 90 16 bb d4 b7 f7 5c 8a 90 ae 7d 0e 92 c0 88 2f 3e f1 85 a0 39 35 4f 92 1e 27 3a 8f 0d 9b e6 14 5f 4a eb 73 7e c5 79 b0 22 50 e9 9a a2 df f1 a5 29 f6 1c 89 ab 78 c5 86 4c 73 8a bd da 62 ef b6 d5 4c 99 eb d6 f5 e5 35 c2 a0 ae 43 62 bb 02 ce 66 50 18 eb 30 2e 48 8b bd 30 e2 8a 4b f1 25 ae 3d 3d f9 c9 4f 1e 9e 97 ae 39 3f f6 3e 8c Data Ascii: qAz*>W=.>7c^}k#-N>Hss]S8C7k`U;m!][}_X=IOsi=m^iAZgtWmgCg" HKg"_<_caj;K\}/>95O':_Js~y"P)xLsbL5CbfP0.H0K%==O9?>

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:24 UTC	729	OUT	GET / HTTP/1.1 Host: 993d5bec.423144957447176b2bc9850b.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://docs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:24 UTC	606	IN	HTTP/1.1 403 Forbidden Date: Mon, 28 Oct 2024 16:54:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9c7293ed038c56-DFW
2024-10-28 16:54:24 UTC	763	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 Data Ascii: tylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f Data Ascii: ref="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" metho
2024-10-28 16:54:24 UTC	940	IN	Data Raw: 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 Data Ascii: s="hidden" id="cf-footer-ip">155.94.241.188</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="
2024-10-28 16:54:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:24 UTC	617	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: 993d5bec.423144957447176b2bc9850b.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://993d5bec.423144957447176b2bc9850b.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:24 UTC	411	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 16:54:24 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 22 Oct 2024 20:47:27 GMT ETag: "67180f5f-5df3" Server: cloudflare CF-RAY: 8d9c7294df1a2825-DFW X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 28 Oct 2024 18:54:24 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-28 16:54:24 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-10-28 16:54:24 UTC	389	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 73 74 61 63 6b 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 7a 6f 6f 6d 3a 31 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f Data Ascii: select:none;-ms-user-select:none;user-select:none;display:-moz-inline-stack;display:inline-block;vertical-align:middle;zoom:1;border-radius:2px;box-sizing:border-box;-webkit-transition:all .2s ease;transition:all .2s ease}#cf-wrapper .cf-btn:hover{backgro
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f Data Ascii: per .cf-btn-danger:active,#cf-wrapper .cf-btn-danger:focus,#cf-wrapper .cf-btn-error.active,#cf-wrapper .cf-btn-error:active,#cf-wrapper .cf-btn-error:focus,#cf-wrapper .cf-btn-important.active,#cf-wrapper .cf-btn-important:active,#cf-wrapper .cf-btn-impo
2024-10-28 16:54:24 UTC	1369	IN	Data Raw: 6d 3a 31 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 67 72 61 79 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 Data Ascii: m:1;box-sizing:border-box;-webkit-transition:all .2s ease;transition:all .2s ease;border-radius:2px}#cf-wrapper input:hover,#cf-wrapper select:hover,#cf-wrapper textarea:hover{border-color:gray}#cf-wrapper input:focus,#cf-wrapper select:focus,#cf-wrapper

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:25 UTC	618	OUT	OPTIONS /report/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://993d5bec.423144957447176b2bc9850b.workers.dev Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:25 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Mon, 28 Oct 2024 16:54:25 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:26 UTC	530	OUT	POST /report/v4?s=N0fzK7DgyUtkRUWmvaqoNAILzGw2g%2FQI3lGEsuz%2Fx0N%2BZ%2BPWDnOQoPLnxd0HKQvnPTzwnuXbK34SsaM%2BypNY9gpobfkTj%2BhtiKN%2B7K73hxeAMYVEL9A07yd4uQjgDTSg%2Bl9J7IeAs%2FztCuwT1z88dVkdOYSvx4meuny7XL2WcSg%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 440 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:26 UTC	440	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 36 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 36 37 2e 32 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a Data Ascii: [{"age":0,"body":{"elapsed_time":1968,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://docs.google.com/","sampling_fraction":1.0,"server_ip":"172.67.167.25","status_code":403,"type":"http.error"},"type":"network-error","url":
2024-10-28 16:54:26 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 28 Oct 2024 16:54:26 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:26 UTC	709	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: 993d5bec.423144957447176b2bc9850b.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://993d5bec.423144957447176b2bc9850b.workers.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:26 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 16:54:26 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 22 Oct 2024 20:47:27 GMT ETag: "67180f5f-1c4" Server: cloudflare CF-RAY: 8d9c729e3cdd6be9-DFW X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 28 Oct 2024 18:54:26 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-28 16:54:26 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Timestamp	Bytes transferred	Direction	Data
2024-10-28 16:54:27 UTC	646	OUT	GET /favicon.ico HTTP/1.1 Host: 993d5bec.423144957447176b2bc9850b.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://993d5bec.423144957447176b2bc9850b.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-28 16:54:27 UTC	590	IN	HTTP/1.1 403 Forbidden Date: Mon, 28 Oct 2024 16:54:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukEad09w3jBvq8eFKwVxY7u7CvMHR69JJGaoylDO4BR6hjxCFcDw5hEnsSrqpIksZL%2BoAhsWq9SEbm27AYjMXGRQQpkA50rCEwa40mgvm7sVFMdDAYrcWfwIVxTJvXLXcEGUr1wHFZCmqleX6YPtNNNXEJRXcN3y5Dx5jPZEddY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d9c72a6cad545f0-DFW
2024-10-28 16:54:27 UTC	779	IN	Data Raw: 31 31 35 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 115c<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-28 16:54:27 UTC	1369	IN	Data Raw: 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 Data Ascii: f_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var c
2024-10-28 16:54:27 UTC	1369	IN	Data Raw: 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d Data Ascii: .cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype=
2024-10-28 16:54:27 UTC	935	IN	Data Raw: 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 38 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 Data Ascii: dden" id="cf-footer-ip">155.94.241.188</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https
2024-10-28 16:54:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	12:52:51
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Target ID:	2
Start time:	12:52:52
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVe"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre