Edit tour

Windows Analysis Report
https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG

Overview

General Information

Sample URL:	https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG
Analysis ID:	1551276
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected landing page (webpage, office document or email)

Detected non-DNS traffic on DNS port

Drops PE files

HTML page contains hidden javascript code

PE file contains an invalid checksum

PE file does not import any functions

PE file overlay found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG

Avira URL Cloud: detection malicious, Label: malware

Source: Unconfirmed 336248.crdownload.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_7262356f-b

Source: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2

HTTP Parser: Base64 decoded: <svg width="403" height="258" viewBox="0 0 403 258" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M28 220.047C74.6329 220.047 189.971 198.459 213 50.5" stroke="white" stroke-width="3" stroke-dasharray="8 8"/><path d="M215.393 36.3538L221.514 5...

Source: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:54659 version: TLS 1.2

Source:	Binary string: ?COMCTL32.dllWINHTTP.dllcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -FS -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMLoad file into cachecrypto\x509\by_file.cunspecified certificate verification errorunable to get issuer certificateunable to get certificate CRLunable to decrypt certificate's signatureunable to decrypt CRL's signatureunable to decode issuer public keycertificate signature failureCRL signature failurecertificate is not yet validcertificate has expiredCRL is not yet validCRL has expiredformat error in certificate's notBefore fieldformat error in certificate's notAfter fieldformat error in CRL's lastUpdate fieldformat error in CRL's nextUpdate fieldout of memoryself signed certificateself signed certificate in certificate chainunable to get local issuer certificateunable to verify the first certificatecertificate chain too longcertificate revokedinvalid CA certificatepath length constraint exceededunsupported certificate purposecertificate not trustedcertificate rejectedsubject issuer mismatchauthority and subject key identifier mismatchauthority and issuer serial number mismatchkey usage does not include certificate signingunable to get CRL issuer certificateunhandled critical extensionkey usage does not include CRL signingunhandled critical CRL extensioninvalid non-CA certificate (has CA markings)proxy path length constraint exceededkey usage does not include digital signatureproxy certificates not allowed, please set the appropriate flaginvalid or inconsistent certificate extensioninvalid or inconsistent certificate policy extensionno explicit policyDifferent CRL scopeUnsupported extension featureRFC 3779 resource not subset of parent's resourcespermitted subtree violationexcluded subtree violationname constraints minimum and maximum not supportedapplication verification failureunsupported name constraint typeunsupported or invalid name constraint syntaxunsupported or invalid name syntaxCRL path validation errorPath LoopSuite B: certificate version invalidSuite B: invalid public key algorithmSuite B: invalid ECC curveSuite B: invalid signature algorithmSuite B: curve not allowed for this LOSSuite B: cannot sign P-384 with P-256Hostname mismatchEmail address mismatchIP address mismatchNo matching DANE TLSA recordsEE certificate key too weakCA certificate key too weakCA signature digest algorithm too weakInvalid certificate verification contextIssuer certificate lookup errorCertificate Transparency required, but no valid SCTs foundproxy subject name violationOCSP verification neededOCSP verification failedOCSP unknown certCertificate public key has explicit ECC parametersunknown certificate verification errorcrypto\asn1\x_info.ccrypto\pem\pem_info.cRSA P
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -FS -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: Unconfirmed 336248.crdownload.0.dr

Source: global traffic

TCP traffic: 192.168.2.8:54651 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/sIGWvrvOeAYXvpLkG HTTP/1.1Host: eu.docworkspace.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 HTTP/1.1Host: eu.docs.wps.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/3cb25a8.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/529e391.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/965d4c7.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/6383b01.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/085fd6c.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/93f6286.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/3cb25a8.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/93f6286.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/167e453.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/085fd6c.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/6383b01.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/f0976f1.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/965d4c7.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/e891fbf.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tag/hz1xdx5n3e HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/529e391.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/167e453.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/f0976f1.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/e891fbf.js HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag/hz1xdx5n3e HTTP/1.1Host: www.clarity.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=58c6081be88c4cb8b71634731a94447f.20241107.20251107
Source: global traffic	HTTP traffic detected: GET /api/v5/links/sIGWvrvOeAYXvpLkG HTTP/1.1Host: eu-drive.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /p/session/correlate HTTP/1.1Host: eu-account.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Accept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brCookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /api/v3/userinfo HTTP/1.1Host: eu-drive.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /api/v5/links/sIGWvrvOeAYXvpLkG HTTP/1.1Host: eu-drive.wps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /op/docs/open HTTP/1.1Host: api-ad-adapter.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Accept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brCookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /api/v3/office/asynctasks/normal_export?id=null HTTP/1.1Host: eu.docs.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Accept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2Accept-Encoding: gzip, deflate, brCookie: i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
Source: global traffic	HTTP traffic detected: GET /op/docs/open HTTP/1.1Host: api-ad-adapter.wps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990959.0.0.0
Source: global traffic	HTTP traffic detected: GET /s/0.7.49/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=58c6081be88c4cb8b71634731a94447f.20241107.20251107
Source: global traffic	HTTP traffic detected: GET /api/map/kdocs/docs_channel?device_type=windows&kdocssrc=loadPlatform&region=eu HTTP/1.1Host: params.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990959.0.0.0
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/logo.d58097c.svg HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/wheat.1.36b312a.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/pdf.f5cdafd.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/wheat.2.acf1f69.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a/AATXAJzIjj6OUjzbyQ5v1VdHPUAyxCrXmPuELxwOLLwH=s96-c HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.7.49/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=58c6081be88c4cb8b71634731a94447f.20241107.20251107
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/pdf.f5cdafd.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /short-link/create HTTP/1.1Host: s-eu.wps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _clck=1ygjx06%7C2%7Cfqo%7C0%7C1772; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990963.0.0.0
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/wheat.1.36b312a.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/logo.d58097c.svg HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/wheat.2.acf1f69.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/map/kdocs/docs_channel?device_type=windows&kdocssrc=loadPlatform&region=eu HTTP/1.1Host: params.wps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _clck=1ygjx06%7C2%7Cfqo%7C0%7C1772; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990963.0.0.0
Source: global traffic	HTTP traffic detected: GET /encs/icons/favicon.ico HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a/AATXAJzIjj6OUjzbyQ5v1VdHPUAyxCrXmPuELxwOLLwH=s96-c HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /encs/icons/favicon.ico HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wps/download.html?channel=200.1095&lid=lid-e8LZcF8IC7u5 HTTP/1.1Host: wdl1.pcfg.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 HTTP/1.1Host: eu.docs.wps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Accept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2Accept-Encoding: gzip, deflate, brCookie: hasClickWpsToday=1; i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; lang=en-US; _clck=1ygjx06%7C2%7Cfqo%7C0%7C1772; _clsk=1n70m8b%7C1730990964933%7C1%7C0%7Cb.clarity.ms%2Fcollect; _ga_PE2STH1E8E=GS1.1.1730990956.1.1.1730990983.0.0.0If-None-Match: "459c-ZzwFFaOaqVZdmym0d0Tj9OGkDAA"
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/win_download.e48ddfe.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/design.683750d.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/download_arrow.8f21e65.svg HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eu.docs.wps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wpsdl/wpsoffice/onlinesetup/distsrc/200.1095/wpsinst/wps_office_inst.exe HTTP/1.1Host: wdl1.pcfg.cache.wpscdn.comConnection: keep-aliveSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: https://wdl1.pcfg.cache.wpscdn.com/wps/download.html?channel=200.1095&lid=lid-e8LZcF8IC7u5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/win_download.e48ddfe.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/download_arrow.8f21e65.svg HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /intl/docs/img/design.683750d.png HTTP/1.1Host: docs.cache.wpscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 HTTP/1.1Host: eu.docs.wps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: hasClickWpsToday=1; i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; lang=en-US; _clck=1ygjx06%7C2%7Cfqo%7C0%7C1772; _clsk=1n70m8b%7C1730990964933%7C1%7C0%7Cb.clarity.ms%2Fcollect; _ga_PE2STH1E8E=GS1.1.1730990956.1.1.1730990983.0.0.0
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120100v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_160.2.dr	String found in binary or memory: Math.round(q);t["gtm.videoElapsedTime"]=Math.round(f);t["gtm.videoPercent"]=r;t["gtm.videoVisible"]=u;return t},rk:function(){e=pb()},zd:function(){d()}}};var Yb=ka(["data-gtm-yt-inspected-"]),nD=["www.youtube.com","www.youtube-nocookie.com"],oD,pD=!1; equals www.youtube.com (Youtube)
Source: chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_160.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={Ah:e,yh:f,zh:g,ii:k,ji:m,Qe:n,Ib:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};G(function(){for(var u=E.getElementsByTagName("script"),v=u.length,t=0;t<v;t++){var w=u[t].getAttribute("src");if(yD(w,"iframe_api")\|\|yD(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!pD&&wD(x[A],p.Qe))return oc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_166.2.dr, chromecache_140.2.dr, chromecache_115.2.dr, chromecache_111.2.dr	String found in binary or memory: return b}lD.F="internal.enableAutoEventOnTimer";var Yb=ka(["data-gtm-yt-inspected-"]),nD=["www.youtube.com","www.youtube-nocookie.com"],oD,pD=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: eu.docworkspace.com
Source: global traffic	DNS traffic detected: DNS query: eu.docs.wps.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.cache.wpscdn.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: eu-account.wps.com
Source: global traffic	DNS traffic detected: DNS query: eu-drive.wps.com
Source: global traffic	DNS traffic detected: DNS query: s-eu.wps.com
Source: global traffic	DNS traffic detected: DNS query: api-ad-adapter.wps.com
Source: global traffic	DNS traffic detected: DNS query: params.wps.com
Source: global traffic	DNS traffic detected: DNS query: b.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: wdl1.pcfg.cache.wpscdn.com

Source: unknown

HTTP traffic detected: POST /api/v3/office/file/89316155709881/async-export HTTP/1.1Host: eu.docs.wps.comConnection: keep-aliveContent-Length: 219sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, */*Content-Type: application/jsonAccept-Language: en-USsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://eu.docs.wps.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2Accept-Encoding: gzip, deflate, brCookie: i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 14:49:18 GMTContent-Type: application/json;charset=utf-8Content-Length: 60Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel,Authorization,Content-Md5,DATEAccess-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONSAccess-Control-Allow-Origin: https://eu.docs.wps.comAccess-Control-Expose-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channelX-KLB: 2Server: elb
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 14:49:18 GMTContent-Type: application/json;charset=utf-8Content-Length: 60Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channelAccess-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONSAccess-Control-Allow-Origin: https://eu.docs.wps.comAccess-Control-Expose-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channelX-KLB: 2Server: elb
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 14:49:19 GMTContent-Type: application/json; charset=utf-8Content-Length: 86Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: accept, content-type, x-user-query, x-device-id, x-requested-with, x-csrftoken, accept-encoding, accept-language, x-csrf-rand, x-server-id, x-endpoint-id, x-user-token, x-app-id, x-app-tokenAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSAccess-Control-Allow-Origin: https://eu.docs.wps.comAccess-Control-Expose-Headers: accept, content-type, x-user-query, x-device-id, x-requested-with, x-csrftoken, accept-encoding, accept-languageX-Group: greenX-Request-Id: d2a597d3d29f15a221e82541865a8bccX-KLB: 2Server: elb
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 14:49:21 GMTContent-Type: application/json; charset=utf-8Content-Length: 82Connection: closeX-Group: greenX-Request-Id: f07ce861adf94bbfe8bcf490750c25b0X-KLB: 2Server: elb
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 14:49:26 GMTContent-Type: text/plainContent-Length: 18Connection: closeaccess-control-allow-credentials: trueaccess-control-allow-headers: Content-Type, x-requested-with, AccessToken, Authorization, Token, wps-stats, Wps-Sid, Device-Id, AccessKey, Timestamp, Client-Chan, Client-Lang, Client-Type, Client-Ver, Client-Request-Idaccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH, OPTIONSaccess-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Typex-envoy-upstream-service-time: 0Server: elb

Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: http://dw-collect-debug.ksord.com)datesign_eventslocal
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: http://dw-online.ksosoft.com/api/dynamicParam/v3/app/2.9.0dcsdk_eventv3.dbdcsdk_dpv3.data10C
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: http://en.ksupdate.com/errorreport/uphttps://en.ksupdate.com/errorreport/up-crashdmp
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: http://event.4wps.nethttps://event.wps.comcountryCodeFinishTaghttps://www.google-analytics.com/mp/co
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: http://ic.wps.cn/wpsv6internet/infos.ads?v=D1S1E1&d=kdcsdk_infoc/wps/client/appcountrycodelastupdate
Source: chromecache_160.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crxSoftware
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://curl.se/docs/hsts.html
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chromecache_168.2.dr, chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/encs/icons/favicon.ico
Source: chromecache_161.2.dr, chromecache_163.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/085fd6c.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/167e453.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/3cb25a8.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/529e391.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/6383b01.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/93f6286.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/965d4c7.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/e891fbf.js
Source: chromecache_119.2.dr	String found in binary or memory: https://docs.cache.wpscdn.com/intl/docs/f0976f1.js
Source: chromecache_143.2.dr, chromecache_120.2.dr	String found in binary or memory: https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://event.wps.comdynamicParamFinishTagt1_app_start_p_st_sv_app_gid_did_hdid3_aid_ut_rid_av_ch_db
Source: chromecache_159.2.dr, chromecache_128.2.dr	String found in binary or memory: https://github.com/microsoft/clarity
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://http_.index.inicert_detailis_cached_fileverify_cert_failedKOnlineSetupImpl::__generateCacheF
Source: chromecache_120.2.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/AATXAJzIjj6OUjzbyQ5v1VdHPUAyxCrXmPuELxwOLLwH=s96-c
Source: chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://params.wps.com/api/map/online_params/webparam_mig/onlineParamByFunc?funcName=
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://params.wps.com/api/map/online_params/webparam_mig/onlineParamByFunc?funcName=&version=&chann
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://s.wps.comshortLinkUrlshortlink/short-link/queryshort_link_code=geterr_signAuthorizationdevic
Source: chromecache_166.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_160.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_110.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/distsrc/.execrashdmppidtidexp1IS_WPSO
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/package/SOFTWARE
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://website-prod.cache.wpscdn.com/pkgs/win/setup_XA_mui_Free.exeSOFTWARE
Source: chromecache_168.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.clarity.ms
Source: chromecache_140.2.dr, chromecache_111.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://www.google-analytics.com/mp/collecthttps://http:///Iphlpapi.dllGetNetworkParamsinternal_proc
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_160.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_160.2.dr, chromecache_168.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_133.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_168.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-PE2STH1E8E
Source: chromecache_138.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-126693142-4
Source: chromecache_166.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://www.wps.com/eula
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://www.wps.com/eulaprivacy_policylicense_agreementlabelTitleMsg_Wps_OnlineSetup_TaskMsgMsg_Wps_
Source: Unconfirmed 336248.crdownload.0.dr	String found in binary or memory: https://www.wps.com/privacy-policy
Source: chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_160.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54659
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54657
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54665
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54663
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54669
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54668
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54666
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54672
Source: unknown	Network traffic detected: HTTP traffic on port 54660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54671
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54666 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54673
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54679
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54681
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54680
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 54694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54687
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54690
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 54693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 54664 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 54687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 54665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 54668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 54669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 54686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54698
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54695
Source: unknown	Network traffic detected: HTTP traffic on port 54684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:54659 version: TLS 1.2

Source: Unconfirmed 336248.crdownload.0.dr	Static PE information: No import functions for PE file found
Source: b190ab89-58b5-41b2-86cd-d3dd5b248905.tmp.0.dr	Static PE information: No import functions for PE file found

Source: Unconfirmed 336248.crdownload.0.dr	Static PE information: Data appended to the last section found
Source: b190ab89-58b5-41b2-86cd-d3dd5b248905.tmp.0.dr	Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal52.win@21/105@50/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1896,i,2785795521395358072,9482595411326801407,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: ?COMCTL32.dllWINHTTP.dllcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -FS -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASMLoad file into cachecrypto\x509\by_file.cunspecified certificate verification errorunable to get issuer certificateunable to get certificate CRLunable to decrypt certificate's signatureunable to decrypt CRL's signatureunable to decode issuer public keycertificate signature failureCRL signature failurecertificate is not yet validcertificate has expiredCRL is not yet validCRL has expiredformat error in certificate's notBefore fieldformat error in certificate's notAfter fieldformat error in CRL's lastUpdate fieldformat error in CRL's nextUpdate fieldout of memoryself signed certificateself signed certificate in certificate chainunable to get local issuer certificateunable to verify the first certificatecertificate chain too longcertificate revokedinvalid CA certificatepath length constraint exceededunsupported certificate purposecertificate not trustedcertificate rejectedsubject issuer mismatchauthority and subject key identifier mismatchauthority and issuer serial number mismatchkey usage does not include certificate signingunable to get CRL issuer certificateunhandled critical extensionkey usage does not include CRL signingunhandled critical CRL extensioninvalid non-CA certificate (has CA markings)proxy path length constraint exceededkey usage does not include digital signatureproxy certificates not allowed, please set the appropriate flaginvalid or inconsistent certificate extensioninvalid or inconsistent certificate policy extensionno explicit policyDifferent CRL scopeUnsupported extension featureRFC 3779 resource not subset of parent's resourcespermitted subtree violationexcluded subtree violationname constraints minimum and maximum not supportedapplication verification failureunsupported name constraint typeunsupported or invalid name constraint syntaxunsupported or invalid name syntaxCRL path validation errorPath LoopSuite B: certificate version invalidSuite B: invalid public key algorithmSuite B: invalid ECC curveSuite B: invalid signature algorithmSuite B: curve not allowed for this LOSSuite B: cannot sign P-384 with P-256Hostname mismatchEmail address mismatchIP address mismatchNo matching DANE TLSA recordsEE certificate key too weakCA certificate key too weakCA signature digest algorithm too weakInvalid certificate verification contextIssuer certificate lookup errorCertificate Transparency required, but no valid SCTs foundproxy subject name violationOCSP verification neededOCSP verification failedOCSP unknown certCertificate public key has explicit ECC parametersunknown certificate verification errorcrypto\asn1\x_info.ccrypto\pem\pem_info.cRSA P
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -FS -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: Unconfirmed 336248.crdownload.0.dr

Source: Unconfirmed 336248.crdownload.0.dr	Static PE information: real checksum: 0x59977d should be: 0x48b803
Source: b190ab89-58b5-41b2-86cd-d3dd5b248905.tmp.0.dr	Static PE information: real checksum: 0x59977d should be: 0xa0ca

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2

LLM: Page contains button: 'Open with WPS Office' Source: '1.1.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 336248.crdownload			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\b190ab89-58b5-41b2-86cd-d3dd5b248905.tmp			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
https://event.wps.comdynamicParamFinishTagt1_app_start_p_st_sv_app_gid_did_hdid3_aid_ut_rid_av_ch_db	0%	Avira URL Cloud	safe
https://s.wps.comshortLinkUrlshortlink/short-link/queryshort_link_code=geterr_signAuthorizationdevic	0%	Avira URL Cloud	safe
http://dw-collect-debug.ksord.com)datesign_eventslocal	0%	Avira URL Cloud	safe
https://http_.index.inicert_detailis_cached_fileverify_cert_failedKOnlineSetupImpl::__generateCacheF	0%	Avira URL Cloud	safe
https://s-eu.wps.com/short-link/create	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
eu-account.wps.com	90.84.244.155	true	false	high
s-euc.docworkspace.com	90.84.188.40	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	high
eu.docs.wps.com	90.84.178.217	true	false	high
wdl1-pcfg-cache-wpscdn-com.v4.cn-line.qiniudns.com	104.16.84.69	true	false	high
eu-drive.wps.com	90.84.199.140	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high
api-ad-adapter-ff.wps.com	90.84.189.232	true	false	high
nginx-gateway-service.default.ff.entry.4wps.net	90.84.175.86	true	false	high
istio-gateway.eu.entry.4wps.net	90.84.175.86	true	false	high
www.google.com	142.250.185.196	true	false	high
sz-special-overseas.volcgtm.com	23.236.112.179	true	false	high
googlehosted.l.googleusercontent.com	142.250.185.65	true	false	high
docs.cache.wpscdn.com	unknown	unknown	false	high
wdl1.pcfg.cache.wpscdn.com	unknown	unknown	false	high
www.clarity.ms	unknown	unknown	false	high
lh3.googleusercontent.com	unknown	unknown	false	high
s-eu.wps.com	unknown	unknown	false	unknown
b.clarity.ms	unknown	unknown	false	high
eu.docworkspace.com	unknown	unknown	false	high
api-ad-adapter.wps.com	unknown	unknown	false	high
c.clarity.ms	unknown	unknown	false	high
params.wps.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://docs.cache.wpscdn.com/intl/docs/965d4c7.js	false		high
https://eu-drive.wps.com/api/v3/userinfo	false		high
https://wdl1.pcfg.cache.wpscdn.com/wps/download.html?channel=200.1095&lid=lid-e8LZcF8IC7u5	false		high
https://docs.cache.wpscdn.com/intl/docs/529e391.js	false		high
https://www.clarity.ms/s/0.7.49/clarity.js	false		high
https://docs.cache.wpscdn.com/intl/docs/img/download_arrow.8f21e65.svg	false		high
https://docs.cache.wpscdn.com/intl/docs/167e453.js	false		high
https://docs.cache.wpscdn.com/intl/docs/f0976f1.js	false		high
https://docs.cache.wpscdn.com/intl/docs/img/wheat.2.acf1f69.png	false		high
https://eu-account.wps.com/p/session/correlate	false		high
https://docs.cache.wpscdn.com/intl/docs/3cb25a8.js	false		high
https://docs.cache.wpscdn.com/intl/docs/img/design.683750d.png	false		high
https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/distsrc/200.1095/wpsinst/wps_office_inst.exe	false		high
https://docs.cache.wpscdn.com/intl/docs/93f6286.js	false		high
https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2	false		high
https://params.wps.com/api/map/kdocs/docs_channel?device_type=windows&kdocssrc=loadPlatform&region=eu	false		high
https://eu-drive.wps.com/api/v5/links/sIGWvrvOeAYXvpLkG	false		high
https://docs.cache.wpscdn.com/intl/docs/e891fbf.js	false		high
https://docs.cache.wpscdn.com/intl/docs/img/logo.d58097c.svg	false		high
https://lh3.googleusercontent.com/a/AATXAJzIjj6OUjzbyQ5v1VdHPUAyxCrXmPuELxwOLLwH=s96-c	false		high
https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG	false		high
https://api-ad-adapter.wps.com/op/docs/open	false		high
https://www.clarity.ms/tag/hz1xdx5n3e	false		high
https://docs.cache.wpscdn.com/intl/docs/img/wheat.1.36b312a.png	false		high
https://docs.cache.wpscdn.com/intl/docs/img/pdf.f5cdafd.png	false		high
https://docs.cache.wpscdn.com/intl/docs/img/win_download.e48ddfe.png	false		high
https://docs.cache.wpscdn.com/intl/docs/6383b01.js	false		high
https://docs.cache.wpscdn.com/intl/docs/085fd6c.js	false		high
https://docs.cache.wpscdn.com/encs/icons/favicon.ico	false		high
https://s-eu.wps.com/short-link/create	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.wps.com/eula	Unconfirmed 336248.crdownload.0.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_166.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_160.2.dr	false		high
https://event.wps.comdynamicParamFinishTagt1_app_start_p_st_sv_app_gid_did_hdid3_aid_ut_rid_av_ch_db	Unconfirmed 336248.crdownload.0.dr	false	Avira URL Cloud: safe	unknown
https://params.wps.com/api/map/online_params/webparam_mig/onlineParamByFunc?funcName=&version=&chann	Unconfirmed 336248.crdownload.0.dr	false		high
https://s.wps.comshortLinkUrlshortlink/short-link/queryshort_link_code=geterr_signAuthorizationdevic	Unconfirmed 336248.crdownload.0.dr	false	Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_133.2.dr, chromecache_110.2.dr	false		high
https://docs.cache.wpscdn.com/intl/docs/	chromecache_161.2.dr, chromecache_163.2.dr	false		high
https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/package/SOFTWARE	Unconfirmed 336248.crdownload.0.dr	false		high
https://curl.se/docs/hsts.html	Unconfirmed 336248.crdownload.0.dr	false		high
https://www.google.com	chromecache_160.2.dr	false		high
https://www.youtube.com/iframe_api	chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_160.2.dr	false		high
https://www.clarity.ms	chromecache_168.2.dr, chromecache_119.2.dr	false		high
http://dw-online.ksosoft.com/api/dynamicParam/v3/app/2.9.0dcsdk_eventv3.dbdcsdk_dpv3.data10C	Unconfirmed 336248.crdownload.0.dr	false		high
https://stats.g.doubleclick.net/j/collect	chromecache_110.2.dr	false		high
https://github.com/microsoft/clarity	chromecache_159.2.dr, chromecache_128.2.dr	false		high
https://www.wps.com/eulaprivacy_policylicense_agreementlabelTitleMsg_Wps_OnlineSetup_TaskMsgMsg_Wps_	Unconfirmed 336248.crdownload.0.dr	false		high
https://params.wps.com/api/map/online_params/webparam_mig/onlineParamByFunc?funcName=	Unconfirmed 336248.crdownload.0.dr	false		high
https://website-prod.cache.wpscdn.com/pkgs/win/setup_XA_mui_Free.exeSOFTWARE	Unconfirmed 336248.crdownload.0.dr	false		high
https://docs.cache.wpscdn.com	chromecache_168.2.dr, chromecache_119.2.dr	false		high
https://curl.se/docs/http-cookies.html	Unconfirmed 336248.crdownload.0.dr	false		high
https://tagassistant.google.com/	chromecache_133.2.dr, chromecache_110.2.dr	false		high
http://dw-collect-debug.ksord.com)datesign_eventslocal	Unconfirmed 336248.crdownload.0.dr	false	Avira URL Cloud: safe	unknown
https://http_.index.inicert_detailis_cached_fileverify_cert_failedKOnlineSetupImpl::__generateCacheF	Unconfirmed 336248.crdownload.0.dr	false	Avira URL Cloud: safe	unknown
https://www.wps.com/privacy-policy	Unconfirmed 336248.crdownload.0.dr	false		high
https://curl.se/docs/alt-svc.html	Unconfirmed 336248.crdownload.0.dr	false		high
https://cct.google/taggy/agent.js	chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	false		high
https://www.google.com/ads/ga-audiences	chromecache_133.2.dr, chromecache_110.2.dr	false		high
https://www.google.%/ads/ga-audiences	chromecache_133.2.dr, chromecache_110.2.dr	false		high
https://td.doubleclick.net	chromecache_166.2.dr, chromecache_140.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_111.2.dr, chromecache_160.2.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_166.2.dr, chromecache_134.2.dr, chromecache_170.2.dr, chromecache_121.2.dr, chromecache_115.2.dr, chromecache_160.2.dr	false		high
http://ic.wps.cn/wpsv6internet/infos.ads?v=D1S1E1&d=kdcsdk_infoc/wps/client/appcountrycodelastupdate	Unconfirmed 336248.crdownload.0.dr	false		high
http://en.ksupdate.com/errorreport/uphttps://en.ksupdate.com/errorreport/up-crashdmp	Unconfirmed 336248.crdownload.0.dr	false		high
https://adservice.google.com/pagead/regclk?	chromecache_160.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
90.84.189.232	api-ad-adapter-ff.wps.com	France	2280	OCBHONEYOCBpubliccloudnetworkEU	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
90.84.178.217	eu.docs.wps.com	France	2280	OCBHONEYOCBpubliccloudnetworkEU	false
90.84.199.140	eu-drive.wps.com	France	2280	OCBHONEYOCBpubliccloudnetworkEU	false
142.250.185.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.184.193	unknown	United States	15169	GOOGLEUS	false
13.107.253.45	s-part-0017.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.16.84.69	wdl1-pcfg-cache-wpscdn-com.v4.cn-line.qiniudns.com	United States	13335	CLOUDFLARENETUS	false
90.84.175.86	nginx-gateway-service.default.ff.entry.4wps.net	France	5511	OPENTRANSITFR	false
98.96.229.29	unknown	United States	7018	ATT-INTERNET4US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
90.84.188.40	s-euc.docworkspace.com	France	2280	OCBHONEYOCBpubliccloudnetworkEU	false
90.84.244.155	eu-account.wps.com	France	2280	OCBHONEYOCBpubliccloudnetworkEU	false
23.236.112.179	sz-special-overseas.volcgtm.com	United States	21859	ZNETUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1551276
Start date and time:	2024-11-07 15:48:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@21/105@50/16
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.185.78, 74.125.133.84, 34.104.35.123, 172.217.18.8, 142.250.181.232, 142.250.74.206, 142.250.186.138, 142.250.185.234, 172.217.18.106, 142.250.186.42, 142.250.185.170, 142.250.186.170, 172.217.16.202, 142.250.186.74, 142.250.186.106, 172.217.16.138, 142.250.184.202, 142.250.184.234, 172.217.18.10, 142.250.185.138, 142.250.181.234, 142.250.185.202, 216.58.206.42, 142.250.185.74, 216.58.206.74, 216.58.212.170, 142.250.185.106, 172.202.163.200, 93.184.221.240, 216.58.212.138, 4.153.129.168, 192.229.221.95, 13.85.23.206, 13.74.129.1, 13.107.21.237, 204.79.197.237, 13.95.31.18, 142.250.184.200, 172.217.18.14, 142.250.186.35
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, www.googletagmanager.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, azurefd-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, www.google-analytics.com, glb.sls.prod.dcat.dsp.trafficmanager.net, vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, otelrules.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, firebaseinstallations.googleapis.com, fe3.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 13:49:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9787459148945032
Encrypted:	false
SSDEEP:	48:8Ri0djTLDwHKidAKZdA1oehwiZUklqehpy+3:8RicLgOy
MD5:	4ADAB8A667F333042D3886B83497AA8A
SHA1:	F10F1A826CCBC45A2E568FE51899CFEB1704BB7D
SHA-256:	383042B0EE7BABD562DE069682B4055FE37CBEB1504929246D25635F2C6CD16A
SHA-512:	AF622150074BC0AD78E64F51F9B72E3087895F247DC3A3F4A1CEBBC067F1B5F56DF59ED1517E99BDD14007DBA916FDA42629E49BA573D6E87FCDDBC4FD5E0C8D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......94$1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgY"v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY"v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY"v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY"v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY%v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 15:49:08.723241091 CET	53	56540	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:08.724280119 CET	53	56038	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:09.972918034 CET	55520	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:09.973438025 CET	61397	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:09.999805927 CET	53	61397	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:10.000370026 CET	53	55520	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:10.139825106 CET	53	59089	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:11.466517925 CET	59608	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:11.469553947 CET	63381	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:11.473820925 CET	53	59608	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:11.476578951 CET	53	63381	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:12.479167938 CET	63116	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:12.479481936 CET	58227	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:12.486335039 CET	53	63116	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:12.486861944 CET	53	58227	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:13.297998905 CET	57655	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:13.298566103 CET	65357	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:13.300911903 CET	50079	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:13.301400900 CET	60312	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:13.306848049 CET	53	50852	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:14.322228909 CET	51718	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:14.322402954 CET	59788	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:14.336314917 CET	53	57655	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:14.820496082 CET	53	65357	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:15.123372078 CET	53	59788	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:15.266624928 CET	53	51718	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:16.018807888 CET	49745	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:16.019529104 CET	50931	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:16.022663116 CET	53	54842	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:16.027592897 CET	53	49745	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:16.628555059 CET	53	50931	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.497534990 CET	53	60998	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.509815931 CET	53	53498	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.545871019 CET	53	64182	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.577827930 CET	53150	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:17.578169107 CET	60139	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:17.584009886 CET	58883	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:17.584156990 CET	55312	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:17.585392952 CET	53	53150	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.586204052 CET	53	60139	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.591847897 CET	53	58883	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.593336105 CET	53	55312	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:17.677453995 CET	56436	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:17.677671909 CET	62398	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.959749937 CET	64081	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.959914923 CET	61248	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.969167948 CET	53	64081	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:18.972538948 CET	63895	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.972728968 CET	65257	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.978626013 CET	53	61248	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:18.984319925 CET	54704	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.984448910 CET	55759	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:18.989943981 CET	53	63895	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:18.993371010 CET	53	54704	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:18.994136095 CET	53	55759	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:18.995080948 CET	53	65257	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.421199083 CET	53	58885	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.421830893 CET	53	49230	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.528616905 CET	57967	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:20.528841019 CET	52995	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:20.531275034 CET	64002	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:20.531399012 CET	60268	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:20.536945105 CET	53	57967	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.538932085 CET	53	64002	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.552237988 CET	53	60268	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:20.552670002 CET	53	52995	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:23.991856098 CET	59132	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:23.992419958 CET	56919	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:24.000363111 CET	53	56919	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:24.476932049 CET	53003	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:24.477092981 CET	51266	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:24.483977079 CET	53	53003	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:24.484016895 CET	53	51266	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.522932053 CET	59285	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.523199081 CET	64815	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.535728931 CET	65092	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.535906076 CET	62263	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.539948940 CET	53	59285	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.541351080 CET	53	64815	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.544150114 CET	53	65092	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.554856062 CET	53	62263	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.909992933 CET	53103	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.910744905 CET	61147	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.917994976 CET	53	61147	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.927366018 CET	61036	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.927604914 CET	63249	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:25.934257030 CET	53	61036	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:25.934397936 CET	53	63249	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:27.931905031 CET	53	62883	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:29.755749941 CET	56211	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:29.755935907 CET	53938	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:29.763814926 CET	53	53938	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:44.533842087 CET	62914	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:44.534415960 CET	58123	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:44.541584015 CET	53	62914	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:45.146573067 CET	138	138	192.168.2.8	192.168.2.255
Nov 7, 2024 15:49:45.172911882 CET	53	58123	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:46.212863922 CET	61625	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:46.213340044 CET	61027	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:46.220530033 CET	53	61625	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:46.253864050 CET	53	55410	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:46.275183916 CET	62388	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:46.275526047 CET	49828	53	192.168.2.8	1.1.1.1
Nov 7, 2024 15:49:46.283093929 CET	53	49828	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:46.289454937 CET	53	62388	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:46.802355051 CET	53	55857	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:47.036528111 CET	53	61027	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:48.140557051 CET	53	60799	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:50.382661104 CET	53	65312	1.1.1.1	192.168.2.8
Nov 7, 2024 15:49:51.265754938 CET	53	49449	162.159.36.2	192.168.2.8
Nov 7, 2024 15:49:51.910712004 CET	53	51232	1.1.1.1	192.168.2.8
Nov 7, 2024 15:50:08.255449057 CET	53	53268	1.1.1.1	192.168.2.8
Nov 7, 2024 15:50:09.642126083 CET	53	56862	1.1.1.1	192.168.2.8

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 7, 2024 15:49:14.820646048 CET	192.168.2.8	1.1.1.1	c2be	(Port unreachable)	Destination Unreachable
Nov 7, 2024 15:49:16.628627062 CET	192.168.2.8	1.1.1.1	c2be	(Port unreachable)	Destination Unreachable
Nov 7, 2024 15:49:18.978707075 CET	192.168.2.8	1.1.1.1	c23e	(Port unreachable)	Destination Unreachable
Nov 7, 2024 15:49:45.172981977 CET	192.168.2.8	1.1.1.1	c2c0	(Port unreachable)	Destination Unreachable
Nov 7, 2024 15:49:47.036602020 CET	192.168.2.8	1.1.1.1	c2c0	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:11 UTC	681	OUT	GET /d/sIGWvrvOeAYXvpLkG HTTP/1.1 Host: eu.docworkspace.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:11 UTC	346	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 07 Nov 2024 14:49:11 GMT Content-Type: text/html; charset=utf-8 Content-Length: 195 Connection: close Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Expires: 0 Location: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 X-KLB: 2 Server: elb
2024-11-07 14:49:11 UTC	195	IN	Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 75 2e 64 6f 63 73 2e 77 70 73 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 2f 63 6f 6d 6d 6f 6e 2f 6c 6f 61 64 50 6c 61 74 66 6f 72 6d 2f 3f 73 69 64 3d 73 49 47 57 76 72 76 4f 65 41 59 58 76 70 4c 6b 47 26 61 6d 70 3b 76 3d 76 32 22 3e 68 74 74 70 73 3a 2f 2f 65 75 2e 64 6f 63 73 2e 77 70 73 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 2f 63 6f 6d 6d 6f 6e 2f 6c 6f 61 64 50 6c 61 74 66 6f 72 6d 2f 3f 73 69 64 3d 73 49 47 57 76 72 76 4f 65 41 59 58 76 70 4c 6b 47 26 61 6d 70 3b 76 3d 76 32 3c 2f 61 3e 2e Data Ascii: Redirecting to <a href="https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2">https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2</a>.

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:12 UTC	712	OUT	GET /module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 HTTP/1.1 Host: eu.docs.wps.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:13 UTC	500	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Accept-Ranges: none Content-Security-Policy: frame-ancestors http://.wps.com https://.wps.com Etag: "459c-ZzwFFaOaqVZdmym0d0Tj9OGkDAA" Server-Timing: total;dur=2;desc="Nuxt Server Time" Set-Cookie: i18n_redirected=en-US; Path=/; Expires=Fri, 07 Nov 2025 14:49:12 GMT; SameSite=Lax Vary: Accept-Encoding X-KLB: 2 Server: elb
2024-11-07 14:49:13 UTC	3662	IN	Data Raw: 65 34 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 6e 2d 68 65 61 64 2d 73 73 72 20 65 6e 76 3d 22 70 72 6f 64 75 63 74 69 6f 6e 22 20 74 69 6d 65 3d 22 39 2f 31 38 2f 32 30 32 34 2c 20 38 3a 30 37 3a 33 39 20 41 4d 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 25 37 42 25 32 32 65 6e 76 25 32 32 3a 25 37 42 25 32 32 73 73 72 25 32 32 3a 25 32 32 70 72 6f 64 75 63 74 69 6f 6e 25 32 32 25 37 44 2c 25 32 32 74 69 6d 65 25 32 32 3a 25 37 42 25 32 32 73 73 72 25 32 32 3a 25 32 32 39 2f 31 38 2f 32 30 32 34 2c 25 32 30 38 3a 30 37 3a 33 39 25 32 30 41 4d 25 32 32 25 37 44 2c 25 32 32 6c 61 6e 67 25 32 32 3a 25 37 42 25 32 32 73 73 72 25 32 32 3a 25 32 32 65 6e 2d 55 53 25 32 32 Data Ascii: e47<!doctype html><html data-n-head-ssr env="production" time="9/18/2024, 8:07:39 AM" lang="en-US" data-n-head="%7B%22env%22:%7B%22ssr%22:%22production%22%7D,%22time%22:%7B%22ssr%22:%229/18/2024,%208:07:39%20AM%22%7D,%22lang%22:%7B%22ssr%22:%22en-US%22
2024-11-07 14:49:13 UTC	2921	IN	Data Raw: 62 36 32 0d 0a 28 30 2c 30 2c 30 2c 2e 38 29 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d 68 65 61 64 20 2e 68 65 61 64 2d 6c 65 66 74 20 69 6d 67 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 30 70 78 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d 68 65 61 64 20 2e 68 65 61 64 2d 72 69 67 68 74 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d 68 65 61 64 20 2e 68 65 61 64 2d 72 69 Data Ascii: b62(0,0,0,.8);white-space:nowrap}.platform-box_wrap .platform-head .head-left img{vertical-align:middle;margin-right:20px}.platform-box_wrap .platform-head .head-right{display:flex;justify-content:space-between}.platform-box_wrap .platform-head .head-ri
2024-11-07 14:49:13 UTC	5286	IN	Data Raw: 31 34 39 65 0d 0a 70 61 64 64 69 6e 67 3a 34 30 70 78 20 34 30 70 78 20 33 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 35 33 35 32 35 32 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 35 30 25 3b 74 6f 70 3a 35 30 25 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 2d 35 30 25 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d Data Ascii: 149epadding:40px 40px 32px;background-color:#fff;color:#535252;position:absolute;left:50%;top:50%;transform:translate(-50%,-50%);border-radius:8px;display:flex;flex-direction:column;justify-content:center;align-items:center}.platform-box_wrap .platform-
2024-11-07 14:49:13 UTC	4104	IN	Data Raw: 31 30 30 30 0d 0a 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 7d 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 64 79 20 2e 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 2e 62 74 6e 2e 6f 70 65 6e 2d 77 70 73 2e 75 73 65 2d 64 79 6e 61 6d 69 63 2d 38 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 70 78 7d 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 78 5f 77 72 61 70 20 2e 70 6c 61 74 66 6f 72 6d 2d 62 6f 64 79 20 2e 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 2e 62 74 6e 2e 6f 70 65 6e 2d 62 72 6f 77 73 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 38 64 38 64 38 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 Data Ascii: 1000in-bottom:8px}}.platform-box_wrap .platform-body .body-content .btn.open-wps.use-dynamic-8{border-radius:50px}.platform-box_wrap .platform-body .body-content .btn.open-browser{background-color:#fff;border:1px solid #d8d8d8;font-size:14px;line-height
2024-11-07 14:49:13 UTC	1884	IN	Data Raw: 37 35 35 0d 0a 67 62 61 28 30 2c 30 2c 30 2c 2e 30 32 29 7d 35 30 25 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 33 29 7d 74 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 32 29 7d 7d 2e 73 6b 65 6c 65 74 6f 6e 20 2e 6c 6f 61 64 69 6e 67 20 2e 69 74 65 6d 20 73 70 61 6e 20 69 5b 64 61 74 61 2d 76 2d 37 31 64 66 61 37 61 63 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 6c 6f 61 64 69 6e 67 2d 64 61 74 61 2d 76 2d 37 31 64 66 61 37 61 63 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 31 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 69 6e 66 69 6e 69 74 65 7d 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 20 3e Data Ascii: 755gba(0,0,0,.02)}50%{background:rgba(0,0,0,.03)}to{background:rgba(0,0,0,.02)}}.skeleton .loading .item span i[data-v-71dfa7ac]{animation-name:loading-data-v-71dfa7ac;animation-duration:1s;animation-iteration-count:infinite}</style> </head> <body >
2024-11-07 14:49:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/3cb25a8.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:15 UTC	756	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 2798 Connection: close Accept-Ranges: bytes Age: 2081286 Etag: "2ff97608324d8df5422a05908b0c8748" Last-Modified: Wed, 18 Sep 2024 08:10:20 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: UlbgS9n-o6HNi8C3hmLW6xwncZfYQIiyZHK8jJ3Mkm9qWkNQmU37aw== X-Amz-Cf-Pop: AMS58-P4 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: Hit from cloudfront X-Request-Id: 0c925952f7214aa8d61869db4de5df18 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache08.oversea-GM-FRA6
2024-11-07 14:49:15 UTC	2798	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 6e 2c 61 2c 66 3d 74 5b 30 5d 2c 75 3d 74 5b 31 5d 2c 69 3d 74 5b 32 5d 2c 6c 3d 30 2c 70 3d 5b 5d 3b 6c 3c 66 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 61 3d 66 5b 6c 5d 2c 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6f 2c 61 29 26 26 6f 5b 61 5d 26 26 70 2e 70 75 73 68 28 6f 5b 61 5d 5b 30 5d 29 2c 6f 5b 61 5d 3d 30 3b 66 6f 72 28 6e 20 69 6e 20 75 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 75 2c 6e 29 26 26 28 65 5b 6e 5d 3d 75 5b 6e 5d 29 3b 66 6f 72 28 64 26 26 64 28 74 29 3b 70 2e 6c 65 6e 67 74 68 3b 29 70 2e 73 68 Data Ascii: !function(e){function t(t){for(var n,a,f=t[0],u=t[1],i=t[2],l=0,p=[];l<f.length;l++)a=f[l],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in u)Object.prototype.hasOwnProperty.call(u,n)&&(e[n]=u[n]);for(d&&d(t);p.length;)p.sh

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/529e391.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:16 UTC	766	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 236190 Connection: close Accept-Ranges: bytes Age: 1576238 Etag: "e0f840338b04b45604e59f8c3ec53426" Last-Modified: Wed, 18 Sep 2024 08:10:21 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: AjwnxVOO-0cq8_XnGGB58QjCUFTIPlFP8a1YMkY46QOu1Me0OeoAZg== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: 4f3e337546608805b26e547fb13f6c93 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache08.oversea-GM-FRA6
2024-11-07 14:49:16 UTC	15618	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 37 5d 2c 5b 2c 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 72 65 74 75 72 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[7],[,,function(t,e,n){"use strict";(function(t,n){var r=Object.freeze({});function o(t){return null==t}function i(t){return null!=t}function a(t){retur
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6f 7c 7c 28 6f 5b 75 5d 3d 78 65 28 65 2c 75 29 29 3b 72 65 74 75 72 6e 20 74 26 26 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 74 29 26 26 28 74 2e 5f 6e 6f 72 6d 61 6c 69 7a 65 64 3d 6f 29 2c 71 28 6f 2c 22 24 73 74 61 62 6c 65 22 2c 61 29 2c 71 28 6f 2c 22 24 6b 65 79 22 2c 73 29 2c 71 28 6f 2c 22 24 68 61 73 4e 6f 72 6d 61 6c 22 2c 69 29 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 5f 65 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 6e 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 3a 6e 28 7b 7d 29 2c 65 3d 28 74 3d 74 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 Data Ascii: o\|\|(o[u]=xe(e,u));return t&&Object.isExtensible(t)&&(t._normalized=o),q(o,"$stable",a),q(o,"$key",s),q(o,"$hasNormal",i),o}function _e(t,e,n){var r=function(){var t=arguments.length?n.apply(null,arguments):n({}),e=(t=t&&"object"==typeof t&&!Array.isArray(
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6f 70 74 69 6f 6e 73 3d 44 74 28 24 6e 28 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 2c 74 7c 7c 7b 7d 2c 65 29 2c 65 2e 5f 72 65 6e 64 65 72 50 72 6f 78 79 3d 65 2c 65 2e 5f 73 65 6c 66 3d 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2e 24 6f 70 74 69 6f 6e 73 2c 6e 3d 65 2e 70 61 72 65 6e 74 3b 69 66 28 6e 26 26 21 65 2e 61 62 73 74 72 61 63 74 29 7b 66 6f 72 28 3b 6e 2e 24 6f 70 74 69 6f 6e 73 2e 61 62 73 74 72 61 63 74 26 26 6e 2e 24 70 61 72 65 6e 74 3b 29 6e 3d 6e 2e 24 70 61 72 65 6e 74 3b 6e 2e 24 63 68 69 6c 64 72 65 6e 2e 70 75 73 68 28 74 29 7d 74 2e 24 70 61 72 65 6e 74 3d 6e 2c 74 2e 24 72 6f 6f 74 3d 6e 3f 6e 2e 24 72 6f 6f 74 3a 74 2c 74 2e 24 63 68 69 6c 64 72 65 6e 3d 5b 5d 2c 74 2e 24 72 65 66 73 3d 7b 7d 2c 74 2e 5f 77 Data Ascii: options=Dt($n(e.constructor),t\|\|{},e),e._renderProxy=e,e._self=e,function(t){var e=t.$options,n=e.parent;if(n&&!e.abstract){for(;n.$options.abstract&&n.$parent;)n=n.$parent;n.$children.push(t)}t.$parent=n,t.$root=n?n.$root:t,t.$children=[],t.$refs={},t._w
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6c 61 73 73 22 29 3b 65 6c 73 65 7b 66 6f 72 28 76 61 72 20 6e 3d 22 20 22 2b 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 7c 7c 22 22 29 2b 22 20 22 2c 72 3d 22 20 22 2b 65 2b 22 20 22 3b 6e 2e 69 6e 64 65 78 4f 66 28 72 29 3e 3d 30 3b 29 6e 3d 6e 2e 72 65 70 6c 61 63 65 28 72 2c 22 20 22 29 3b 28 6e 3d 6e 2e 74 72 69 6d 28 29 29 3f 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 6e 29 3a 74 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 28 74 29 7b 69 66 28 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 21 31 21 3d 3d 74 2e 63 73 73 26 26 6a 28 65 2c 65 6f 28 74 2e Data Ascii: lass");else{for(var n=" "+(t.getAttribute("class")\|\|"")+" ",r=" "+e+" ";n.indexOf(r)>=0;)n=n.replace(r," ");(n=n.trim())?t.setAttribute("class",n):t.removeAttribute("class")}}function to(t){if(t){if("object"==typeof t){var e={};return!1!==t.css&&j(e,eo(t.
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 5f 5f 3d 4b 3f 53 6f 3a 24 2c 49 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 24 6d 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3b 72 65 74 75 72 6e 20 74 2e 24 65 6c 3d 65 2c 74 2e 24 6f 70 74 69 6f 6e 73 2e 72 65 6e 64 65 72 7c 7c 28 74 2e 24 6f 70 74 69 6f 6e 73 2e 72 65 6e 64 65 72 3d 67 74 29 2c 75 6e 28 74 2c 22 62 65 66 6f 72 65 4d 6f 75 6e 74 22 29 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 75 70 64 61 74 65 28 74 2e 5f 72 65 6e 64 65 72 28 29 2c 6e 29 7d 2c 6e 65 77 20 5f 6e 28 74 2c 72 2c 24 2c 7b 62 65 66 6f 72 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 69 73 4d 6f 75 6e 74 65 64 26 26 21 74 2e 5f 69 73 44 65 73 74 72 6f 79 65 64 26 26 75 6e 28 Data Ascii: __=K?So:$,In.prototype.$mount=function(t,e){return function(t,e,n){var r;return t.$el=e,t.$options.render\|\|(t.$options.render=gt),un(t,"beforeMount"),r=function(){t._update(t._render(),n)},new _n(t,r,$,{before:function(){t._isMounted&&!t._isDestroyed&&un(
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 72 6e 20 4f 62 6a 65 63 74 28 72 28 74 29 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 31 33 29 2c 6f 3d 6e 28 31 37 35 29 3b 74 2e 65 78 70 6f 72 74 73 3d 72 3f 6f 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4d 61 70 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 2e 63 61 6c 6c 28 74 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2c 72 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 6f 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 74 5b 65 Data Ascii: rn Object(r(t))}},function(t,e,n){var r=n(13),o=n(175);t.exports=r?o:function(t){return Map.prototype.entries.call(t)}},function(t,e,n){var r=function(t){"use strict";var e,n=Object.prototype,r=n.hasOwnProperty,o=Object.defineProperty\|\|function(t,e,n){t[e
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 22 3a 66 2c 70 3d 75 5b 31 5d 2c 68 3d 75 74 28 76 6f 69 64 20 30 3d 3d 3d 70 3f 22 22 3a 70 29 2c 64 3d 68 2e 70 61 74 68 6e 61 6d 65 2c 76 3d 68 2e 73 65 61 72 63 68 2c 79 3d 68 2e 68 61 73 68 3b 72 65 74 75 72 6e 7b 70 72 6f 74 6f 63 6f 6c 3a 61 2c 61 75 74 68 3a 73 3f 73 2e 73 75 62 73 74 72 28 30 2c 73 2e 6c 65 6e 67 74 68 2d 31 29 3a 22 22 2c 68 6f 73 74 3a 6c 2c 70 61 74 68 6e 61 6d 65 3a 64 2c 73 65 61 72 63 68 3a 76 2c 68 61 73 68 3a 79 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 74 28 29 7b 76 61 72 20 74 3d 28 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 30 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 22 22 29 2e 6d 61 74 63 68 28 2f 28 5b 5e 23 3f 5d 2a 29 28 5c 3f 5b 5e 23 5d Data Ascii: ":f,p=u[1],h=ut(void 0===p?"":p),d=h.pathname,v=h.search,y=h.hash;return{protocol:a,auth:s?s.substr(0,s.length-1):"",host:l,pathname:d,search:v,hash:y}}function ut(){var t=((arguments.length>0&&void 0!==arguments[0]?arguments[0]:"").match(/([^#?]*)(\?[^#]
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 63 29 74 68 72 6f 77 20 69 7d 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 63 28 74 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 3d 69 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 74 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 3d 69 28 74 29 26 26 6e 75 6c 6c 21 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 70 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 7d 76 61 72 20 68 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 21 75 28 77 69 6e 64 6f 77 29 7d 63 61 74 63 68 28 74 29 7b 72 Data Ascii: c)throw i}}}}function c(t){return Array.isArray(t)}function u(t){return void 0===t}function f(t){return"object"===i(t)}function l(t){return"object"===i(t)&&null!==t}function p(t){return"function"==typeof t}var h=(function(){try{return!u(window)}catch(t){r
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 70 6c 75 67 69 6e 73 3b 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 5b 5d 29 3b 76 61 72 20 6f 3d 74 2e 73 74 72 69 63 74 3b 76 6f 69 64 20 30 3d 3d 3d 6f 26 26 28 6f 3d 21 31 29 2c 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 74 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 61 63 74 69 6f 6e 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 61 63 74 69 6f 6e 53 75 62 73 63 72 69 62 65 72 73 3d 5b 5d 2c 74 68 69 73 2e 5f 6d 75 74 61 74 69 6f 6e 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 77 72 61 70 70 65 64 47 65 74 74 65 72 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 6d 6f 64 75 6c 65 73 3d 6e 65 77 20 63 28 74 29 2c 74 68 69 73 2e 5f 6d 6f 64 75 6c 65 73 Data Ascii: plugins;void 0===r&&(r=[]);var o=t.strict;void 0===o&&(o=!1),this._committing=!1,this._actions=Object.create(null),this._actionSubscribers=[],this._mutations=Object.create(null),this._wrappedGetters=Object.create(null),this._modules=new c(t),this._modules
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 22 7d 7d 7d 3b 72 2e 66 6f 72 45 61 63 68 28 5b 22 64 65 6c 65 74 65 22 2c 22 67 65 74 22 2c 22 68 65 61 64 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 75 2e 68 65 61 64 65 72 73 5b 74 5d 3d 7b 7d 7d 29 29 2c 72 2e 66 6f 72 45 61 63 68 28 5b 22 70 6f 73 74 22 2c 22 70 75 74 22 2c 22 70 61 74 63 68 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 75 2e 68 65 61 64 65 72 73 5b 74 5d 3d 72 2e 6d 65 72 67 65 28 61 29 7d 29 29 2c 74 2e 65 78 70 6f 72 74 73 3d 75 7d 29 2e 63 61 6c 6c 28 74 68 69 73 2c 6e 28 31 31 30 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 29 7b 74 68 69 73 2e 6d 65 73 73 61 67 65 3d 74 7d 72 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 Data Ascii: "}}};r.forEach(["delete","get","head"],(function(t){u.headers[t]={}})),r.forEach(["post","put","patch"],(function(t){u.headers[t]=r.merge(a)})),t.exports=u}).call(this,n(110))},function(t,e,n){"use strict";function r(t){this.message=t}r.prototype.toString

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/965d4c7.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:16 UTC	766	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 175027 Connection: close Accept-Ranges: bytes Age: 1879342 Etag: "f9f2a0893ccf6cd2da044dc109fd5635" Last-Modified: Wed, 18 Sep 2024 08:10:21 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: vyozZpx2_t7nM35opTcfeQVwL-d7cktFyTxRJVX5t0Kcxm93icicEQ== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: afdc16c2c52c2b282b7f987d7153ec21 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache11.oversea-GM-FRA6
2024-11-07 14:49:16 UTC	15618	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 34 32 5d 2c 7b 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22 63 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 29 29 2c 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 2c 6e 2e 64 28 74 2c 22 62 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 64 22 2c 28 66 75 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[42],{0:function(e,t,n){"use strict";n.d(t,"c",(function(){return i})),n.d(t,"a",(function(){return o})),n.d(t,"b",(function(){return a})),n.d(t,"d",(fu
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 43 72 65 61 74 65 64 4c 69 73 74 65 6e 65 72 7c 7c 6e 75 6c 6c 2c 74 68 69 73 2e 5f 70 72 65 73 65 72 76 65 44 69 72 65 63 74 69 76 65 43 6f 6e 74 65 6e 74 3d 76 6f 69 64 20 30 21 3d 3d 65 2e 70 72 65 73 65 72 76 65 44 69 72 65 63 74 69 76 65 43 6f 6e 74 65 6e 74 26 26 21 21 65 2e 70 72 65 73 65 72 76 65 44 69 72 65 63 74 69 76 65 43 6f 6e 74 65 6e 74 2c 74 68 69 73 2e 70 6c 75 72 61 6c 69 7a 61 74 69 6f 6e 52 75 6c 65 73 3d 65 2e 70 6c 75 72 61 6c 69 7a 61 74 69 6f 6e 52 75 6c 65 73 7c 7c 7b 7d 2c 74 68 69 73 2e 5f 77 61 72 6e 48 74 6d 6c 49 6e 4d 65 73 73 61 67 65 3d 65 2e 77 61 72 6e 48 74 6d 6c 49 6e 4d 65 73 73 61 67 65 7c 7c 22 6f 66 66 22 2c 74 68 69 73 2e 5f 70 6f 73 74 54 72 61 6e 73 6c 61 74 69 6f 6e 3d 65 2e 70 6f 73 74 54 72 61 6e 73 6c 61 74 Data Ascii: CreatedListener\|\|null,this._preserveDirectiveContent=void 0!==e.preserveDirectiveContent&&!!e.preserveDirectiveContent,this.pluralizationRules=e.pluralizationRules\|\|{},this._warnHtmlInMessage=e.warnHtmlInMessage\|\|"off",this._postTranslation=e.postTranslat
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 65 63 74 20 52 65 67 45 78 70 5d 22 3d 3d 3d 74 7c 7c 22 5b 6f 62 6a 65 63 74 20 44 61 74 65 5d 22 3d 3d 3d 74 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 24 24 74 79 70 65 6f 66 3d 3d 3d 69 7d 28 65 29 7d 28 65 29 7d 3b 76 61 72 20 69 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 66 6f 72 3f 53 79 6d 62 6f 6c 2e 66 6f 72 28 22 72 65 61 63 74 2e 65 6c 65 6d 65 6e 74 22 29 3a 36 30 31 30 33 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 74 29 7b 72 65 74 75 72 6e 21 31 21 3d 3d 74 2e 63 6c 6f 6e 65 26 26 74 2e 69 73 4d 65 72 67 65 61 62 6c 65 4f 62 6a 65 63 74 28 65 29 3f 6c 28 28 6e 3d 65 2c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f 5b 5d 3a 7b 7d 29 2c 65 2c 74 29 3a Data Ascii: ect RegExp]"===t\|\|"[object Date]"===t\|\|function(e){return e.$$typeof===i}(e)}(e)};var i="function"==typeof Symbol&&Symbol.for?Symbol.for("react.element"):60103;function o(e,t){return!1!==t.clone&&t.isMergeableObject(e)?l((n=e,Array.isArray(n)?[]:{}),e,t):
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6e 65 50 72 6f 70 65 72 74 79 28 65 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6e 61 6d 65 22 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 63 68 65 63 6b 44 65 73 74 72 6f 79 65 64 5f 28 29 2c 74 68 69 73 2e 6e 61 6d 65 5f 7d 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6f 70 74 69 6f 6e 73 22 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 63 68 65 63 6b 44 65 73 74 72 6f 79 65 64 5f 28 29 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 5f 7d 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d Data Ascii: neProperty(e.prototype,"name",{get:function(){return this.checkDestroyed_(),this.name_},enumerable:!1,configurable:!0}),Object.defineProperty(e.prototype,"options",{get:function(){return this.checkDestroyed_(),this.options_},enumerable:!1,configurable:!0}
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 7d 28 6e 2c 74 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 73 65 28 65 29 2c 72 3d 63 65 2e 67 65 74 28 6e 29 3b 72 26 26 28 72 2e 64 65 6c 65 74 65 28 74 29 2c 30 3d 3d 3d 72 2e 73 69 7a 65 26 26 63 65 2e 64 65 6c 65 74 65 28 6e 29 2c 70 65 28 29 29 7d 28 6e 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4c 65 28 65 29 7b 72 65 74 75 72 6e 20 47 2e 63 72 65 61 74 65 28 22 6d 69 73 73 69 6e 67 2d 61 70 70 2d 63 6f 6e 66 69 67 2d 76 61 6c 75 65 73 22 2c 7b 76 61 6c 75 65 4e 61 6d 65 3a 65 7d 29 7d 28 64 65 3d 46 29 2e 49 4e 54 45 52 4e 41 4c 2e 72 65 67 69 73 74 65 72 43 6f 6d 70 6f 6e 65 6e 74 28 6e 65 77 20 6f 28 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 73 22 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 Data Ascii: }(n,t),function(){!function(e,t){var n=se(e),r=ce.get(n);r&&(r.delete(t),0===r.size&&ce.delete(n),pe())}(n,t)}}function Le(e){return G.create("missing-app-config-values",{valueName:e})}(de=F).INTERNAL.registerComponent(new o("installations",(function(e){v
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 61 6e 63 65 43 72 65 61 74 65 64 3d 65 2c 74 68 69 73 7d 7d 63 6f 6e 73 74 20 76 74 3d 22 5b 44 45 46 41 55 4c 54 5d 22 3b 63 6c 61 73 73 20 62 74 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 2c 74 29 7b 74 68 69 73 2e 6e 61 6d 65 3d 65 2c 74 68 69 73 2e 63 6f 6e 74 61 69 6e 65 72 3d 74 2c 74 68 69 73 2e 63 6f 6d 70 6f 6e 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 3d 6e 65 77 20 4d 61 70 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 44 65 66 65 72 72 65 64 3d 6e 65 77 20 4d 61 70 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 4f 70 74 69 6f 6e 73 3d 6e 65 77 20 4d 61 70 2c 74 68 69 73 2e 6f 6e 49 6e 69 74 43 61 6c 6c 62 61 63 6b 73 3d 6e 65 77 20 4d 61 70 7d 67 65 74 28 65 29 7b 63 6f 6e 73 74 20 74 3d 74 68 69 73 2e 6e 6f 72 6d 61 6c Data Ascii: anceCreated=e,this}}const vt="[DEFAULT]";class bt{constructor(e,t){this.name=e,this.container=t,this.component=null,this.instances=new Map,this.instancesDeferred=new Map,this.instancesOptions=new Map,this.onInitCallbacks=new Map}get(e){const t=this.normal
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 74 3b 69 66 28 61 77 61 69 74 20 74 68 69 73 2e 5f 63 61 6e 55 73 65 49 6e 64 65 78 65 64 44 42 50 72 6f 6d 69 73 65 29 7b 63 6f 6e 73 74 20 6e 3d 61 77 61 69 74 20 74 68 69 73 2e 72 65 61 64 28 29 3b 72 65 74 75 72 6e 20 70 6e 28 74 68 69 73 2e 61 70 70 2c 7b 6c 61 73 74 53 65 6e 74 48 65 61 72 74 62 65 61 74 44 61 74 65 3a 6e 75 6c 6c 21 3d 3d 28 74 3d 65 2e 6c 61 73 74 53 65 6e 74 48 65 61 72 74 62 65 61 74 44 61 74 65 29 26 26 76 6f 69 64 20 30 21 3d 3d 74 3f 74 3a 6e 2e 6c 61 73 74 53 65 6e 74 48 65 61 72 74 62 65 61 74 44 61 74 65 2c 68 65 61 72 74 62 65 61 74 73 3a 65 2e 68 65 61 72 74 62 65 61 74 73 7d 29 7d 7d 61 73 79 6e 63 20 61 64 64 28 65 29 7b 76 61 72 20 74 3b 69 66 28 61 77 61 69 74 20 74 68 69 73 2e 5f 63 61 6e 55 73 65 49 6e 64 65 78 65 Data Ascii: t;if(await this._canUseIndexedDBPromise){const n=await this.read();return pn(this.app,{lastSentHeartbeatDate:null!==(t=e.lastSentHeartbeatDate)&&void 0!==t?t:n.lastSentHeartbeatDate,heartbeats:e.heartbeats})}}async add(e){var t;if(await this._canUseIndexe
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 21 3d 3d 61 2e 73 74 61 74 75 73 26 26 33 30 34 21 3d 3d 61 2e 73 74 61 74 75 73 29 7b 6c 65 74 20 65 3d 22 22 3b 74 72 79 7b 63 6f 6e 73 74 20 6e 3d 61 77 61 69 74 20 61 2e 6a 73 6f 6e 28 29 3b 28 6e 75 6c 6c 3d 3d 3d 28 74 3d 6e 2e 65 72 72 6f 72 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 6d 65 73 73 61 67 65 29 26 26 28 65 3d 6e 2e 65 72 72 6f 72 2e 6d 65 73 73 61 67 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 74 68 72 6f 77 20 42 72 2e 63 72 65 61 74 65 28 22 63 6f 6e 66 69 67 2d 66 65 74 63 68 2d 66 61 69 6c 65 64 22 2c 7b 68 74 74 70 53 74 61 74 75 73 3a 61 2e 73 74 61 74 75 73 2c 72 65 73 70 6f 6e 73 65 4d 65 73 73 61 67 65 3a 65 7d 29 7d 72 65 74 75 72 6e 20 61 2e 6a 73 6f 6e 28 29 7d 28 65 29 3b 72 65 74 75 72 6e 20 69 2e 64 Data Ascii: !==a.status&&304!==a.status){let e="";try{const n=await a.json();(null===(t=n.error)\|\|void 0===t?void 0:t.message)&&(e=n.error.message)}catch(e){}throw Br.create("config-fetch-failed",{httpStatus:a.status,responseMessage:e})}return a.json()}(e);return i.d
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 75 6d 62 65 72 28 74 68 69 73 2e 5f 76 65 72 73 69 6f 6e 29 3f 74 68 69 73 2e 5f 73 65 74 55 73 65 72 49 64 28 74 68 69 73 2e 5f 61 6e 61 6c 79 74 69 63 73 49 6e 73 74 61 6e 63 65 2c 65 29 3a 74 68 69 73 2e 5f 73 65 74 55 73 65 72 49 64 28 65 29 29 29 7d 2c 74 68 69 73 2e 73 65 74 55 73 65 72 50 72 6f 70 65 72 74 69 65 73 3d 66 75 6e 63 74 69 6f 6e 28 65 3d 7b 7d 29 7b 74 68 69 73 2e 5f 61 6e 61 6c 79 74 69 63 73 49 6e 73 74 61 6e 63 65 26 26 22 7b 7d 22 21 3d 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 26 26 22 7b 7d 22 21 3d 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 68 69 73 2e 5f 63 6f 6e 66 69 67 29 26 26 28 74 68 69 73 2e 5f 64 65 62 75 67 2c 74 68 69 73 2e 5f 73 65 74 55 73 65 72 50 72 6f 70 65 72 74 69 65 73 20 69 6e 73 74 61 6e Data Ascii: umber(this._version)?this._setUserId(this._analyticsInstance,e):this._setUserId(e)))},this.setUserProperties=function(e={}){this._analyticsInstance&&"{}"!==JSON.stringify(e)&&"{}"!==JSON.stringify(this._config)&&(this._debug,this._setUserProperties instan
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 30 26 26 30 3d 3d 3d 73 26 26 30 21 3d 3d 74 68 69 73 5b 74 2b 6f 2d 31 5d 26 26 28 73 3d 31 29 2c 74 68 69 73 5b 74 2b 6f 5d 3d 28 65 2f 61 3e 3e 30 29 2d 73 26 32 35 35 3b 72 65 74 75 72 6e 20 74 2b 6e 7d 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2e 77 72 69 74 65 49 6e 74 42 45 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 65 3d 2b 65 2c 74 7c 3d 30 2c 21 72 29 7b 76 61 72 20 69 3d 4d 61 74 68 2e 70 6f 77 28 32 2c 38 2a 6e 2d 31 29 3b 78 28 74 68 69 73 2c 65 2c 74 2c 6e 2c 69 2d 31 2c 2d 69 29 7d 76 61 72 20 6f 3d 6e 2d 31 2c 61 3d 31 2c 73 3d 30 3b 66 6f 72 28 74 68 69 73 5b 74 2b 6f 5d 3d 32 35 35 26 65 3b 2d 2d 6f 3e 3d 30 26 26 28 61 2a 3d 32 35 36 29 3b 29 65 3c 30 26 26 30 3d 3d 3d 73 26 26 30 21 3d 3d 74 68 69 73 5b 74 2b 6f 2b 31 Data Ascii: 0&&0===s&&0!==this[t+o-1]&&(s=1),this[t+o]=(e/a>>0)-s&255;return t+n},c.prototype.writeIntBE=function(e,t,n,r){if(e=+e,t\|=0,!r){var i=Math.pow(2,8n-1);x(this,e,t,n,i-1,-i)}var o=n-1,a=1,s=0;for(this[t+o]=255&e;--o>=0&&(a=256);)e<0&&0===s&&0!==this[t+o+1

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/6383b01.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:16 UTC	742	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 92275 Connection: close Accept-Ranges: bytes Age: 251892 Etag: "f0d9f4afe4b499a89ca81fddba8a2d4d" Last-Modified: Wed, 18 Sep 2024 08:10:20 GMT Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: a-3fyuTXljtg1dOwHJe8WfBErADMcm5SqGBG9m4aVZnBzHhH3zFSuw== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: Miss from cloudfront X-Request-Id: 9f88273db5379168badba87c28cc8365 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache14.oversea-GM-FRA6
2024-11-07 14:49:16 UTC	15642	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 36 5d 2c 7b 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22 6b 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6d 7d 29 29 2c 6e 2e 64 28 74 2c 22 6d 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 7d 29 29 2c 6e 2e 64 28 74 2c 22 6c 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 7d 29 29 2c 6e 2e 64 28 74 2c 22 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 7d 29 29 2c 6e 2e 64 28 74 2c 22 62 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 79 7d Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[6],{1:function(e,t,n){"use strict";n.d(t,"k",(function(){return m})),n.d(t,"m",(function(){return g})),n.d(t,"l",(function(){return b})),n.d(t,"e",(function(){return v})),n.d(t,"b",(function(){return y}
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 29 28 65 29 3b 72 65 74 75 72 6e 20 74 2e 5f 5f 6c 61 6e 67 34 64 6f 63 73 7c 7c 74 2e 69 31 38 6e 5f 72 65 64 69 72 65 63 74 65 64 7c 7c 74 2e 6c 61 6e 67 7d 7d 2c 31 38 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22 63 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 29 29 2c 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 2c 6e 2e 64 28 74 2c 22 62 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 29 29 3b 6e 28 31 31 32 29 2c 6e 28 31 36 29 2c 6e 28 32 36 29 2c 6e 28 31 31 29 2c 6e 28 32 30 29 2c 6e 28 32 30 32 29 2c 6e 28 31 30 37 29 3b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e Data Ascii: )(e);return t.__lang4docs\|\|t.i18n_redirected\|\|t.lang}},180:function(e,t,n){"use strict";n.d(t,"c",(function(){return r})),n.d(t,"a",(function(){return o})),n.d(t,"b",(function(){return a}));n(112),n(16),n(26),n(11),n(20),n(202),n(107);var r=function(e,t,n
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 30 7d 2e 62 75 74 74 6f 6e 2d 2d 67 72 65 65 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 62 38 30 37 30 3b 63 6f 6c 6f 72 3a 23 33 62 38 30 37 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 33 30 70 78 7d 2e 62 75 74 74 6f 6e 2d 2d 67 72 65 65 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 62 38 30 37 30 7d 2e 62 75 74 74 6f 6e 2d 2d 67 72 65 79 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 Data Ascii: ;margin:0}.button--green{display:inline-block;border-radius:4px;border:1px solid #3b8070;color:#3b8070;text-decoration:none;padding:10px 30px}.button--green:hover{color:#fff;background-color:#3b8070}.button--grey{display:inline-block;border-radius:4px;bor
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6c 6f 61 64 69 6e 67 22 7d 29 2c 72 3d 65 28 74 68 69 73 2e 6c 61 79 6f 75 74 7c 7c 22 6e 75 78 74 22 29 2c 6f 3d 65 28 22 64 69 76 22 2c 7b 64 6f 6d 50 72 6f 70 73 3a 7b 69 64 3a 22 5f 5f 6c 61 79 6f 75 74 22 7d 2c 6b 65 79 3a 74 68 69 73 2e 6c 61 79 6f 75 74 4e 61 6d 65 7d 2c 5b 72 5d 29 2c 61 3d 65 28 22 74 72 61 6e 73 69 74 69 6f 6e 22 2c 7b 70 72 6f 70 73 3a 7b 6e 61 6d 65 3a 22 6c 61 79 6f 75 74 22 2c 6d 6f 64 65 3a 22 6f 75 74 2d 69 6e 22 7d 2c 6f 6e 3a 7b 62 65 66 6f 72 65 45 6e 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2e 24 6e 75 78 74 2e 24 6e 65 78 74 54 69 63 6b 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 24 6e 75 78 74 2e 24 65 6d 69 74 28 22 74 72 69 67 67 65 72 53 63 72 6f 6c 6c 22 29 7d 29 29 7d 7d Data Ascii: loading"}),r=e(this.layout\|\|"nuxt"),o=e("div",{domProps:{id:"__layout"},key:this.layoutName},[r]),a=e("transition",{props:{name:"layout",mode:"out-in"},on:{beforeEnter:function(e){window.$nuxt.$nextTick((function(){window.$nuxt.$emit("triggerScroll")}))}}
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 72 65 74 75 72 6e 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 29 72 65 74 75 72 6e 20 4e 65 28 65 2c 74 29 3b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 2e 73 6c 69 63 65 28 38 2c 2d 31 29 3b 22 4f 62 6a 65 63 74 22 3d 3d 3d 6e 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 28 6e 3d 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 29 3b 69 66 28 22 4d 61 70 22 3d 3d 3d 6e 7c 7c 22 53 65 74 22 3d 3d 3d 6e 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 66 72 6f 6d 28 65 29 3b 69 66 28 22 41 72 67 75 6d 65 6e 74 73 22 3d 3d 3d 6e 7c 7c 2f 5e 28 3f 3a 55 69 7c 49 29 6e 74 28 3f 3a 38 7c 31 36 7c 33 32 29 28 3f 3a 43 6c 61 6d 70 65 64 29 3f 41 72 72 61 79 24 2f Data Ascii: return;if("string"==typeof e)return Ne(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);"Object"===n&&e.constructor&&(n=e.constructor.name);if("Map"===n\|\|"Set"===n)return Array.from(e);if("Arguments"===n\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/
2024-11-07 14:49:16 UTC	11097	IN	Data Raw: 65 74 75 72 6e 20 65 2e 73 74 6f 70 28 29 7d 7d 29 2c 65 29 7d 29 29 29 29 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 61 3d 61 7c 7c 4f 62 6a 65 63 74 28 6f 2e 61 29 28 72 65 67 65 6e 65 72 61 74 6f 72 52 75 6e 74 69 6d 65 2e 6d 61 72 6b 28 28 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 72 65 74 75 72 6e 20 72 65 67 65 6e 65 72 61 74 6f 72 52 75 6e 74 69 6d 65 2e 77 72 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 3b 3b 29 73 77 69 74 63 68 28 65 2e 70 72 65 76 3d 65 2e 6e 65 78 74 29 7b 63 61 73 65 20 30 3a 69 66 28 75 2e 69 31 38 6e 2e 5f 5f 70 65 6e 64 69 6e 67 4c 6f 63 61 6c 65 29 7b 65 2e 6e 65 78 74 3d 32 3b 62 72 65 61 6b 7d 72 65 74 75 72 6e 20 65 2e Data Ascii: eturn e.stop()}}),e)})))).apply(this,arguments)},C=function(){return(a=a\|\|Object(o.a)(regeneratorRuntime.mark((function e(){return regeneratorRuntime.wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if(u.i18n.__pendingLocale){e.next=2;break}return e.

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/085fd6c.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:16 UTC	765	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 80211 Connection: close Accept-Ranges: bytes Age: 1646979 Etag: "c3cd6406b776e2ddd6ce313ee86d36f1" Last-Modified: Wed, 18 Sep 2024 08:10:20 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: tqDK392KoHtBetlHIeuYqrA5yIJWIy3NgN5d6-AsnnbiKljDVYlsAQ== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: 2d2faa82791cff6017ba7405986c4911 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache06.oversea-GM-FRA6
2024-11-07 14:49:16 UTC	15619	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 33 38 2c 32 31 2c 32 34 2c 33 36 2c 33 37 5d 2c 7b 32 38 36 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 76 61 72 20 6e 3d 6f 28 32 39 34 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 28 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 7c 7c 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 62 72 6f 77 73 65 72 4c 61 6e 67 75 61 67 65 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 22 65 6e 2d 75 73 22 7d 7d 65 2e 65 78 70 6f 72 74 73 3d 7b 6c 61 6e 67 5f 34 32 3a 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[38,21,24,36,37],{286:function(e,t,o){var n=o(294);function a(){try{return(window.navigator.language\|\|window.navigator.browserLanguage).toLowerCase()}catch(e){return"en-us"}}e.exports={lang_42:function()
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 29 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6c 65 66 74 3a 2d 31 36 70 78 7d 2e 61 75 74 6f 2d 64 6f 77 6e 20 61 5b 64 61 74 61 2d 76 2d 38 62 34 32 33 30 62 34 5d 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 27 2c 22 22 5d 29 2c 65 2e 65 78 70 6f 72 74 73 3d 6e 7d 2c 33 37 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6f 2e 70 2b 22 69 6d 67 2f 64 6f 77 6e 6c 6f 61 64 5f 61 72 72 6f 77 2e 38 66 32 31 65 36 35 2e 73 76 67 22 7d 2c 33 37 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6f 28 32 39 38 29 7d Data Ascii: sform:scale(.9);position:relative;left:-16px}.auto-down a[data-v-8b4230b4]{color:#fff;text-decoration:underline;cursor:pointer}',""]),e.exports=n},370:function(e,t,o){e.exports=o.p+"img/download_arrow.8f21e65.svg"},371:function(e,t,o){"use strict";o(298)}
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 45 64 67 65 42 72 6f 77 73 65 72 7d 2c 6f 6e 3a 7b 6f 6e 43 6c 6f 73 65 3a 65 2e 63 6c 6f 73 65 4e 65 78 74 53 74 65 70 7d 7d 29 5d 2c 31 29 5d 5d 2c 32 29 7d 29 2c 5b 5d 2c 21 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 29 3b 74 2e 64 65 66 61 75 6c 74 3d 64 2e 65 78 70 6f 72 74 73 3b 69 6e 73 74 61 6c 6c 43 6f 6d 70 6f 6e 65 6e 74 73 28 64 2c 7b 4e 6f 43 6c 69 65 6e 74 44 69 61 6c 6f 67 3a 6f 28 33 34 35 29 2e 64 65 66 61 75 6c 74 2c 4e 65 78 74 53 74 65 70 3a 6f 28 33 34 31 29 2e 64 65 66 61 75 6c 74 2c 4d 69 64 64 6c 65 54 69 70 73 56 32 3a 6f 28 33 34 37 29 2e 64 65 66 61 75 6c 74 2c 4d 69 64 64 6c 65 54 69 70 73 3a 6f 28 33 34 36 29 2e 64 65 66 61 75 6c 74 7d 29 7d 2c 35 34 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 65 2e 65 78 70 6f Data Ascii: EdgeBrowser},on:{onClose:e.closeNextStep}})],1)]],2)}),[],!1,null,null,null);t.default=d.exports;installComponents(d,{NoClientDialog:o(345).default,NextStep:o(341).default,MiddleTipsV2:o(347).default,MiddleTips:o(346).default})},541:function(e,t,o){e.expo
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 3a 7b 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 7d 2c 64 61 74 61 3a 5f 2c 74 69 6d 65 6f 75 74 3a 31 65 34 7d 29 2c 65 2e 6e 65 78 74 3d 35 2c 6e 3b 63 61 73 65 20 35 3a 72 65 74 75 72 6e 20 61 3d 65 2e 73 65 6e 74 2c 65 2e 61 62 72 75 70 74 28 22 72 65 74 75 72 6e 22 2c 61 2e 64 61 74 61 29 3b 63 61 73 65 20 38 3a 63 61 73 65 22 65 6e 64 22 3a 72 65 74 75 72 6e 20 65 2e 73 74 6f 70 28 29 7d 7d 29 2c 65 29 7d 29 29 29 29 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 41 3d 28 6f 28 32 36 29 2c 6f 28 32 38 36 29 29 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 30 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d Data Ascii: :{"Content-Type":"application/json"},data:_,timeout:1e4}),e.next=5,n;case 5:return a=e.sent,e.abrupt("return",a.data);case 8:case"end":return e.stop()}}),e)})))).apply(this,arguments)},A=(o(26),o(286)),C=function(){var e=arguments.length>0&&void 0!==argum
2024-11-07 14:49:16 UTC	15440	IN	Data Raw: 6f 75 74 65 2e 71 75 65 72 79 2e 73 69 64 2c 21 6f 2e 69 73 4d 6f 62 69 6c 65 29 7b 74 2e 6e 65 78 74 3d 36 3b 62 72 65 61 6b 7d 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 65 2e 6a 75 6d 70 55 72 6c 2c 22 5f 73 65 6c 66 22 29 2c 74 2e 6e 65 78 74 3d 31 38 3b 62 72 65 61 6b 3b 63 61 73 65 20 36 3a 72 65 74 75 72 6e 20 74 2e 70 72 65 76 3d 36 2c 74 2e 6e 65 78 74 3d 39 2c 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 5b 65 2e 67 65 74 46 69 6c 65 49 6e 66 6f 28 29 2c 65 2e 68 61 6e 64 6c 65 47 65 74 55 73 65 72 49 6e 66 6f 28 29 5d 29 3b 63 61 73 65 20 39 3a 74 2e 73 65 6e 74 2c 28 22 6f 74 68 65 72 73 22 3d 3d 3d 65 2e 66 69 6c 65 54 79 70 65 7c 7c 65 2e 69 73 43 6f 72 70 29 26 26 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 65 2e 6a 75 6d 70 55 72 6c 2c 22 5f 73 65 6c 66 22 29 2c Data Ascii: oute.query.sid,!o.isMobile){t.next=6;break}window.open(e.jumpUrl,"_self"),t.next=18;break;case 6:return t.prev=6,t.next=9,Promise.all([e.getFileInfo(),e.handleGetUserInfo()]);case 9:t.sent,("others"===e.fileType\|\|e.isCorp)&&window.open(e.jumpUrl,"_self"),

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	540	OUT	GET /intl/docs/93f6286.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:16 UTC	763	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 34084 Connection: close Accept-Ranges: bytes Age: 576374 Etag: "460a70c7c798a3ddf57304e9aeb61605" Last-Modified: Wed, 18 Sep 2024 08:10:21 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: wPqUckA36_8yE1YrjgBDf_fwbTmuutgFYLmmyPjcfBQGVbqH_4yAkQ== X-Amz-Cf-Pop: AMS58-P4 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: c17cec72dd1596956fde6dc399bfc490 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:15 GMT via: cache05.oversea-GM-FRA6
2024-11-07 14:49:16 UTC	15621	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 5d 2c 7b 32 38 34 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 29 2c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 28 6e 3d 6e 26 26 6e 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 6e 2e 64 65 66 61 75 6c 74 3a 6e 29 3f 6e 3a 28 2f 5e 5b 27 22 5d 2e 2a 5b 27 22 5d 24 2f 2e 74 65 73 74 28 6e 29 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[5],{284:function(n,t,e){"use strict";n.exports=function(n,t){return t\|\|(t={}),"string"!=typeof(n=n&&n.__esModule?n.default:n)?n:(/^['"].*['"]$/.test(n)
2024-11-07 14:49:16 UTC	16384	IN	Data Raw: 6f 69 6e 28 22 22 29 7d 2c 70 61 72 73 65 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 74 3d 6e 2e 6c 65 6e 67 74 68 2c 65 3d 5b 5d 2c 73 3d 30 3b 73 3c 74 3b 73 2b 2b 29 65 5b 73 3e 3e 3e 32 5d 7c 3d 28 32 35 35 26 6e 2e 63 68 61 72 43 6f 64 65 41 74 28 73 29 29 3c 3c 32 34 2d 73 25 34 2a 38 3b 72 65 74 75 72 6e 20 6e 65 77 20 70 2e 69 6e 69 74 28 65 2c 74 29 7d 7d 2c 66 3d 64 2e 55 74 66 38 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 68 2e 73 74 72 69 6e 67 69 66 79 28 6e 29 29 29 7d 63 61 74 63 68 28 6e 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 4d 61 6c 66 6f 72 6d 65 64 20 55 54 46 Data Ascii: oin("")},parse:function(n){for(var t=n.length,e=[],s=0;s<t;s++)e[s>>>2]\|=(255&n.charCodeAt(s))<<24-s%4*8;return new p.init(e,t)}},f=d.Utf8={stringify:function(n){try{return decodeURIComponent(escape(h.stringify(n)))}catch(n){throw new Error("Malformed UTF
2024-11-07 14:49:16 UTC	2079	IN	Data Raw: 28 50 2c 6b 2c 45 2c 43 2c 76 2c 36 2c 72 5b 35 36 5d 29 2c 43 3d 68 28 43 2c 50 2c 6b 2c 45 2c 54 2c 31 30 2c 72 5b 35 37 5d 29 2c 45 3d 68 28 45 2c 43 2c 50 2c 6b 2c 67 2c 31 35 2c 72 5b 35 38 5d 29 2c 6b 3d 68 28 6b 2c 45 2c 43 2c 50 2c 41 2c 32 31 2c 72 5b 35 39 5d 29 2c 50 3d 68 28 50 2c 6b 2c 45 2c 43 2c 77 2c 36 2c 72 5b 36 30 5d 29 2c 43 3d 68 28 43 2c 50 2c 6b 2c 45 2c 53 2c 31 30 2c 72 5b 36 31 5d 29 2c 45 3d 68 28 45 2c 43 2c 50 2c 6b 2c 66 2c 31 35 2c 72 5b 36 32 5d 29 2c 6b 3d 68 28 6b 2c 45 2c 43 2c 50 2c 5f 2c 32 31 2c 72 5b 36 33 5d 29 2c 63 5b 30 5d 3d 63 5b 30 5d 2b 50 7c 30 2c 63 5b 31 5d 3d 63 5b 31 5d 2b 6b 7c 30 2c 63 5b 32 5d 3d 63 5b 32 5d 2b 45 7c 30 2c 63 5b 33 5d 3d 63 5b 33 5d 2b 43 7c 30 7d 2c 5f 64 6f 46 69 6e 61 6c 69 7a 65 Data Ascii: (P,k,E,C,v,6,r[56]),C=h(C,P,k,E,T,10,r[57]),E=h(E,C,P,k,g,15,r[58]),k=h(k,E,C,P,A,21,r[59]),P=h(P,k,E,C,w,6,r[60]),C=h(C,P,k,E,S,10,r[61]),E=h(E,C,P,k,f,15,r[62]),k=h(k,E,C,P,_,21,r[63]),c[0]=c[0]+P\|0,c[1]=c[1]+k\|0,c[2]=c[2]+E\|0,c[3]=c[3]+C\|0},_doFinalize

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 14:49:16 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=58522 Date: Thu, 07 Nov 2024 14:49:15 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:16 UTC	365	OUT	GET /intl/docs/93f6286.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:17 UTC	747	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 34084 Connection: close Accept-Ranges: bytes Age: 175554 Etag: "460a70c7c798a3ddf57304e9aeb61605" Last-Modified: Wed, 18 Sep 2024 08:10:21 GMT Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: Oj2ZKuF7aAfMCNYEAt9OCFdWulYdKLY3Go5lEVmxFthC5EHTk_SXsw== X-Amz-Cf-Pop: JFK52-P5 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: e994c2fa412cfb04c736aefbbf6a3ec1 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:16 GMT via: cache05.oversea-US-MIA1
2024-11-07 14:49:17 UTC	15637	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 5d 2c 7b 32 38 34 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 29 2c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 28 6e 3d 6e 26 26 6e 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 6e 2e 64 65 66 61 75 6c 74 3a 6e 29 3f 6e 3a 28 2f 5e 5b 27 22 5d 2e 2a 5b 27 22 5d 24 2f 2e 74 65 73 74 28 6e 29 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[5],{284:function(n,t,e){"use strict";n.exports=function(n,t){return t\|\|(t={}),"string"!=typeof(n=n&&n.__esModule?n.default:n)?n:(/^['"].*['"]$/.test(n)
2024-11-07 14:49:17 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 74 3d 6e 2e 6c 65 6e 67 74 68 2c 65 3d 5b 5d 2c 73 3d 30 3b 73 3c 74 3b 73 2b 2b 29 65 5b 73 3e 3e 3e 32 5d 7c 3d 28 32 35 35 26 6e 2e 63 68 61 72 43 6f 64 65 41 74 28 73 29 29 3c 3c 32 34 2d 73 25 34 2a 38 3b 72 65 74 75 72 6e 20 6e 65 77 20 70 2e 69 6e 69 74 28 65 2c 74 29 7d 7d 2c 66 3d 64 2e 55 74 66 38 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 68 2e 73 74 72 69 6e 67 69 66 79 28 6e 29 29 29 7d 63 61 74 63 68 28 6e 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 4d 61 6c 66 6f 72 6d 65 64 20 55 54 46 2d 38 20 64 61 74 61 22 29 7d 7d 2c 70 61 72 73 Data Ascii: unction(n){for(var t=n.length,e=[],s=0;s<t;s++)e[s>>>2]\|=(255&n.charCodeAt(s))<<24-s%4*8;return new p.init(e,t)}},f=d.Utf8={stringify:function(n){try{return decodeURIComponent(escape(h.stringify(n)))}catch(n){throw new Error("Malformed UTF-8 data")}},pars
2024-11-07 14:49:17 UTC	2063	IN	Data Raw: 36 5d 29 2c 43 3d 68 28 43 2c 50 2c 6b 2c 45 2c 54 2c 31 30 2c 72 5b 35 37 5d 29 2c 45 3d 68 28 45 2c 43 2c 50 2c 6b 2c 67 2c 31 35 2c 72 5b 35 38 5d 29 2c 6b 3d 68 28 6b 2c 45 2c 43 2c 50 2c 41 2c 32 31 2c 72 5b 35 39 5d 29 2c 50 3d 68 28 50 2c 6b 2c 45 2c 43 2c 77 2c 36 2c 72 5b 36 30 5d 29 2c 43 3d 68 28 43 2c 50 2c 6b 2c 45 2c 53 2c 31 30 2c 72 5b 36 31 5d 29 2c 45 3d 68 28 45 2c 43 2c 50 2c 6b 2c 66 2c 31 35 2c 72 5b 36 32 5d 29 2c 6b 3d 68 28 6b 2c 45 2c 43 2c 50 2c 5f 2c 32 31 2c 72 5b 36 33 5d 29 2c 63 5b 30 5d 3d 63 5b 30 5d 2b 50 7c 30 2c 63 5b 31 5d 3d 63 5b 31 5d 2b 6b 7c 30 2c 63 5b 32 5d 3d 63 5b 32 5d 2b 45 7c 30 2c 63 5b 33 5d 3d 63 5b 33 5d 2b 43 7c 30 7d 2c 5f 64 6f 46 69 6e 61 6c 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 Data Ascii: 6]),C=h(C,P,k,E,T,10,r[57]),E=h(E,C,P,k,g,15,r[58]),k=h(k,E,C,P,A,21,r[59]),P=h(P,k,E,C,w,6,r[60]),C=h(C,P,k,E,S,10,r[61]),E=h(E,C,P,k,f,15,r[62]),k=h(k,E,C,P,_,21,r[63]),c[0]=c[0]+P\|0,c[1]=c[1]+k\|0,c[2]=c[2]+E\|0,c[3]=c[3]+C\|0},_doFinalize:function(){var

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:16 UTC	540	OUT	GET /intl/docs/167e453.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:17 UTC	758	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 26708 Connection: close Accept-Ranges: bytes Age: 1690784 Etag: "275d032027d95b84f549343f2fb57df7" Last-Modified: Wed, 18 Sep 2024 08:10:20 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: 1n1LkuP4Qmqlu1WFiGsbFEuYmsgXvwUs7KJbYnN31L61Vo7r3F649A== X-Amz-Cf-Pop: FRA60-P6 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: Miss from cloudfront X-Request-Id: 1433cf542f2caae143f7598874ada82c X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:16 GMT via: cache10.oversea-GM-FRA6
2024-11-07 14:49:17 UTC	15626	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 34 33 5d 2c 7b 33 34 32 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 76 61 72 20 73 3d 69 28 33 34 33 29 2e 53 79 6d 62 6f 6c 3b 65 2e 65 78 70 6f 72 74 73 3d 73 7d 2c 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 76 61 72 20 73 3d 69 28 33 39 37 29 2c 6e 3d 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 26 26 73 65 6c 66 2e 4f 62 6a 65 63 74 3d 3d 3d 4f 62 6a 65 63 74 26 26 73 65 6c 66 2c 72 3d 73 7c 7c 6e 7c 7c 46 75 6e 63 74 69 6f 6e 28 22 72 65 74 75 72 6e 20 74 68 69 73 22 29 28 29 3b 65 2e 65 78 70 6f 72 74 73 3d 72 7d 2c 33 35 32 3a 66 75 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[43],{342:function(e,t,i){var s=i(343).Symbol;e.exports=s},343:function(e,t,i){var s=i(397),n="object"==typeof self&&self&&self.Object===Object&&self,r=s\|\|n\|\|Function("return this")();e.exports=r},352:fu
2024-11-07 14:49:17 UTC	11082	IN	Data Raw: 6b 65 64 69 6e 62 6f 74 22 2c 22 6d 73 6e 62 6f 74 22 2c 22 70 68 61 6e 74 6f 6d 6a 73 22 2c 22 70 68 61 6e 74 6f 6d 5c 5c 2e 6a 73 22 2c 22 70 69 6e 67 64 6f 6d 22 2c 22 70 79 74 68 6f 6e 22 2c 22 72 74 6c 6e 69 65 75 77 73 22 2c 22 73 6c 61 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 73 70 62 6f 74 22 2c 22 74 65 6c 65 67 72 61 6d 62 6f 74 22 2c 22 74 65 73 74 5c 5c 73 63 65 72 74 69 66 69 63 61 74 65 22 2c 22 74 65 73 74 69 6e 67 22 2c 22 74 69 61 62 6f 74 22 2c 22 74 75 6d 62 6c 72 20 22 2c 22 74 77 69 74 74 65 72 62 6f 74 22 2c 22 77 65 62 5c 5c 73 73 63 72 61 70 65 72 22 2c 22 77 67 65 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 61 70 65 78 22 2c 22 61 70 70 6c 65 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 66 61 63 65 62 6f Data Ascii: kedinbot","msnbot","phantomjs","phantom\\.js","pingdom","python","rtlnieuws","slackbot","slurp","spbot","telegrambot","test\\scertificate","testing","tiabot","tumblr ","twitterbot","web\\sscraper","wget","yandexbot","apex","applebot","duckduckbot","facebo

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:16 UTC	540	OUT	GET /intl/docs/f0976f1.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:17 UTC	765	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 51084 Connection: close Accept-Ranges: bytes Age: 1869839 Etag: "47400e0806af18d6b64e576280a1818b" Last-Modified: Wed, 18 Sep 2024 08:10:22 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: AT4Zvp9k6GqTQmw6UFPZbfipNnJBjZY0U1R6SLDooFWNTb7ZRo2Kug== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: f0bf183d3591a25171d61f0d8a22f0aa X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:17 GMT via: cache11.oversea-GM-FRA6
2024-11-07 14:49:17 UTC	15619	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 30 5d 2c 7b 32 39 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 22 7a 68 2d 63 6e 22 3a 7b 6c 6f 67 6f 5f 64 65 73 63 3a 22 57 50 53 20 44 6f 63 73 22 2c 70 6c 61 74 5f 74 69 74 6c 65 3a 22 55 73 65 20 57 50 53 20 4f 66 66 69 63 65 20 66 6f 72 20 74 68 65 20 42 65 73 74 20 45 78 70 65 72 69 65 6e 63 65 22 2c 6f 75 74 65 72 5f 70 6c 61 74 5f 74 69 74 6c 65 3a 22 55 73 65 20 57 50 53 20 4f 66 66 69 63 65 20 66 6f 72 20 22 2c 6f 70 65 6e 5f 77 69 74 68 5f 77 70 73 3a 22 4f 70 65 6e 20 77 69 74 68 20 57 50 53 20 4f 66 66 69 63 65 22 2c 6f 70 65 6e 5f 77 69 64 74 68 5f Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{294:function(e,i){e.exports={"zh-cn":{logo_desc:"WPS Docs",plat_title:"Use WPS Office for the Best Experience",outer_plat_title:"Use WPS Office for ",open_with_wps:"Open with WPS Office",open_width_
2024-11-07 14:49:17 UTC	16384	IN	Data Raw: 61 74 65 75 72 22 2c 6e 6f 5f 63 6c 69 65 6e 74 5f 64 69 61 6c 6f 67 5f 74 69 70 30 3a 22 43 68 65 72 20 75 74 69 6c 69 73 61 74 65 75 72 2c 22 2c 6e 6f 5f 63 6c 69 65 6e 74 5f 64 69 61 6c 6f 67 5f 74 69 70 31 3a 22 20 76 6f 75 73 20 6e 27 61 76 65 7a 20 70 61 73 20 69 6e 73 74 61 6c 6c c3 a9 20 3c 73 70 61 6e 3e 57 50 53 20 4f 66 66 69 63 65 3c 2f 73 70 61 6e 3e 22 2c 6e 6f 5f 63 6c 69 65 6e 74 5f 64 69 61 6c 6f 67 5f 74 69 70 32 3a 22 49 6e 73 74 61 6c 6c 65 7a 20 6c 61 20 76 65 72 73 69 6f 6e 20 67 72 61 74 75 69 74 65 20 64 65 20 57 50 53 20 4f 66 66 69 63 65 20 70 6f 75 72 20 6c 27 6f 75 76 72 69 72 2e 22 2c 6e 6f 5f 63 6c 69 65 6e 74 5f 64 69 61 6c 6f 67 5f 62 75 74 74 6f 6e 3a 22 4f 4b 22 2c 66 72 65 65 5f 64 6f 77 6e 6c 6f 61 64 3a 22 46 72 65 65 Data Ascii: ateur",no_client_dialog_tip0:"Cher utilisateur,",no_client_dialog_tip1:" vous n'avez pas install <span>WPS Office</span>",no_client_dialog_tip2:"Installez la version gratuite de WPS Office pour l'ouvrir.",no_client_dialog_button:"OK",free_download:"Free
2024-11-07 14:49:17 UTC	16384	IN	Data Raw: 2f 73 70 61 6e 3e 20 d0 b8 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 6f 6c 69 63 79 27 3e d0 9f d0 be d0 bb d0 b8 d1 82 d0 b8 d0 ba d1 83 20 d0 ba d0 be d0 bd d1 84 d0 b8 d0 b4 d0 b5 d0 bd d1 86 d0 b8 d0 b0 d0 bb d1 8c d0 bd d0 be d1 81 d1 82 d0 b8 3c 2f 73 70 61 6e 3e 20 d0 b4 d0 bb d1 8f 20 57 50 53 20 4f 66 66 69 63 65 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 64 6f 77 6e 6c 6f 61 64 5f 74 69 70 73 5f 31 3a 22 d0 9d d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 d0 b5 20 d0 bd d0 b0 d0 b9 d1 82 d0 b8 20 d0 bf d1 80 d0 be d0 b3 d1 80 d0 b0 d0 bc d0 bc d1 83 20 d1 83 d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 ba d0 b8 3f 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 64 6f 77 6e 6c 6f 61 64 5f 74 69 70 73 5f 32 3a 22 d0 9d d0 b0 d0 b6 d0 bc d0 b8 d1 82 d0 b5 20 d0 ba d0 bb d0 b0 Data Ascii: /span> <span class='policy'> </span> WPS Office",i18_langs_download_tips_1:" ?",i18_langs_download_tips_2:"
2024-11-07 14:49:17 UTC	2697	IN	Data Raw: 4f 72 61 20 64 65 76 69 20 73 6f 6c 6f 20 66 61 72 65 20 63 6c 69 63 20 73 75 6c 20 70 72 6f 67 72 61 6d 6d 61 20 64 69 20 69 6e 73 74 61 6c 6c 61 7a 69 6f 6e 65 20 70 65 72 20 69 6e 73 74 61 6c 6c 61 72 6c 61 2e 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 73 74 65 70 5f 6f 6e 65 3a 22 50 61 73 73 61 67 67 69 6f 20 31 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 73 74 65 70 5f 74 77 6f 3a 22 50 61 73 73 61 67 67 69 6f 20 32 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 73 74 65 70 5f 74 68 72 65 65 3a 22 50 61 73 73 61 67 67 69 6f 20 33 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 73 74 65 70 5f 64 6f 77 6e 6c 6f 61 64 3a 22 53 63 61 72 69 63 61 22 2c 69 31 38 5f 6c 61 6e 67 73 5f 73 74 65 70 5f 63 6c 69 63 6b 3a 22 46 61 69 20 63 6c 69 63 20 73 75 6c 20 70 72 6f 67 72 61 6d 6d 61 20 64 69 Data Ascii: Ora devi solo fare clic sul programma di installazione per installarla.",i18_langs_step_one:"Passaggio 1",i18_langs_step_two:"Passaggio 2",i18_langs_step_three:"Passaggio 3",i18_langs_step_download:"Scarica",i18_langs_step_click:"Fai clic sul programma di

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:17 UTC	540	OUT	GET /intl/docs/e891fbf.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:17 UTC	764	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 28053 Connection: close Accept-Ranges: bytes Age: 624990 Etag: "b066afa1c6512b6268a01107ea5e8df8" Last-Modified: Wed, 18 Sep 2024 08:10:22 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: AldU46HA9FdWDOC-UQyGwxQCQuHgVaLEbN59SKohxIpIR8qR-5iRag== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: 6a07bb6e80290085421d5fa356b91209 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:17 GMT via: cache06.oversea-GM-FRA6
2024-11-07 14:49:17 UTC	15620	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 33 5d 2c 7b 32 39 31 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 3b 76 61 72 20 72 3d 6e 28 32 39 33 29 2e 43 6f 6e 66 69 67 4c 6f 61 64 65 72 2c 63 3d 7b 49 4e 54 4c 5f 50 45 52 3a 22 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 5f 70 65 72 73 6f 6e 61 6c 22 2c 4a 50 5f 50 45 52 3a 22 6a 61 70 61 6e 5f 70 65 72 73 6f 6e 61 6c 22 2c 4a 50 5f 45 4e 54 3a 22 6a 61 70 61 6e 5f 65 6e 74 65 72 70 72 69 73 65 22 2c 49 4e 54 4c 5f 45 4e 54 3a 22 69 6e 74 65 72 6e 61 74 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{291:function(t,e,n){"use strict";n.d(e,"a",(function(){return o}));var r=n(293).ConfigLoader,c={INTL_PER:"international_personal",JP_PER:"japan_personal",JP_ENT:"japan_enterprise",INTL_ENT:"internat
2024-11-07 14:49:17 UTC	12433	IN	Data Raw: 45 67 4d 54 41 67 4d 6a 59 34 49 44 63 75 4e 7a 59 78 4e 44 49 67 4d 6a 59 34 49 44 56 44 4d 6a 59 34 49 44 49 75 4d 6a 4d 34 4e 54 67 67 4d 6a 59 31 4c 6a 63 32 4d 53 41 77 49 44 49 32 4d 79 41 77 53 44 56 61 54 54 55 67 4e 6a 68 44 4d 69 34 79 4d 7a 67 31 4f 43 41 32 4f 43 41 77 49 44 63 77 4c 6a 49 7a 4f 44 59 67 4d 43 41 33 4d 30 4d 77 49 44 63 31 4c 6a 63 32 4d 54 51 67 4d 69 34 79 4d 7a 67 31 4f 43 41 33 4f 43 41 31 49 44 63 34 53 44 49 32 4d 30 4d 79 4e 6a 55 75 4e 7a 59 78 49 44 63 34 49 44 49 32 4f 43 41 33 4e 53 34 33 4e 6a 45 30 49 44 49 32 4f 43 41 33 4d 30 4d 79 4e 6a 67 67 4e 7a 41 75 4d 6a 4d 34 4e 69 41 79 4e 6a 55 75 4e 7a 59 78 49 44 59 34 49 44 49 32 4d 79 41 32 4f 45 67 31 57 6b 30 77 49 44 4d 35 51 7a 41 67 4d 7a 59 75 4d 6a 4d 34 4e Data Ascii: EgMTAgMjY4IDcuNzYxNDIgMjY4IDVDMjY4IDIuMjM4NTggMjY1Ljc2MSAwIDI2MyAwSDVaTTUgNjhDMi4yMzg1OCA2OCAwIDcwLjIzODYgMCA3M0MwIDc1Ljc2MTQgMi4yMzg1OCA3OCA1IDc4SDI2M0MyNjUuNzYxIDc4IDI2OCA3NS43NjE0IDI2OCA3M0MyNjggNzAuMjM4NiAyNjUuNzYxIDY4IDI2MyA2OEg1Wk0wIDM5QzAgMzYuMjM4N

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 14:49:17 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=58524 Date: Thu, 07 Nov 2024 14:49:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-07 14:49:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:17 UTC	527	OUT	GET /tag/hz1xdx5n3e HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:17 UTC	528	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:17 GMT Content-Type: application/x-javascript Content-Length: 701 Connection: close Cache-Control: no-cache, no-store Expires: -1 Set-Cookie: CLID=58c6081be88c4cb8b71634731a94447f.20241107.20251107; expires=Fri, 07 Nov 2025 14:49:17 GMT; path=/; secure; samesite=none; httponly Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78 x-azure-ref: 20241107T144917Z-15869dbbcc6lq45jhC1DFWbkc800000001zg000000005mn5 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-11-07 14:49:17 UTC	701	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 69 66 28 61 5b 63 5d 2e 76 7c 7c 61 5b 63 5d 2e 74 29 72 65 74 75 72 6e 20 61 5b 63 5d 28 22 65 76 65 6e 74 22 2c 63 2c 22 64 75 70 2e 22 2b 69 2e 70 72 6f 6a 65 63 74 49 64 29 3b 61 5b 63 5d 2e 74 3d 21 30 2c 28 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 29 2e Data Ascii: !function(c,l,a,r,i,t,y){function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);if(a[c].v\|\|a[c].t)return a[c]("event",c,"dup."+i.projectId);a[c].t=!0,(t=l.createElement(r)).

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:17 UTC	365	OUT	GET /intl/docs/529e391.js HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:18 UTC	765	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: application/javascript Content-Length: 236190 Connection: close Accept-Ranges: bytes Age: 2075427 Etag: "e0f840338b04b45604e59f8c3ec53426" Last-Modified: Wed, 18 Sep 2024 08:10:21 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: ZAl8DBf4G5cS6ZEISTNt-STFsuyQ2ua7jMpu6r1xF8-IvqgMODlp_g== X-Amz-Cf-Pop: JFK52-P5 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: RefreshHit from cloudfront X-Request-Id: 28b50e1f790965474a3576c2be83b611 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:17 GMT via: cache01.oversea-US-MIA1
2024-11-07 14:49:18 UTC	15619	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 37 5d 2c 5b 2c 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 72 65 74 75 72 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[7],[,,function(t,e,n){"use strict";(function(t,n){var r=Object.freeze({});function o(t){return null==t}function i(t){return null!=t}function a(t){retur
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 7c 7c 28 6f 5b 75 5d 3d 78 65 28 65 2c 75 29 29 3b 72 65 74 75 72 6e 20 74 26 26 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 74 29 26 26 28 74 2e 5f 6e 6f 72 6d 61 6c 69 7a 65 64 3d 6f 29 2c 71 28 6f 2c 22 24 73 74 61 62 6c 65 22 2c 61 29 2c 71 28 6f 2c 22 24 6b 65 79 22 2c 73 29 2c 71 28 6f 2c 22 24 68 61 73 4e 6f 72 6d 61 6c 22 2c 69 29 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 5f 65 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 6e 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 3a 6e 28 7b 7d 29 2c 65 3d 28 74 3d 74 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 74 Data Ascii: \|\|(o[u]=xe(e,u));return t&&Object.isExtensible(t)&&(t._normalized=o),q(o,"$stable",a),q(o,"$key",s),q(o,"$hasNormal",i),o}function _e(t,e,n){var r=function(){var t=arguments.length?n.apply(null,arguments):n({}),e=(t=t&&"object"==typeof t&&!Array.isArray(t
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 70 74 69 6f 6e 73 3d 44 74 28 24 6e 28 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 2c 74 7c 7c 7b 7d 2c 65 29 2c 65 2e 5f 72 65 6e 64 65 72 50 72 6f 78 79 3d 65 2c 65 2e 5f 73 65 6c 66 3d 65 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2e 24 6f 70 74 69 6f 6e 73 2c 6e 3d 65 2e 70 61 72 65 6e 74 3b 69 66 28 6e 26 26 21 65 2e 61 62 73 74 72 61 63 74 29 7b 66 6f 72 28 3b 6e 2e 24 6f 70 74 69 6f 6e 73 2e 61 62 73 74 72 61 63 74 26 26 6e 2e 24 70 61 72 65 6e 74 3b 29 6e 3d 6e 2e 24 70 61 72 65 6e 74 3b 6e 2e 24 63 68 69 6c 64 72 65 6e 2e 70 75 73 68 28 74 29 7d 74 2e 24 70 61 72 65 6e 74 3d 6e 2c 74 2e 24 72 6f 6f 74 3d 6e 3f 6e 2e 24 72 6f 6f 74 3a 74 2c 74 2e 24 63 68 69 6c 64 72 65 6e 3d 5b 5d 2c 74 2e 24 72 65 66 73 3d 7b 7d 2c 74 2e 5f 77 61 Data Ascii: ptions=Dt($n(e.constructor),t\|\|{},e),e._renderProxy=e,e._self=e,function(t){var e=t.$options,n=e.parent;if(n&&!e.abstract){for(;n.$options.abstract&&n.$parent;)n=n.$parent;n.$children.push(t)}t.$parent=n,t.$root=n?n.$root:t,t.$children=[],t.$refs={},t._wa
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 61 73 73 22 29 3b 65 6c 73 65 7b 66 6f 72 28 76 61 72 20 6e 3d 22 20 22 2b 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 7c 7c 22 22 29 2b 22 20 22 2c 72 3d 22 20 22 2b 65 2b 22 20 22 3b 6e 2e 69 6e 64 65 78 4f 66 28 72 29 3e 3d 30 3b 29 6e 3d 6e 2e 72 65 70 6c 61 63 65 28 72 2c 22 20 22 29 3b 28 6e 3d 6e 2e 74 72 69 6d 28 29 29 3f 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 6e 29 3a 74 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 28 74 29 7b 69 66 28 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 21 31 21 3d 3d 74 2e 63 73 73 26 26 6a 28 65 2c 65 6f 28 74 2e 6e Data Ascii: ass");else{for(var n=" "+(t.getAttribute("class")\|\|"")+" ",r=" "+e+" ";n.indexOf(r)>=0;)n=n.replace(r," ");(n=n.trim())?t.setAttribute("class",n):t.removeAttribute("class")}}function to(t){if(t){if("object"==typeof t){var e={};return!1!==t.css&&j(e,eo(t.n
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 5f 3d 4b 3f 53 6f 3a 24 2c 49 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 24 6d 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3b 72 65 74 75 72 6e 20 74 2e 24 65 6c 3d 65 2c 74 2e 24 6f 70 74 69 6f 6e 73 2e 72 65 6e 64 65 72 7c 7c 28 74 2e 24 6f 70 74 69 6f 6e 73 2e 72 65 6e 64 65 72 3d 67 74 29 2c 75 6e 28 74 2c 22 62 65 66 6f 72 65 4d 6f 75 6e 74 22 29 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 75 70 64 61 74 65 28 74 2e 5f 72 65 6e 64 65 72 28 29 2c 6e 29 7d 2c 6e 65 77 20 5f 6e 28 74 2c 72 2c 24 2c 7b 62 65 66 6f 72 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 69 73 4d 6f 75 6e 74 65 64 26 26 21 74 2e 5f 69 73 44 65 73 74 72 6f 79 65 64 26 26 75 6e 28 74 Data Ascii: _=K?So:$,In.prototype.$mount=function(t,e){return function(t,e,n){var r;return t.$el=e,t.$options.render\|\|(t.$options.render=gt),un(t,"beforeMount"),r=function(){t._update(t._render(),n)},new _n(t,r,$,{before:function(){t._isMounted&&!t._isDestroyed&&un(t
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 6e 20 4f 62 6a 65 63 74 28 72 28 74 29 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 31 33 29 2c 6f 3d 6e 28 31 37 35 29 3b 74 2e 65 78 70 6f 72 74 73 3d 72 3f 6f 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4d 61 70 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 2e 63 61 6c 6c 28 74 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2c 72 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 6f 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 74 5b 65 5d Data Ascii: n Object(r(t))}},function(t,e,n){var r=n(13),o=n(175);t.exports=r?o:function(t){return Map.prototype.entries.call(t)}},function(t,e,n){var r=function(t){"use strict";var e,n=Object.prototype,r=n.hasOwnProperty,o=Object.defineProperty\|\|function(t,e,n){t[e]
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 3a 66 2c 70 3d 75 5b 31 5d 2c 68 3d 75 74 28 76 6f 69 64 20 30 3d 3d 3d 70 3f 22 22 3a 70 29 2c 64 3d 68 2e 70 61 74 68 6e 61 6d 65 2c 76 3d 68 2e 73 65 61 72 63 68 2c 79 3d 68 2e 68 61 73 68 3b 72 65 74 75 72 6e 7b 70 72 6f 74 6f 63 6f 6c 3a 61 2c 61 75 74 68 3a 73 3f 73 2e 73 75 62 73 74 72 28 30 2c 73 2e 6c 65 6e 67 74 68 2d 31 29 3a 22 22 2c 68 6f 73 74 3a 6c 2c 70 61 74 68 6e 61 6d 65 3a 64 2c 73 65 61 72 63 68 3a 76 2c 68 61 73 68 3a 79 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 74 28 29 7b 76 61 72 20 74 3d 28 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 30 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 22 22 29 2e 6d 61 74 63 68 28 2f 28 5b 5e 23 3f 5d 2a 29 28 5c 3f 5b 5e 23 5d 2a Data Ascii: :f,p=u[1],h=ut(void 0===p?"":p),d=h.pathname,v=h.search,y=h.hash;return{protocol:a,auth:s?s.substr(0,s.length-1):"",host:l,pathname:d,search:v,hash:y}}function ut(){var t=((arguments.length>0&&void 0!==arguments[0]?arguments[0]:"").match(/([^#?])(\?[^#]
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 29 74 68 72 6f 77 20 69 7d 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 63 28 74 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 3d 69 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 74 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 3d 69 28 74 29 26 26 6e 75 6c 6c 21 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 70 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 7d 76 61 72 20 68 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 21 75 28 77 69 6e 64 6f 77 29 7d 63 61 74 63 68 28 74 29 7b 72 65 Data Ascii: )throw i}}}}function c(t){return Array.isArray(t)}function u(t){return void 0===t}function f(t){return"object"===i(t)}function l(t){return"object"===i(t)&&null!==t}function p(t){return"function"==typeof t}var h=(function(){try{return!u(window)}catch(t){re
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 6c 75 67 69 6e 73 3b 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 5b 5d 29 3b 76 61 72 20 6f 3d 74 2e 73 74 72 69 63 74 3b 76 6f 69 64 20 30 3d 3d 3d 6f 26 26 28 6f 3d 21 31 29 2c 74 68 69 73 2e 5f 63 6f 6d 6d 69 74 74 69 6e 67 3d 21 31 2c 74 68 69 73 2e 5f 61 63 74 69 6f 6e 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 61 63 74 69 6f 6e 53 75 62 73 63 72 69 62 65 72 73 3d 5b 5d 2c 74 68 69 73 2e 5f 6d 75 74 61 74 69 6f 6e 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 77 72 61 70 70 65 64 47 65 74 74 65 72 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 6d 6f 64 75 6c 65 73 3d 6e 65 77 20 63 28 74 29 2c 74 68 69 73 2e 5f 6d 6f 64 75 6c 65 73 4e Data Ascii: lugins;void 0===r&&(r=[]);var o=t.strict;void 0===o&&(o=!1),this._committing=!1,this._actions=Object.create(null),this._actionSubscribers=[],this._mutations=Object.create(null),this._wrappedGetters=Object.create(null),this._modules=new c(t),this._modulesN
2024-11-07 14:49:18 UTC	16384	IN	Data Raw: 7d 7d 7d 3b 72 2e 66 6f 72 45 61 63 68 28 5b 22 64 65 6c 65 74 65 22 2c 22 67 65 74 22 2c 22 68 65 61 64 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 75 2e 68 65 61 64 65 72 73 5b 74 5d 3d 7b 7d 7d 29 29 2c 72 2e 66 6f 72 45 61 63 68 28 5b 22 70 6f 73 74 22 2c 22 70 75 74 22 2c 22 70 61 74 63 68 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 75 2e 68 65 61 64 65 72 73 5b 74 5d 3d 72 2e 6d 65 72 67 65 28 61 29 7d 29 29 2c 74 2e 65 78 70 6f 72 74 73 3d 75 7d 29 2e 63 61 6c 6c 28 74 68 69 73 2c 6e 28 31 31 30 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 29 7b 74 68 69 73 2e 6d 65 73 73 61 67 65 3d 74 7d 72 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d Data Ascii: }}};r.forEach(["delete","get","head"],(function(t){u.headers[t]={}})),r.forEach(["post","put","patch"],(function(t){u.headers[t]=r.merge(a)})),t.exports=u}).call(this,n(110))},function(t,e,n){"use strict";function r(t){this.message=t}r.prototype.toString=

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:18 UTC	710	OUT	GET /api/v5/links/sIGWvrvOeAYXvpLkG HTTP/1.1 Host: eu-drive.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:18 UTC	983	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:18 GMT Content-Type: application/json;charset=utf-8 Content-Length: 1413 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Origin: https://eu.docs.wps.com Access-Control-Expose-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-KLB: 2 Server: elb
2024-11-07 14:49:18 UTC	1413	IN	Data Raw: 7b 22 61 70 70 72 6f 76 65 72 5f 69 6e 66 6f 22 3a 7b 22 61 70 70 72 6f 76 65 72 5f 69 64 22 3a 33 33 33 32 34 30 31 31 31 2c 22 61 70 70 72 6f 76 65 72 5f 6e 69 63 6b 6e 61 6d 65 22 3a 22 6c 6f 69 63 20 68 65 72 62 65 72 74 22 2c 22 61 70 70 72 6f 76 65 72 5f 61 76 61 74 61 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 61 2f 41 41 54 58 41 4a 7a 49 6a 6a 36 4f 55 6a 7a 62 79 51 35 76 31 56 64 48 50 55 41 79 78 43 72 58 6d 50 75 45 4c 78 77 4f 4c 4c 77 48 3d 73 39 36 2d 63 22 7d 2c 22 66 69 6c 65 69 6e 66 6f 22 3a 7b 22 69 64 22 3a 38 39 33 31 36 31 35 35 37 30 39 38 38 31 2c 22 67 72 6f 75 70 69 64 22 3a 32 32 37 30 30 32 31 32 37 31 2c 22 70 61 72 65 6e 74 69 64 22 3a 30 2c 22 66 6e 61 Data Ascii: {"approver_info":{"approver_id":333240111,"approver_nickname":"loic herbert","approver_avatar":"https://lh3.googleusercontent.com/a/AATXAJzIjj6OUjzbyQ5v1VdHPUAyxCrXmPuELxwOLLwH=s96-c"},"fileinfo":{"id":89316155709881,"groupid":2270021271,"parentid":0,"fna

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:18 UTC	692	OUT	GET /p/session/correlate HTTP/1.1 Host: eu-account.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Accept-Language: en-US sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:18 UTC	908	IN	HTTP/1.1 403 Forbidden Date: Thu, 07 Nov 2024 14:49:18 GMT Content-Type: application/json;charset=utf-8 Content-Length: 60 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel,Authorization,Content-Md5,DATE Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Origin: https://eu.docs.wps.com Access-Control-Expose-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel X-KLB: 2 Server: elb
2024-11-07 14:49:18 UTC	60	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 22 75 73 65 72 4e 6f 74 4c 6f 67 69 6e 22 2c 22 6d 73 67 22 3a 22 54 68 65 20 75 73 65 72 20 69 73 20 6e 6f 74 20 6c 6f 67 67 65 64 20 69 6e 2e 22 7d Data Ascii: {"result":"userNotLogin","msg":"The user is not logged in."}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\Unconfirmed 336248.crdownload

C:\Users\user\Downloads\b190ab89-58b5-41b2-86cd-d3dd5b248905.tmp

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Windows Analysis Report
https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkG

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:18 UTC	695	OUT	GET /api/v3/userinfo HTTP/1.1 Host: eu-drive.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:18 UTC	877	IN	HTTP/1.1 403 Forbidden Date: Thu, 07 Nov 2024 14:49:18 GMT Content-Type: application/json;charset=utf-8 Content-Length: 60 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Origin: https://eu.docs.wps.com Access-Control-Expose-Headers: Accept,Content-Type,X-CSRFToken,X-Requested-With,x-kso-app-name,x-kso-app-version,x-kso-platform-type,x-kso-platform-version,x-kso-device-id,x-kso-device-name,x-kso-device-trademark,x-kso-device-version,x-kso-app-channel,x-kso-request-channel X-KLB: 2 Server: elb
2024-11-07 14:49:18 UTC	60	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 22 75 73 65 72 4e 6f 74 4c 6f 67 69 6e 22 2c 22 6d 73 67 22 3a 22 54 68 65 20 75 73 65 72 20 69 73 20 6e 6f 74 20 6c 6f 67 67 65 64 20 69 6e 2e 22 7d Data Ascii: {"result":"userNotLogin","msg":"The user is not logged in."}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:19 UTC	849	OUT	POST /api/v3/office/file/89316155709881/async-export HTTP/1.1 Host: eu.docs.wps.com Connection: keep-alive Content-Length: 219 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Content-Type: application/json Accept-Language: en-US sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 Accept-Encoding: gzip, deflate, br Cookie: i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:19 UTC	219	OUT	Data Raw: 7b 22 66 6f 72 6d 61 74 22 3a 22 70 6e 67 22 2c 22 6f 70 74 69 6f 6e 73 22 3a 7b 22 63 6f 6d 62 69 6e 65 32 4c 6f 6e 67 50 69 63 22 3a 74 72 75 65 2c 22 64 70 69 22 3a 39 36 2c 22 63 72 6f 70 5f 70 61 72 61 6d 73 22 3a 5b 7b 22 77 69 64 74 68 22 3a 34 37 36 2c 22 68 65 69 67 68 74 22 3a 33 34 38 7d 5d 2c 22 65 78 70 6f 72 74 5f 61 73 5f 69 6d 61 67 65 5f 72 65 71 22 3a 7b 22 77 69 74 68 5f 74 69 74 6c 65 22 3a 74 72 75 65 7d 2c 22 66 72 6f 6d 50 61 67 65 22 3a 31 2c 22 6e 65 65 64 5f 72 65 63 6f 76 65 72 22 3a 74 72 75 65 2c 22 70 61 70 65 72 53 69 7a 65 22 3a 30 2c 22 74 6f 50 61 67 65 22 3a 31 7d 2c 22 74 69 6d 65 6f 75 74 22 3a 31 30 30 30 30 7d Data Ascii: {"format":"png","options":{"combine2LongPic":true,"dpi":96,"crop_params":[{"width":476,"height":348}],"export_as_image_req":{"with_title":true},"fromPage":1,"need_recover":true,"paperSize":0,"toPage":1},"timeout":10000}
2024-11-07 14:49:20 UTC	760	IN	HTTP/1.1 403 Forbidden Date: Thu, 07 Nov 2024 14:49:19 GMT Content-Type: application/json; charset=utf-8 Content-Length: 86 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: accept, content-type, x-user-query, x-device-id, x-requested-with, x-csrftoken, accept-encoding, accept-language, x-csrf-rand, x-server-id, x-endpoint-id, x-user-token, x-app-id, x-app-token Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: https://eu.docs.wps.com Access-Control-Expose-Headers: accept, content-type, x-user-query, x-device-id, x-requested-with, x-csrftoken, accept-encoding, accept-language X-Group: green X-Request-Id: d2a597d3d29f15a221e82541865a8bcc X-KLB: 2 Server: elb
2024-11-07 14:49:20 UTC	86	IN	Data Raw: 7b 22 65 72 72 6e 6f 22 3a 31 30 30 30 30 2c 22 6d 73 67 22 3a 22 54 68 65 20 75 73 65 72 20 69 73 20 6e 6f 74 20 6c 6f 67 67 65 64 20 69 6e 2e 22 2c 22 72 65 61 73 6f 6e 22 3a 22 22 2c 22 72 65 73 75 6c 74 22 3a 22 75 73 65 72 4e 6f 74 4c 6f 67 69 6e 22 7d Data Ascii: {"errno":10000,"msg":"The user is not logged in.","reason":"","result":"userNotLogin"}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:20 UTC	527	OUT	OPTIONS /short-link/create HTTP/1.1 Host: s-eu.wps.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: authorization,content-type Origin: https://eu.docs.wps.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:20 UTC	643	IN	HTTP/1.1 204 No Content Date: Thu, 07 Nov 2024 14:49:20 GMT Connection: close access-control-allow-credentials: true access-control-allow-headers: Content-Type, x-requested-with, AccessToken, Authorization, Token, wps-stats, Wps-Sid, Device-Id, AccessKey, Timestamp, Client-Chan, Client-Lang, Client-Type, Client-Ver, Client-Request-Id access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH, OPTIONS access-control-allow-origin: https://eu.docs.wps.com access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type x-envoy-upstream-service-time: 0 Server: elb

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:20 UTC	689	OUT	GET /op/docs/open HTTP/1.1 Host: api-ad-adapter.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Accept-Language: en-US sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Cookie: _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:20 UTC	591	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:20 GMT Content-Type: application/json; charset=utf-8 Content-Length: 54 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type,AccessToken,X-CSRF-Token,Authorization,lang,tzone_offset,device_id,platform,app_version,channel,country,wps_sid,email_auth Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT Access-Control-Allow-Origin: https://eu.docs.wps.com Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type Server: elb
2024-11-07 14:49:20 UTC	54	IN	Data Raw: 7b 22 6d 73 67 22 3a 22 22 2c 22 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 66 6f 6f 74 65 72 5f 62 61 6e 6e 65 72 22 5d 7d 2c 22 63 6f 64 65 22 3a 30 7d Data Ascii: {"msg":"","data":{"flags":["footer_banner"]},"code":0}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:21 UTC	762	OUT	GET /api/v3/office/asynctasks/normal_export?id=null HTTP/1.1 Host: eu.docs.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Accept-Language: en-US sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/module/common/loadPlatform/?sid=sIGWvrvOeAYXvpLkG&v=v2 Accept-Encoding: gzip, deflate, br Cookie: i18n_redirected=en-US; _ga=GA1.1.1634799763.1730990957; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990955.0.0.0; lang=en-US
2024-11-07 14:49:21 UTC	236	IN	HTTP/1.1 403 Forbidden Date: Thu, 07 Nov 2024 14:49:21 GMT Content-Type: application/json; charset=utf-8 Content-Length: 82 Connection: close X-Group: green X-Request-Id: f07ce861adf94bbfe8bcf490750c25b0 X-KLB: 2 Server: elb
2024-11-07 14:49:21 UTC	82	IN	Data Raw: 7b 22 65 72 72 6e 6f 22 3a 31 30 30 30 30 2c 22 6d 73 67 22 3a 22 74 61 73 6b 20 69 64 20 69 73 20 69 6e 76 61 6c 69 64 22 2c 22 72 65 61 73 6f 6e 22 3a 22 22 2c 22 72 65 73 75 6c 74 22 3a 22 70 65 72 6d 69 73 73 69 6f 6e 44 65 6e 69 65 64 22 7d Data Ascii: {"errno":10000,"msg":"task id is invalid","reason":"","result":"permissionDenied"}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:21 UTC	1012	OUT	POST /short-link/create HTTP/1.1 Host: s-eu.wps.com Connection: keep-alive Content-Length: 508 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Language: en-US sec-ch-ua-mobile: ?0 Authorization: WPS-INTL-1:SC_SH8EMFUOJZTUCP5M:1730990958:aac1a928ca4a0dd7b1e516d606f62825:1aab043e-a369-44c4-b4e1-0e3a67199fc1::/short-link/create:1aab043e-a369-44c4-b4e1-0e3a67199fc1:MjIxYTU2YjllYjdhNWQxMjA1MTlkYzMwMjc2NjRmZDU5MWRmMTJkYzc2MjI0M2Q0MDM3MzI4MTY1ZTVhNzk4OA== User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json, text/plain, / sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990959.0.0.0
2024-11-07 14:49:21 UTC	508	OUT	Data Raw: 7b 22 6f 72 69 67 69 6e 61 6c 5f 6c 69 6e 6b 22 3a 22 7b 5c 22 66 69 6c 65 74 79 70 65 5c 22 3a 5c 22 70 64 66 5c 22 2c 5c 22 66 69 6c 65 6e 61 6d 65 5c 22 3a 5c 22 48 45 52 42 45 52 54 20 4c 4f 49 43 20 28 61 72 72 c3 83 c2 aa 74 20 74 72 61 76 61 69 6c 20 35 30 30 36 39 2d 30 37 29 5c 22 2c 5c 22 62 75 73 69 6e 65 73 73 5f 74 79 70 65 5c 22 3a 5c 22 6f 70 65 6e 5f 61 63 74 69 76 69 74 79 5f 75 72 6c 5c 22 2c 5c 22 62 75 73 69 6e 65 73 73 5f 64 65 74 61 69 6c 5c 22 3a 5c 22 61 6e 64 72 6f 69 64 32 70 63 5c 22 2c 5c 22 75 72 6c 5c 22 3a 5c 22 68 74 74 70 73 3a 2f 2f 65 75 2e 64 6f 63 73 2e 77 70 73 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 2f 63 6f 6d 6d 6f 6e 2f 6e 6f 4c 6f 67 69 6e 46 69 6c 65 57 61 74 63 68 65 72 2f 5c 22 2c 5c 22 77 69 64 5c 22 3a 5c 22 63 69 Data Ascii: {"original_link":"{\"filetype\":\"pdf\",\"filename\":\"HERBERT LOIC (arrt travail 50069-07)\",\"business_type\":\"open_activity_url\",\"business_detail\":\"android2pc\",\"url\":\"https://eu.docs.wps.com/module/common/noLoginFileWatcher/\",\"wid\":\"ci
2024-11-07 14:49:21 UTC	703	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:21 GMT Content-Type: application/json; charset=utf-8 Content-Length: 67 Connection: close access-control-allow-credentials: true access-control-allow-headers: Content-Type, x-requested-with, AccessToken, Authorization, Token, wps-stats, Wps-Sid, Device-Id, AccessKey, Timestamp, Client-Chan, Client-Lang, Client-Type, Client-Ver, Client-Request-Id access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH, OPTIONS access-control-allow-origin: https://eu.docs.wps.com access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type x-envoy-upstream-service-time: 15 Server: elb
2024-11-07 14:49:21 UTC	67	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 2c 22 64 61 74 61 22 3a 7b 22 73 68 6f 72 74 5f 6c 69 6e 6b 5f 63 6f 64 65 22 3a 22 65 38 4c 5a 63 46 38 49 43 37 75 35 22 7d 7d Data Ascii: {"code":0,"message":"ok","data":{"short_link_code":"e8LZcF8IC7u5"}}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:22 UTC	597	OUT	GET /s/0.7.49/clarity.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CLID=58c6081be88c4cb8b71634731a94447f.20241107.20251107
2024-11-07 14:49:23 UTC	573	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:22 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 65959 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Thu, 24 Oct 2024 01:20:43 GMT ETag: "0x8DCF3CA14C9A428" x-ms-request-id: 1c170c6e-801e-0015-513e-2c3968000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20241107T144922Z-16547b76f7fq9mcrhC1DFWq15w000000089g000000007w8q Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 51562430 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 14:49:23 UTC	15811	IN	Data Raw: 2f 2a 20 63 6c 61 72 69 74 79 2d 6a 73 20 76 30 2e 37 2e 34 39 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2f 63 6c 61 72 69 74 79 20 28 4c 69 63 65 6e 73 65 3a 20 4d 49 54 29 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 73 72 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 63 72 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 6c 72 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 61 72 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f Data Ascii: /* clarity-js v0.7.49: https://github.com/microsoft/clarity (License: MIT) */!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return sr},get start(){return cr},get stop(){return lr},get track(){return ar}}),e=Object.freeze({__pro
2024-11-07 14:49:23 UTC	16384	IN	Data Raw: 72 3a 6e 75 6c 6c 2c 68 61 73 68 3a 6e 75 6c 6c 2c 72 65 67 69 6f 6e 3a 6c 2c 6d 65 74 61 64 61 74 61 3a 7b 61 63 74 69 76 65 3a 21 30 2c 73 75 73 70 65 6e 64 3a 21 31 2c 70 72 69 76 61 63 79 3a 66 2c 70 6f 73 69 74 69 6f 6e 3a 6e 75 6c 6c 2c 66 72 61 75 64 3a 64 2c 73 69 7a 65 3a 6e 75 6c 6c 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 61 3d 65 2e 64 61 74 61 2c 72 3d 65 2e 6d 65 74 61 64 61 74 61 2c 69 3d 72 2e 70 72 69 76 61 63 79 2c 6f 3d 61 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 2c 75 3d 61 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 75 29 3e 3d 30 3a 76 61 72 20 63 3d 6f 2e 74 79 70 65 2c 73 3d 22 22 2c 6c 3d 5b 22 63 6c 61 73 Data Ascii: r:null,hash:null,region:l,metadata:{active:!0,suspend:!1,privacy:f,position:null,fraud:d,size:null}},function(t,e,n){var a=e.data,r=e.metadata,i=r.privacy,o=a.attributes\|\|{},u=a.tag.toUpperCase();switch(!0){case Pt.indexOf(u)>=0:var c=o.type,s="",l=["clas
2024-11-07 14:49:23 UTC	16384	IN	Data Raw: 62 69 6c 69 74 79 29 2c 47 72 28 31 34 2c 74 2e 69 74 65 6d 43 6f 6e 64 69 74 69 6f 6e 29 2c 47 72 28 31 33 2c 74 2e 70 72 69 63 65 43 75 72 72 65 6e 63 79 29 2c 47 72 28 31 32 2c 74 2e 73 6b 75 29 2c 57 28 31 33 2c 5a 6e 28 74 2e 70 72 69 63 65 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 62 72 61 6e 64 22 3a 47 72 28 36 2c 74 2e 6e 61 6d 65 29 7d 6e 75 6c 6c 21 3d 3d 72 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 72 26 26 4b 6e 28 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 5a 6e 28 74 2c 65 29 7b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 31 29 2c 6e 75 6c 6c 21 3d 3d 74 29 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 74 29 7b 63 61 73 65 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 6f 75 6e 64 28 74 2a 65 29 3b 63 61 Data Ascii: bility),Gr(14,t.itemCondition),Gr(13,t.priceCurrency),Gr(12,t.sku),W(13,Zn(t.price));break;case"brand":Gr(6,t.name)}null!==r&&"object"==typeof r&&Kn(r)}}function Zn(t,e){if(void 0===e&&(e=1),null!==t)switch(typeof t){case"number":return Math.round(t*e);ca
2024-11-07 14:49:23 UTC	16384	IN	Data Raw: 53 74 2e 69 64 29 2c 65 2e 70 75 73 68 28 53 74 2e 74 61 72 67 65 74 29 2c 65 2e 70 75 73 68 28 53 74 2e 63 68 65 63 6b 73 75 6d 29 2c 73 72 28 65 2c 21 31 29 29 7d 72 65 74 75 72 6e 5b 32 5d 7d 29 29 7d 29 29 7d 76 61 72 20 62 72 2c 77 72 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 72 28 74 2c 65 2c 6e 2c 61 2c 72 29 7b 76 6f 69 64 20 30 3d 3d 3d 6e 26 26 28 6e 3d 6e 75 6c 6c 29 2c 76 6f 69 64 20 30 3d 3d 3d 61 26 26 28 61 3d 6e 75 6c 6c 29 2c 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 6e 75 6c 6c 29 3b 76 61 72 20 69 3d 6e 3f 22 22 2e 63 6f 6e 63 61 74 28 6e 2c 22 7c 22 29 2e 63 6f 6e 63 61 74 28 61 29 3a 22 22 3b 74 20 69 6e 20 77 72 26 26 77 72 5b 74 5d 2e 69 6e 64 65 78 4f 66 28 69 29 3e 3d 30 7c 7c 28 62 72 3d 7b 63 6f 64 65 3a 74 2c 6e 61 6d 65 3a Data Ascii: St.id),e.push(St.target),e.push(St.checksum),sr(e,!1))}return[2]}))}))}var br,wr={};function kr(t,e,n,a,r){void 0===n&&(n=null),void 0===a&&(a=null),void 0===r&&(r=null);var i=n?"".concat(n,"\|").concat(a):"";t in wr&&wr[t].indexOf(i)>=0\|\|(br={code:t,name:
2024-11-07 14:49:23 UTC	996	IN	Data Raw: 57 69 28 74 29 2c 7a 69 28 29 2c 62 74 28 29 2c 24 69 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 69 28 74 2e 73 74 61 72 74 29 28 29 7d 29 29 2c 6e 75 6c 6c 3d 3d 3d 74 26 26 69 6f 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 65 6f 28 29 7b 50 69 28 29 26 26 28 24 69 2e 73 6c 69 63 65 28 29 2e 72 65 76 65 72 73 65 28 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 69 28 74 2e 73 74 6f 70 29 28 29 7d 29 29 2c 77 74 28 29 2c 48 69 28 29 2c 76 6f 69 64 20 30 21 3d 3d 61 6f 26 26 28 61 6f 5b 72 6f 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 28 61 6f 5b 72 6f 5d 2e 71 3d 61 6f 5b 72 6f 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 2c 22 73 74 61 72 74 22 Data Ascii: Wi(t),zi(),bt(),$i.forEach((function(t){return Oi(t.start)()})),null===t&&io())}function eo(){Pi()&&($i.slice().reverse().forEach((function(t){return Oi(t.stop)()})),wt(),Hi(),void 0!==ao&&(ao[ro]=function(){(ao[ro].q=ao[ro].q\|\|[]).push(arguments),"start"

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:23 UTC	756	OUT	GET /api/map/kdocs/docs_channel?device_type=windows&kdocssrc=loadPlatform&region=eu HTTP/1.1 Host: params.wps.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://eu.docs.wps.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1634799763.1730990957; lang=en-US; _ga_PE2STH1E8E=GS1.1.1730990956.1.0.1730990959.0.0.0
2024-11-07 14:49:23 UTC	414	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 14:49:23 GMT Content-Type: application/json; charset=utf-8 Content-Length: 60 Connection: close access-control-allow-credentials: true access-control-allow-origin: https://eu.docs.wps.com access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type vary: Origin x-envoy-upstream-service-time: 0 Server: elb
2024-11-07 14:49:23 UTC	60	IN	Data Raw: 7b 22 73 74 61 74 69 63 6a 73 22 3a 7b 22 77 65 62 73 69 74 65 22 3a 7b 22 64 6f 63 73 5f 63 68 61 6e 6e 65 6c 22 3a 7b 22 70 64 66 53 77 69 74 63 68 22 3a 22 6f 6e 22 7d 7d 7d 7d Data Ascii: {"staticjs":{"website":{"docs_channel":{"pdfSwitch":"on"}}}}

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:25 UTC	610	OUT	GET /intl/docs/img/logo.d58097c.svg HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:25 UTC	748	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: image/svg+xml Content-Length: 4092 Connection: close Accept-Ranges: bytes Age: 2073145 Etag: "274daf61e8c5ced348d12802759b3daa" Last-Modified: Wed, 18 Sep 2024 08:10:16 GMT Vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: xcGEH-AYyJsBiEmrNR_QopLktCh1HauWKjjtuJgL8-If4YpBOU2xzg== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: Hit from cloudfront X-Request-Id: da6cc9e0747d5b82726aca30209047d2 X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:25 GMT via: cache06.oversea-GM-FRA6
2024-11-07 14:49:25 UTC	4092	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 32 35 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 35 20 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 67 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 63 6c 69 70 30 5f 34 37 5f 35 39 30 29 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 33 38 2e 36 36 36 37 20 30 48 39 2e 33 33 33 33 34 43 34 2e 31 37 38 36 38 20 30 20 30 20 34 2e 31 37 38 36 38 20 30 20 39 2e 33 33 33 33 34 56 33 38 2e 36 36 36 37 43 30 20 34 33 2e 38 32 31 33 20 34 2e 31 37 38 36 38 20 34 38 20 39 2e 33 33 33 33 34 20 34 38 48 33 38 2e 36 36 36 37 43 34 33 2e 38 32 31 33 20 34 38 20 34 38 20 34 33 Data Ascii: <svg width="125" height="48" viewBox="0 0 125 48" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_47_590)"><path d="M38.6667 0H9.33334C4.17868 0 0 4.17868 0 9.33334V38.6667C0 43.8213 4.17868 48 9.33334 48H38.6667C43.8213 48 48 43

Timestamp	Bytes transferred	Direction	Data
2024-11-07 14:49:25 UTC	613	OUT	GET /intl/docs/img/wheat.1.36b312a.png HTTP/1.1 Host: docs.cache.wpscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://eu.docs.wps.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 14:49:25 UTC	728	IN	HTTP/1.1 200 OK Server: Byte-nginx Content-Type: image/png Content-Length: 1215 Connection: close Accept-Ranges: bytes Age: 234278 Etag: "a83956cb86c8baabd34903313b3ef89a" Last-Modified: Wed, 18 Sep 2024 08:10:25 GMT Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin X-Amz-Cf-Id: wKSnpPKwP2TAKA3fdBVM0T_20WBUmchq-Y9BnNFJVQI5vYilXbU2Qg== X-Amz-Cf-Pop: FRA56-P12 X-Amz-Server-Side-Encryption: AES256 X-Bdcdn-Cache-Status: TCP_HIT X-Cache: Miss from cloudfront X-Request-Id: e156efb702450684158d40a9064a70bf X-Request-Ip: 173.254.250.79 X-Response-Cache: edge_hit X-Response-Cinfo: 173.254.250.79 X-Tt-Trace-Tag: id=5 Date: Thu, 07 Nov 2024 14:49:25 GMT via: cache05.oversea-GM-FRA6
2024-11-07 14:49:25 UTC	1215	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 11 00 00 00 28 08 06 00 00 00 18 18 11 9f 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 54 49 44 41 54 78 01 a5 56 5f 68 5b 65 14 3f df 77 93 65 dd 9a 8a ac 2f c9 8a 38 84 d8 a1 8e 41 aa 20 ab b4 ea 50 87 6d f7 a6 a4 0f 6e ac 2e 85 4d 05 ad ef 4d df bb 47 75 49 69 71 4c 5b c1 41 ad a9 e2 7f 5a ac 6f 4d 57 3a 64 c9 b5 c8 9c 5b f2 32 d0 f5 66 49 93 dc 73 8e e7 a6 b4 b4 5b 9a dc e1 09 21 37 f7 fb be df f7 3b bf f3 bb e7 bb 00 2e e2 e6 c2 3b c1 cd eb f4 c2 19 7f f6 97 f7 c2 db c7 3d 8d 00 72 f3 ef 0f 29 a6 8c 2c 0c 28 0d 31 ae 40 80 bc 18 db 3e 47 d7 03 b8 f5 eb f9 10 13 46 c0 b6 81 15 c5 88 Data Ascii: PNGIHDR(pHYssRGBgAMAaTIDATxV_h[e?we/8A Pmn.MMGuIiqL[AZoMW:d[2fIs[!7;.;=r),(1@>GF