Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=

Overview

General Information

Sample URL:http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=
Analysis ID:1577939
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Suricata IDS alerts for network traffic
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1948,i,10297392431265034447,11680345600636547601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T22:03:59.693442+010020573331Successful Credential Theft Detected192.168.2.1649700162.241.3.4443TCP
2024-12-18T22:04:43.571036+010020573331Successful Credential Theft Detected192.168.2.1649712162.241.3.4443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.16:49712 -> 162.241.3.4:443
Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.16:49700 -> 162.241.3.4:443
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N HTTP/1.1Host: coelhocontabilidadedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://kiesermedicalcorporation.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: coelhocontabilidadedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N HTTP/1.1Host: coelhocontabilidadedigital.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: coelhocontabilidadedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123NAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=coelhocontabilidadedigital.com&oit=3&cp=30&pgcl=7&gs_rn=42&psi=29OGPLr1eZiLLjdC&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: coelhocontabilidadedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20= HTTP/1.1Host: kiesermedicalcorporation.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kiesermedicalcorporation.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: kiesermedicalcorporation.com
Source: global trafficDNS traffic detected: DNS query: coelhocontabilidadedigital.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 18 Dec 2024 21:03:57 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: chromecache_70.1.drString found in binary or memory: http://www.broofa.com
Source: chromecache_70.1.drString found in binary or memory: https://apis.google.com
Source: chromecache_70.1.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_70.1.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_70.1.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_70.1.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_70.1.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_70.1.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_70.1.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_70.1.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: classification engineClassification label: mal56.win@26/24@10/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1948,i,10297392431265034447,11680345600636547601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1948,i,10297392431265034447,11680345600636547601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=0%Avira URL Cloudsafe
http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://coelhocontabilidadedigital.com/0%Avira URL Cloudsafe
https://coelhocontabilidadedigital.com/favicon.ico0%Avira URL Cloudsafe
http://kiesermedicalcorporation.com/favicon.ico0%Avira URL Cloudsafe
https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
172.217.17.78
truefalse
    		high
    play.google.com
    		142.250.181.142
    		truefalse
      		high
      www.google.com
      		142.250.181.132
      		truefalse
        		high
        coelhocontabilidadedigital.com
        		162.241.3.4
        		truetrue
          		unknown
          kiesermedicalcorporation.com
          		103.83.194.55
          		truefalse
            		unknown
            apis.google.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://www.google.com/async/ddljson?async=ntp:2false
                		high
                http://kiesermedicalcorporation.com/favicon.icofalse
                • Avira URL Cloud: safe
                		unknown
                https://coelhocontabilidadedigital.com/favicon.icotrue
                • Avira URL Cloud: safe
                		unknown
                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                  		high
                  https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N#jtortorici@bigge.comfalse
                    		unknown
                    https://coelhocontabilidadedigital.com/true
                    • Avira URL Cloud: safe
                    		unknown
                    https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123Ntrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=true
                      		unknown
                      https://www.google.com/async/newtab_promosfalse
                        		high
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=coelhocontabilidadedigital.com&oit=3&cp=30&pgcl=7&gs_rn=42&psi=29OGPLr1eZiLLjdC&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high
                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://play.google.com/log?format=json&hasfast=truechromecache_70.1.drfalse
                              		high
                              http://www.broofa.comchromecache_70.1.drfalse
                                		high
                                https://apis.google.comchromecache_70.1.drfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  103.83.194.55
                                  		kiesermedicalcorporation.comUnited States
                                  		132335NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINfalse
                                  162.241.3.4
                                  		coelhocontabilidadedigital.comUnited States
                                  		26337OIS1UStrue
                                  142.250.181.132
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse

                                  Private

                                  IP
                                  192.168.2.17
                                  192.168.2.16

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1577939
                                  Start date and time:2024-12-18 22:03:25 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 3m 21s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                  Sample URL:http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:13
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal56.win@26/24@10/6
                                  EGA Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.162.84, 142.250.181.142, 199.232.214.172, 172.217.17.46, 172.217.17.35, 172.217.19.206, 172.217.17.67, 142.250.181.106, 172.217.19.234, 142.250.181.10, 172.217.17.74, 172.217.21.42, 172.217.19.202, 142.250.181.138, 172.217.17.42, 172.217.19.10, 142.250.181.74, 23.50.252.137, 4.245.163.56
                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 20:03:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2673
                                  Entropy (8bit):3.9889506889572406
                                  Encrypted:false
                                  SSDEEP:48:828bdoWTIy7pGHtidAKZdA1FehwiZUklqehsJy+3:8bKW0mpsBJy
                                  MD5:6561A62230BDC645094FE04F44DB2A11
                                  SHA1:84BD92F0B6D0073D803D9B47DE1047599E552F25
                                  SHA-256:F72320864DC61949E70157F50F5CA333126BD1A5A5BD5D586068B6192DE53624
                                  SHA-512:DD6025914E17CAE7AB1ED4E64F6205BFC67AA536E5AB126AAA0F0C4BA5EC08FF63690006B557D88566C1CEA44779A594D47A4B092B69366FE936A4BE96444E4B
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....=+.Y.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 20:03:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2675
                                  Entropy (8bit):4.003720874115197
                                  Encrypted:false
                                  SSDEEP:48:8GX8bdoWTIy7pGHtidAKZdA1seh/iZUkAQkqehxJy+2:83KW0mpC9Q+Jy
                                  MD5:5B932DB6F644C279122A34E7B9356AC5
                                  SHA1:1FF5C10FB96CA92C0B9C419231B75258362FE67F
                                  SHA-256:4DC118E302F72C39206A53D185C39D2E04F372AAF916E078686F36E4D9F2869E
                                  SHA-512:56F6D5D18F9A5B8B793A583FCF348BE20F0396AB4867168AA961C4526F8C09DA67C8E602A91630545CBB90C52611917DD6BA8B30782222C64BA271AB0FCD2D53
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....PD.Y.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2689
                                  Entropy (8bit):4.012442158345449
                                  Encrypted:false
                                  SSDEEP:48:8idoWTIy7pAHtidAKZdA14meh7sFiZUkmgqeh7srJy+BX:8hW0mpAndJy
                                  MD5:42403D6CB2F497F1B699F02738AE06CB
                                  SHA1:95B0B741849D2144D96BFFD94460C2AC8745555D
                                  SHA-256:815F9E75B30B586A3C542A48E9399DF5C9A07E2B9B5E91AB9FBF8B62B1FED28B
                                  SHA-512:11A7020EF9FFD20B8FF5AA589F143632668311432ACB2A60F9770020F7DE7933F2DCA7F743C216AE93B7D6B3EB3409917366B301B131D293304170790817D89B
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 20:03:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):4.002623931529131
                                  Encrypted:false
                                  SSDEEP:48:818bdoWTIy7pGHtidAKZdA1TehDiZUkwqeh1Jy+R:82KW0mpZjJy
                                  MD5:B024016928ACAD4B2BC0862B9C500858
                                  SHA1:868FE84807F3CF83B17B330206F548E947BCAABE
                                  SHA-256:37B7D60B77798BD83C05721AB679E41AC7D38E054EFDF54619640C1AACABDD86
                                  SHA-512:473D469118623EE8B6055A871479757A6A019FB03ACAC0C565D3B04315D61FF810879CA33D282084636B7E350E0161E2BA98134FE25B058B4D24845CB4D91C9C
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....nf.Y.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 20:03:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):3.99314303338843
                                  Encrypted:false
                                  SSDEEP:48:8Hlv8bdoWTIy7pGHtidAKZdA1dehBiZUk1W1qehnJy+C:8HlkKW0mpJ9HJy
                                  MD5:06803FA2130E112ED05A1D61A9B012E7
                                  SHA1:7CA0E75EB3AA76718C940BEE19E0E4D810ED487E
                                  SHA-256:3DD7155BD5775FA283ED560F7D7DC751569C7C7A5CF570C7902BBDE9AC3C4A29
                                  SHA-512:F3C01FAD00E5186561404471ED1A753356BDC23F1272225A47BEC417F367B0AE62DFC53E0FE50272F686F2BE6113F01A4122FDDE66F575742D2EC5822A8C1AA5
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,.......Y.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 20:03:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2679
                                  Entropy (8bit):4.004207609457369
                                  Encrypted:false
                                  SSDEEP:48:808bdoWTIy7pGHtidAKZdA1duTeehOuTbbiZUk5OjqehOuTbdJy+yT+:8FKW0mpxTfTbxWOvTbdJy7T
                                  MD5:87C170C5CE9B0A8AAC9CA9B981F301B8
                                  SHA1:E9BC8E03813920449A2E310F7F52995D4EDB34AF
                                  SHA-256:850153AD66F21569B836F68F0A6E05DA791824D57E0FA517BA538E8FF7E08A35
                                  SHA-512:94CFA3FD2F8D48748D3C6331563839ADE8341783929305CA719C10DE582E27DC899A04DFDBE73685A4980FB1712EADFC3DA66E4F5E6E4A0C1EEE0F2ADDB6EF32
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,.......Y.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ys.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y{.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y{.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y{............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  Chrome Cache Entry: 66

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (843)
                                  Category:downloaded
                                  Size (bytes):848
                                  Entropy (8bit):5.152598482900237
                                  Encrypted:false
                                  SSDEEP:24:p3JIBOtZTEhmBHslgT9lCuABATjuoB7HHHHHHHYqmffffffo:p3JHLomKlgZ01BAPuSEqmffffffo
                                  MD5:6267658CF331FB0FB69CCE1FFD72F943
                                  SHA1:42EE3E5A85D92E2F15BEFD80261AE9549F608B3C
                                  SHA-256:442CED5D67A285E6315E17B6C35364D2A97156276EB6CB4B3677CFBC666B5DCD
                                  SHA-512:4A7359A921A431C8EA8894822D8C48F3BA4282A75AAE89BBAE3B9D415013C0ACE0F55F1704CFA7DB83F2E338619B97B6554EC2C378F772E9539A5AFC3F555E78
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                  Preview:)]}'.["",["cooking with kya sparks","dallas cowboys playoff chances","north pole profits monopoly go rewards","wall street ai stock split potential","snow storm weather forecast","karate kid legends movie trailer","nascar","steam winter sale 2024 games"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-8292151342158006003,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                  Chrome Cache Entry: 67

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text
                                  Category:downloaded
                                  Size (bytes):29
                                  Entropy (8bit):3.9353986674667634
                                  Encrypted:false
                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                  MD5:6FED308183D5DFC421602548615204AF
                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/newtab_promos
                                  Preview:)]}'.{"update":{"promos":{}}}

                                  Chrome Cache Entry: 68

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:very short file (no magic)
                                  Category:downloaded
                                  Size (bytes):1
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3:v:v
                                  MD5:68B329DA9893E34099C7D8AD5CB9C940
                                  SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                  SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                  SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                  Malicious:false
                                  Reputation:low
                                  URL:https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N
                                  Preview:.

                                  Chrome Cache Entry: 69

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (65531)
                                  Category:downloaded
                                  Size (bytes):132739
                                  Entropy (8bit):5.436788190165585
                                  Encrypted:false
                                  SSDEEP:3072:fSkJQ7O4N5dTm+syHEt4W3XdQ4Q61uSr/nUW2i6o:f7Q7HTt/sHdQ4Q61DfUW8o
                                  MD5:88ED24C026F90345E00AC30CE4EB6E66
                                  SHA1:3309FDBBAD1A7B8AB98DF2B2220C5D6ED21691D5
                                  SHA-256:1ABB99BE2A3C17C4CAA7208B249C6B44AFA63F7249AC6D4D2CFD61459EEB05F3
                                  SHA-512:6488F4315A9E0EAD95F2A87BA5689185747868901CFD97D15723C742BF23CD55A6DD68EED0E1CFBAAE3369105210D92215E7594FB4287931DC5094E011B5BE89
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                  Chrome Cache Entry: 70

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (2410)
                                  Category:downloaded
                                  Size (bytes):175897
                                  Entropy (8bit):5.549876394125764
                                  Encrypted:false
                                  SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                  MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                  SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                  SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                  SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                  Malicious:false
                                  Reputation:low
                                  URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                  Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                  Chrome Cache Entry: 71

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (5162), with no line terminators
                                  Category:downloaded
                                  Size (bytes):5162
                                  Entropy (8bit):5.3503139230837595
                                  Encrypted:false
                                  SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                  MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                  SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                  SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                  SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                  Malicious:false
                                  Reputation:low
                                  URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                  Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                  Chrome Cache Entry: 72

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:SVG Scalable Vector Graphics image
                                  Category:downloaded
                                  Size (bytes):1660
                                  Entropy (8bit):4.301517070642596
                                  Encrypted:false
                                  SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                  MD5:554640F465EB3ED903B543DAE0A1BCAC
                                  SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                  SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                  SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                  Chrome Cache Entry: 73

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:HTML document, ASCII text
                                  Category:downloaded
                                  Size (bytes):315
                                  Entropy (8bit):5.0572271090563765
                                  Encrypted:false
                                  SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
                                  MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                  SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                  SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                  SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                  Malicious:false
                                  Reputation:low
                                  URL:http://kiesermedicalcorporation.com/favicon.ico
                                  Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                  Chrome Cache Entry: 74

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (65531)
                                  Category:downloaded
                                  Size (bytes):73320
                                  Entropy (8bit):6.023928582744774
                                  Encrypted:false
                                  SSDEEP:1536:HmMxGD7GlXw+mOIdTEYGNcRUNz0ZsfGXdcxpOtfL97P9gXum7/5kxVV:roD6hzmuYnRGxozdP9g+mjAVV
                                  MD5:6CC13A75787C4006709F5588949F7F51
                                  SHA1:2E8CEF66DCE84DD088FC702DA60B8304000B18B8
                                  SHA-256:716165D24F0EEDA7F42EF4CB99E7C012231DA19422F345EB8F1EE00DB4B3C3F4
                                  SHA-512:EE87F574621E341E91FC2CCB8D3CEF06E40A55E76C37EF802A1BAEC62C8A5111E702AD0379BFE91B10E37610759B60996C07F6FC921CE0C7C8FC0F4159F5925A
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/ddljson?async=ntp:2
                                  Preview:)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Seasonal Holidays 2024","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAAD6CAMAAABK88kiAAADAFBMVEVHcEyQ+f/+sZLpsOD65JP9ew7lnun943b3PjryTED+krT683n/ODb9lr7/NjP9bIDejvz/mLz+krP/iqj/sNz/tOL8m8r+ZXbZivzci/r/Mi3/eJD/hKH/nNX8W2n/NTL8XWzbjP4P/Oj9ODb6XXn/My/5OTjCZXX4WnW2WW8D++H7S3T+TF/7NDHWVH38ZZnmY6y2WJLyYqv+WEj+ca/7XqD6Mi0F7OX4MiyqS0ycVmEM8OYA7f8A8eUE4fv+QEIB7v8A6fv7Lif8MCoD9d/9NDAJ8NacSkkI6uoH7eKTT0z6Lyf+QYHsQDbGPT+wQUHdNDFiYWP+LCVhXFxcWlpgWl0ugPoLR+pbW1pbWltdW15OVn5fYF1cXVz7LCVcXFxFR5oNQuMLPe1PXVwwQbQQPvsue/QKOvD9Licyhvgug/gAbOY1hPgE7dUA2+oAy+UAnen+50r97Fj+6lD961k0hvgsg/stg/pdZ14A8f8A2PH/6Uv97Vb/7U/+7VIvgfctg/sH9tD95kv+6k/ZzFRmV1QA/sX85EqHg1qmlUj33UIHpUkBrEgFp0x6dFUAI+Nzfolwe3KQnbBdWVxeX1+xTk+z/+Gdx86s4ez88WiJTU1pbmqEoKW05/qk9NG16PwBsUav/N4axCkQfj16UU91KXqNQJgVgUAFsWg/PM37vhB7VG37uQ/8wA7+uwH5vxGen3r7gNb/gtrZi//7vRCw/eDVsStAqOw3jfnz+p0+rO7ld9xEo+rbi/7TavjVffPNL/2cTa6nbsrbi/6eXbIyh/tqjvpvjf7+Tay1qFNxivx1kP9Tif2Vj

                                  Static File Info

                                  No static file info

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-18T22:03:59.693442+01002057333ET PHISHING MAMBA Credential Phish Landing Page 2024-11-081192.168.2.1649700162.241.3.4443TCP
                                  2024-12-18T22:04:43.571036+01002057333ET PHISHING MAMBA Credential Phish Landing Page 2024-11-081192.168.2.1649712162.241.3.4443TCP

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 18, 2024 22:03:55.640268087 CET4969780192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.640748978 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.727885962 CET4969980192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.760005951 CET8049697103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:55.760344028 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:55.760516882 CET4969780192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.760519981 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.761281013 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.847599030 CET8049699103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:55.850687027 CET4969980192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:55.881555080 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:56.097712994 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:03:56.413367987 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:03:56.999093056 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:57.017404079 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:03:57.037997961 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:57.157587051 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:57.427618980 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:03:57.479391098 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:03:57.798506021 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.798602104 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:57.798717022 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.798877001 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.798906088 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:57.798974037 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.799112082 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.799148083 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:57.799249887 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:57.799267054 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:58.220418930 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:03:59.062815905 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.063136101 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.063205957 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.064886093 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.065015078 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.065428972 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.065629959 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.065643072 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.066078901 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.066196918 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.066272020 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.066302061 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.067368031 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.067455053 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.068232059 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.068320990 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.112376928 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.112385988 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.112405062 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.160367012 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.261742115 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:03:59.261810064 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:03:59.261897087 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:03:59.262136936 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:03:59.262166023 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:03:59.693319082 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.693914890 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.694011927 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.694473028 CET49700443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.694520950 CET44349700162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:03:59.726104021 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:03:59.767324924 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:00.081790924 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:00.082146883 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:00.082217932 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:00.082470894 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:00.082489967 CET44349701162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:00.082498074 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:00.082544088 CET49701443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:00.597955942 CET4969080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:00.626378059 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:04:00.957195044 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:00.958446980 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:00.958508015 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:00.959512949 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:00.959585905 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:00.965070963 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:00.965133905 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:01.011662006 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:01.011682987 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:01.058428049 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:02.451323986 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:02.451405048 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:02.542762995 CET4969880192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:02.662288904 CET8049698103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:04.267664909 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:04.570406914 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:05.175494909 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:05.430376053 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:04:06.387370110 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:08.734519005 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:08.798382044 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:09.037404060 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:09.644376993 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:10.664046049 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:10.664102077 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:10.664277077 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:10.857567072 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:12.538140059 CET49704443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:12.538208008 CET44349704142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:13.272380114 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:13.608402014 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:15.044421911 CET49673443192.168.2.16204.79.197.203
                                  Dec 18, 2024 22:04:18.080387115 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:23.209465981 CET49678443192.168.2.1620.189.173.10
                                  Dec 18, 2024 22:04:27.691874027 CET4968080192.168.2.16192.229.211.108
                                  Dec 18, 2024 22:04:40.769383907 CET4969780192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:40.864365101 CET4969980192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:40.889061928 CET8049697103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:40.984023094 CET8049699103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:41.667164087 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.667202950 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:41.667290926 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.667745113 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.667795897 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:41.667879105 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.668051004 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.668066978 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:41.668277979 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:41.668294907 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.927212000 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.927675962 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:42.927741051 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.928229094 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.928646088 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:42.928726912 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.928845882 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:42.938489914 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.938808918 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:42.938833952 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.939377069 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.939776897 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:42.939855099 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.975347042 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:42.982403994 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.571043015 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.573172092 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.573295116 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.574958086 CET49712443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.575006962 CET44349712162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.597322941 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.639373064 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.945393085 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.945512056 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:43.945588112 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.946238995 CET49711443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:04:43.946263075 CET44349711162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:04:56.547939062 CET4969780192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:56.547975063 CET4969980192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:56.668169022 CET8049697103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:56.668240070 CET4969780192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:56.668560982 CET8049699103.83.194.55192.168.2.16
                                  Dec 18, 2024 22:04:56.668612957 CET4969980192.168.2.16103.83.194.55
                                  Dec 18, 2024 22:04:59.180509090 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:59.180548906 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:04:59.180644035 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:59.180910110 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:04:59.180922031 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:00.917205095 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:00.917566061 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:00.917593002 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:00.917937040 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:00.918253899 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:00.918320894 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:00.962387085 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:10.621850014 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:10.622005939 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:10.622090101 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:12.547372103 CET49715443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:12.547404051 CET44349715142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.357073069 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.357115030 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.357201099 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.357467890 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.357480049 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.799074888 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.799129009 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.799226046 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.800276995 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.800303936 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.879265070 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.879321098 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.879467010 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.879858971 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.879874945 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.895205021 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.895245075 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:36.895333052 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.895726919 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:36.895740032 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.051840067 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.052217007 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.052238941 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.052711010 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.053046942 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.053133011 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.053215027 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.099327087 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.494139910 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.494720936 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.494749069 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.495220900 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.495661974 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.495745897 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.495836020 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.543329954 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.583148956 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.583590031 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.583612919 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.587413073 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.587511063 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.587970972 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.588151932 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.588171959 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.598860979 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.599165916 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.599201918 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.600737095 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.600820065 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.601191998 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.601277113 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.601382017 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.601392984 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.629456043 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.629477978 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.645438910 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.677444935 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.919508934 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.919718981 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:38.919828892 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.921112061 CET49717443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:38.921130896 CET44349717142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.354720116 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.354789019 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.354847908 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.354868889 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.374938965 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.375021935 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.375031948 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.383133888 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.383198977 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.383225918 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.394337893 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.394402027 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.394412994 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.406219959 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.406286001 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.406296015 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.460424900 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.466300011 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.466351032 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.466382980 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.466406107 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.466428995 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.466470957 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.467031956 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.472518921 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.472866058 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.472932100 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.473521948 CET49720443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.473540068 CET44349720142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.474324942 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.474392891 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.474400043 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.522469044 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.522591114 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.529339075 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.529433966 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.529459000 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.542059898 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.547959089 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.548032999 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.548060894 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.560828924 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.560918093 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.560934067 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.570420027 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.570442915 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.570496082 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.570671082 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.570681095 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.576386929 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.576457977 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.576466084 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.586205006 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.586268902 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.586285114 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.590246916 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.590344906 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.590354919 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.603827000 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.603936911 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.603965998 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.617743969 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.617826939 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.617841005 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.631365061 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.631443977 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.631468058 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.634430885 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.645098925 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.645195007 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.645225048 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.652916908 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.660521984 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.660608053 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.660638094 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.667701006 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.667778969 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.667809963 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.673894882 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.673959017 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.673974037 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.675252914 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.675322056 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.675348043 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.687006950 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.687079906 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.687100887 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.700674057 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.700766087 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.700782061 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.714200020 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.714302063 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.714323044 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.727844954 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.728001118 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.728020906 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.729465961 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.734610081 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.737795115 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.737879992 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.737884998 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.737912893 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.737956047 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.741549015 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.741727114 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.741739988 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.746206045 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.753452063 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.753547907 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.753571033 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.754940987 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.755021095 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.755022049 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.755050898 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.755099058 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.760535002 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.760663986 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.760685921 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.768521070 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.770920992 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.770998001 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.771015882 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.780966997 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.781063080 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.781084061 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.782310963 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.782394886 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.782414913 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.791548014 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.791645050 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.791651964 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.791672945 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.791713953 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.791731119 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.795593977 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.795661926 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.795681000 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.800956964 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.801052094 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.801070929 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.810261965 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.810349941 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.810372114 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.819623947 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.819724083 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.819756031 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.820158958 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.820211887 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.821805000 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.821837902 CET44349718142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.821857929 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.821892023 CET49718443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.841424942 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.841448069 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.850271940 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.850385904 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.850403070 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.857322931 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.857453108 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.857474089 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.860259056 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.860344887 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.860358953 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.873879910 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.873969078 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.873986959 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.886462927 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.886569977 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.886589050 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.899142027 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.899262905 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.899288893 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.910830021 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.910904884 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.910933018 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.921858072 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.921937943 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.921962976 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.932610035 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.932728052 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.932753086 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.942893982 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.942991018 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.943017006 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.952197075 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.952265978 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.952282906 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.960196018 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.960299969 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.960323095 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.968477011 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.968560934 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.968592882 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.976419926 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.976507902 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.976528883 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.983943939 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.984064102 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.984081030 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.992028952 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:39.992095947 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:39.992126942 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.000025034 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.000081062 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.000107050 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.007826090 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.007900000 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.007925034 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.019340992 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.019422054 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.019449949 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.023286104 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.023346901 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.023375988 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.031167984 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.031244993 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.031277895 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.038614035 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.038697004 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.038727045 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.045960903 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.046046019 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.046073914 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.051863909 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.051970005 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.052000046 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.057455063 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.057519913 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.057552099 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.063901901 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.063991070 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.064016104 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.072238922 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.072292089 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.072316885 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.079360008 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.079446077 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.079466105 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.091090918 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.091186047 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.091183901 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.091213942 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.091262102 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.092519045 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.095261097 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.095340014 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.095367908 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.103359938 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.103449106 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.103475094 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.103741884 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.103760004 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.103784084 CET44349719142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:40.103823900 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:40.103859901 CET49719443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.118011951 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.118071079 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:41.118166924 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.118540049 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.118556023 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:41.419104099 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.419163942 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:41.419260979 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.419724941 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:41.419739962 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.684540033 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.684595108 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.684689045 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.684916019 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.684930086 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.816178083 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.816507101 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.816536903 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.817677975 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.818006039 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.818149090 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:42.818155050 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.818185091 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:42.872468948 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.122033119 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:43.122325897 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.122354984 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:43.122654915 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:43.122961044 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.123013973 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:43.175503969 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.515573978 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.515753031 CET44349724142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:43.515834093 CET49724443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:43.529424906 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.529462099 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:43.529545069 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.529669046 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.529675961 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:43.529732943 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.530066967 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.530080080 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:43.530224085 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:43.530230045 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.415591002 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:44.415977955 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:44.416043997 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:44.417516947 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:44.417623997 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:44.418036938 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:44.418154955 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:44.469460964 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:44.469490051 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:44.517432928 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:44.779539108 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.779839039 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:44.779866934 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.780240059 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.780548096 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:44.780611038 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.780698061 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:44.785124063 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.785332918 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:44.785368919 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.785836935 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.786113024 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:44.786190987 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.823328018 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:44.835419893 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:45.253717899 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:45.253818035 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:45.253921032 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:45.254456043 CET49727443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:45.254479885 CET44349727162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:52.829530954 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:52.829679966 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:52.829752922 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:54.161536932 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:54.161600113 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:54.161676884 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:54.545315027 CET49725443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:54.545351982 CET44349725142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:54.545367002 CET49726443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:54.545427084 CET44349726142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:55.130433083 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:55.130625963 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:55.130759954 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:56.543550014 CET49728443192.168.2.16162.241.3.4
                                  Dec 18, 2024 22:05:56.543581009 CET44349728162.241.3.4192.168.2.16
                                  Dec 18, 2024 22:05:59.241497993 CET49732443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:59.241544008 CET44349732142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:05:59.241616964 CET49732443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:59.241940975 CET49732443192.168.2.16142.250.181.132
                                  Dec 18, 2024 22:05:59.241955996 CET44349732142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:06:00.934858084 CET44349732142.250.181.132192.168.2.16
                                  Dec 18, 2024 22:06:00.982414007 CET49732443192.168.2.16142.250.181.132

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 18, 2024 22:03:54.514225006 CET53569661.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:54.561991930 CET53651481.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:55.214677095 CET6545053192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:55.215095997 CET6499953192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:55.639132023 CET53654501.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:55.639455080 CET53649991.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:57.034951925 CET6048153192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:57.035274029 CET5342853192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:57.262751102 CET53519041.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:57.796933889 CET53534281.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:57.797755003 CET53604811.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:59.121329069 CET5831553192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:59.121829033 CET5597253192.168.2.161.1.1.1
                                  Dec 18, 2024 22:03:59.260541916 CET53583151.1.1.1192.168.2.16
                                  Dec 18, 2024 22:03:59.260973930 CET53559721.1.1.1192.168.2.16
                                  Dec 18, 2024 22:04:14.261686087 CET53612731.1.1.1192.168.2.16
                                  Dec 18, 2024 22:04:33.071026087 CET53611351.1.1.1192.168.2.16
                                  Dec 18, 2024 22:04:54.452124119 CET53570241.1.1.1192.168.2.16
                                  Dec 18, 2024 22:04:55.510541916 CET53550701.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:00.427880049 CET138138192.168.2.16192.168.2.255
                                  Dec 18, 2024 22:05:26.164367914 CET53501121.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:40.317800999 CET53560541.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:43.456763983 CET6311453192.168.2.161.1.1.1
                                  Dec 18, 2024 22:05:43.456948042 CET5628753192.168.2.161.1.1.1
                                  Dec 18, 2024 22:05:43.596049070 CET53631141.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:43.596908092 CET53562871.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:43.596920013 CET53566861.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:44.457612991 CET5710253192.168.2.161.1.1.1
                                  Dec 18, 2024 22:05:44.457775116 CET5357353192.168.2.161.1.1.1
                                  Dec 18, 2024 22:05:44.599693060 CET53571021.1.1.1192.168.2.16
                                  Dec 18, 2024 22:05:44.599749088 CET53535731.1.1.1192.168.2.16

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 18, 2024 22:03:55.214677095 CET192.168.2.161.1.1.10xc1faStandard query (0)kiesermedicalcorporation.comA (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:55.215095997 CET192.168.2.161.1.1.10xe639Standard query (0)kiesermedicalcorporation.com65IN (0x0001)false
                                  Dec 18, 2024 22:03:57.034951925 CET192.168.2.161.1.1.10xc9baStandard query (0)coelhocontabilidadedigital.comA (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:57.035274029 CET192.168.2.161.1.1.10xb21fStandard query (0)coelhocontabilidadedigital.com65IN (0x0001)false
                                  Dec 18, 2024 22:03:59.121329069 CET192.168.2.161.1.1.10x6114Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:59.121829033 CET192.168.2.161.1.1.10x10dStandard query (0)www.google.com65IN (0x0001)false
                                  Dec 18, 2024 22:05:43.456763983 CET192.168.2.161.1.1.10x28f3Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:05:43.456948042 CET192.168.2.161.1.1.10xb153Standard query (0)apis.google.com65IN (0x0001)false
                                  Dec 18, 2024 22:05:44.457612991 CET192.168.2.161.1.1.10x6d31Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:05:44.457775116 CET192.168.2.161.1.1.10xd4c9Standard query (0)play.google.com65IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 18, 2024 22:03:55.639132023 CET1.1.1.1192.168.2.160xc1faNo error (0)kiesermedicalcorporation.com103.83.194.55A (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:57.797755003 CET1.1.1.1192.168.2.160xc9baNo error (0)coelhocontabilidadedigital.com162.241.3.4A (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:59.260541916 CET1.1.1.1192.168.2.160x6114No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:03:59.260973930 CET1.1.1.1192.168.2.160x10dNo error (0)www.google.com65IN (0x0001)false
                                  Dec 18, 2024 22:05:43.596049070 CET1.1.1.1192.168.2.160x28f3No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                  Dec 18, 2024 22:05:43.596049070 CET1.1.1.1192.168.2.160x28f3No error (0)plus.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                  Dec 18, 2024 22:05:43.596908092 CET1.1.1.1192.168.2.160xb153No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                  Dec 18, 2024 22:05:44.599693060 CET1.1.1.1192.168.2.160x6d31No error (0)play.google.com142.250.181.142A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • kiesermedicalcorporation.com
                                    • coelhocontabilidadedigital.com
                                  • https:
                                  • www.google.com

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.1649698103.83.194.55806392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 18, 2024 22:03:55.761281013 CET493OUTGET /mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20= HTTP/1.1
                                  Host: kiesermedicalcorporation.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Accept-Encoding: gzip, deflate
                                  Accept-Language: en-US,en;q=0.9
                                  Dec 18, 2024 22:03:56.999093056 CET345INHTTP/1.1 200 OK
                                  Date: Wed, 18 Dec 2024 21:03:56 GMT
                                  Server: Apache
                                  refresh: 0;url=https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N#jtortorici@bigge.com
                                  Content-Length: 0
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=UTF-8
                                  Dec 18, 2024 22:03:57.037997961 CET450OUTGET /favicon.ico HTTP/1.1
                                  Host: kiesermedicalcorporation.com
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Referer: http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=
                                  Accept-Encoding: gzip, deflate
                                  Accept-Language: en-US,en;q=0.9
                                  Dec 18, 2024 22:03:57.427618980 CET515INHTTP/1.1 404 Not Found
                                  Date: Wed, 18 Dec 2024 21:03:57 GMT
                                  Server: Apache
                                  Content-Length: 315
                                  Keep-Alive: timeout=5, max=99
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=iso-8859-1
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.1649697103.83.194.55806392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 18, 2024 22:04:40.769383907 CET6OUTData Raw: 00
                                  Data Ascii:


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.1649699103.83.194.55806392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 18, 2024 22:04:40.864365101 CET6OUTData Raw: 00
                                  Data Ascii:


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.1649700162.241.3.44436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:03:59 UTC787OUTGET /x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N HTTP/1.1
                                  Host: coelhocontabilidadedigital.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-Dest: document
                                  Referer: http://kiesermedicalcorporation.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:03:59 UTC208INHTTP/1.1 200 OK
                                  Date: Wed, 18 Dec 2024 21:03:59 GMT
                                  Server: Apache
                                  Upgrade: h2,h2c
                                  Connection: Upgrade, close
                                  Vary: Accept-Encoding
                                  Transfer-Encoding: chunked
                                  Content-Type: text/html; charset=UTF-8
                                  2024-12-18 21:03:59 UTC11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: 10


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.1649701162.241.3.44436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:03:59 UTC697OUTGET /favicon.ico HTTP/1.1
                                  Host: coelhocontabilidadedigital.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:04:00 UTC195INHTTP/1.1 500 Internal Server Error
                                  Date: Wed, 18 Dec 2024 21:03:59 GMT
                                  Server: Apache
                                  Upgrade: h2,h2c
                                  Connection: Upgrade, close
                                  Content-Length: 0
                                  Content-Type: text/html; charset=utf-8


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.1649712162.241.3.44436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:04:42 UTC780OUTGET /x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N HTTP/1.1
                                  Host: coelhocontabilidadedigital.com
                                  Connection: keep-alive
                                  Cache-Control: max-age=0
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:04:43 UTC208INHTTP/1.1 200 OK
                                  Date: Wed, 18 Dec 2024 21:04:43 GMT
                                  Server: Apache
                                  Upgrade: h2,h2c
                                  Connection: Upgrade, close
                                  Vary: Accept-Encoding
                                  Transfer-Encoding: chunked
                                  Content-Type: text/html; charset=UTF-8
                                  2024-12-18 21:04:43 UTC11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: 10


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.1649711162.241.3.44436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:04:43 UTC697OUTGET /favicon.ico HTTP/1.1
                                  Host: coelhocontabilidadedigital.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://coelhocontabilidadedigital.com/x/?c3Y9bzM2NV8xX25vbSZyYW5kPWFtODNiRkE9JnVpZD1VU0VSMjAxMTIwMjRVMDUxMTIwMjE=N0123N
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:04:43 UTC195INHTTP/1.1 500 Internal Server Error
                                  Date: Wed, 18 Dec 2024 21:04:43 GMT
                                  Server: Apache
                                  Upgrade: h2,h2c
                                  Connection: Upgrade, close
                                  Content-Length: 0
                                  Content-Type: text/html; charset=utf-8


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.1649717142.250.181.1324436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:38 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:05:38 UTC1266INHTTP/1.1 200 OK
                                  Date: Wed, 18 Dec 2024 21:05:38 GMT
                                  Pragma: no-cache
                                  Expires: -1
                                  Cache-Control: no-cache, must-revalidate
                                  Content-Type: text/javascript; charset=UTF-8
                                  Strict-Transport-Security: max-age=31536000
                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OuHunkRIpdJ1JbBgeB6ADA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2024-12-18 21:05:38 UTC124INData Raw: 33 35 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 6f 6f 6b 69 6e 67 20 77 69 74 68 20 6b 79 61 20 73 70 61 72 6b 73 22 2c 22 64 61 6c 6c 61 73 20 63 6f 77 62 6f 79 73 20 70 6c 61 79 6f 66 66 20 63 68 61 6e 63 65 73 22 2c 22 6e 6f 72 74 68 20 70 6f 6c 65 20 70 72 6f 66 69 74 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 77 61 6c 6c 20 73 74 72
                                  Data Ascii: 350)]}'["",["cooking with kya sparks","dallas cowboys playoff chances","north pole profits monopoly go rewards","wall str
                                  2024-12-18 21:05:38 UTC731INData Raw: 65 65 74 20 61 69 20 73 74 6f 63 6b 20 73 70 6c 69 74 20 70 6f 74 65 6e 74 69 61 6c 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 6b 61 72 61 74 65 20 6b 69 64 20 6c 65 67 65 6e 64 73 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 2c 22 6e 61 73 63 61 72 22 2c 22 73 74 65 61 6d 20 77 69 6e 74 65 72 20 73 61 6c 65 20 32 30 32 34 20 67 61 6d 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d
                                  Data Ascii: eet ai stock split potential","snow storm weather forecast","karate kid legends movie trailer","nascar","steam winter sale 2024 games"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbm
                                  2024-12-18 21:05:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.1649718142.250.181.1324436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:38 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:05:39 UTC1018INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Strict-Transport-Security: max-age=31536000
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Wed, 18 Dec 2024 21:05:39 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2024-12-18 21:05:39 UTC372INData Raw: 36 32 39 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 63 63 65 73 73 69 62 69 6c 69 74 79 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 61 6c 74 5f 74 65 78 74 22 3a 22 53 65 61 73 6f 6e 61 6c 20 48 6f 6c 69 64 61 79 73 20 32 30 32 34 22 2c 22 64 61 72 6b 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 6c 67 41 41 41 44 36 43 41 4d 41 41 41 42 4b 38 38 6b 69 41 41 41 44 41 46 42 4d 56 45 56 48 63 45 79 51 2b 66 2f 2b 73 5a 4c 70 73 4f 44 36 35 4a 50 39 65 77 37 6c 6e 75 6e 39 34 33 62 33 50 6a 72 79 54 45 44 2b 6b 72 54 36 38 33 6e 2f 4f 44 62 39 6c 72 37 2f 4e 6a 50 39 62 49 44 65 6a 76 7a 2f 6d 4c 7a
                                  Data Ascii: 629)]}'{"ddljson":{"accessibility_description":"","alt_text":"Seasonal Holidays 2024","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAAD6CAMAAABK88kiAAADAFBMVEVHcEyQ+f/+sZLpsOD65JP9ew7lnun943b3PjryTED+krT683n/ODb9lr7/NjP9bIDejvz/mLz
                                  2024-12-18 21:05:39 UTC1212INData Raw: 5a 5a 6e 6d 59 36 79 32 57 4a 4c 79 59 71 76 2b 57 45 6a 2b 63 61 2f 37 58 71 44 36 4d 69 30 46 37 4f 58 34 4d 69 79 71 53 30 79 63 56 6d 45 4d 38 4f 59 41 37 66 38 41 38 65 55 45 34 66 76 2b 51 45 49 42 37 76 38 41 36 66 76 37 4c 69 66 38 4d 43 6f 44 39 64 2f 39 4e 44 41 4a 38 4e 61 63 53 6b 6b 49 36 75 6f 48 37 65 4b 54 54 30 7a 36 4c 79 66 2b 51 59 48 73 51 44 62 47 50 54 2b 77 51 55 48 64 4e 44 46 69 59 57 50 2b 4c 43 56 68 58 46 78 63 57 6c 70 67 57 6c 30 75 67 50 6f 4c 52 2b 70 62 57 31 70 62 57 6c 74 64 57 31 35 4f 56 6e 35 66 59 46 31 63 58 56 7a 37 4c 43 56 63 58 46 78 46 52 35 6f 4e 51 75 4d 4c 50 65 31 50 58 56 77 77 51 62 51 51 50 76 73 75 65 2f 51 4b 4f 76 44 39 4c 69 63 79 68 76 67 75 67 2f 67 41 62 4f 59 31 68 50 67 45 37 64 55 41 32 2b 6f
                                  Data Ascii: ZZnmY6y2WJLyYqv+WEj+ca/7XqD6Mi0F7OX4MiyqS0ycVmEM8OYA7f8A8eUE4fv+QEIB7v8A6fv7Lif8MCoD9d/9NDAJ8NacSkkI6uoH7eKTT0z6Lyf+QYHsQDbGPT+wQUHdNDFiYWP+LCVhXFxcWlpgWl0ugPoLR+pbW1pbWltdW15OVn5fYF1cXVz7LCVcXFxFR5oNQuMLPe1PXVwwQbQQPvsue/QKOvD9Licyhvgug/gAbOY1hPgE7dUA2+o
                                  2024-12-18 21:05:39 UTC168INData Raw: 61 32 0d 0a 48 73 32 6c 64 75 77 7a 41 55 52 46 45 56 4e 74 48 64 61 75 6e 37 58 32 62 6d 73 59 42 79 77 50 54 6b 62 30 37 63 76 79 2b 47 67 70 43 47 2f 6c 2f 62 4e 6d 33 36 4a 45 2f 38 2f 51 6d 69 56 73 69 62 43 4b 47 78 4c 2f 6f 64 36 61 6d 47 30 30 57 2f 67 58 72 65 78 37 54 6f 68 39 70 62 58 61 55 74 6f 68 2b 50 56 62 64 31 6b 31 66 44 74 4f 69 62 4b 6c 46 42 33 79 56 73 69 33 35 78 79 56 36 70 4b 71 66 46 45 2f 48 48 65 47 31 56 6b 75 70 56 6e 2b 45 62 78 4d 41 34 57 6a 2f 46 55 78 41 4a 0d 0a
                                  Data Ascii: a2Hs2lduwzAURFEVNtHdaun7X2bmsYBywPTkb07cvy+GgpCG/l/bNm36JE/8/QmiVsibCKGxL/od6amG00W/gXrex7Toh9pbXaUtoh+PVbd1k1fDtOibKlFB3yVsi35xyV6pKqfFE/HHeG1VkupVn+EbxMA4Wj/FUxAJ
                                  2024-12-18 21:05:39 UTC1390INData Raw: 35 34 39 64 0d 0a 76 64 58 46 56 35 48 44 59 6c 6e 30 43 64 30 47 6d 36 59 55 39 4d 6f 6f 30 31 75 6a 31 45 31 66 4f 53 32 57 39 52 6d 4f 6c 55 5a 5a 35 51 52 4d 54 65 48 68 6c 4c 46 4b 6e 72 33 42 49 37 63 6c 47 4e 5a 6e 53 47 76 64 36 4c 4a 57 45 74 57 41 70 6f 77 31 59 45 31 67 38 61 63 4d 32 6c 4a 4d 36 2b 73 59 56 71 76 4c 57 6f 47 7a 73 53 69 48 70 38 64 62 62 67 75 2f 39 59 4c 48 34 61 64 49 69 33 7a 4e 50 75 53 73 48 49 70 79 33 75 2b 38 4e 78 34 6b 4c 36 47 73 62 4a 62 34 63 4c 4f 49 4d 46 61 4e 7a 6c 6b 4e 4d 53 75 48 50 38 6d 71 4b 48 48 42 37 57 59 31 4e 55 52 74 47 71 77 42 55 4a 55 7a 78 71 47 68 47 69 6e 4c 68 6b 73 74 78 62 49 2b 78 35 4d 77 37 35 56 79 4b 6f 2f 56 33 67 63 48 66 77 6a 77 49 5a 50 7a 30 4a 69 79 57 62 57 77 69 4c 53 49 65
                                  Data Ascii: 549dvdXFV5HDYln0Cd0Gm6YU9Moo01uj1E1fOS2W9RmOlUZZ5QRMTeHhlLFKnr3BI7clGNZnSGvd6LJWEtWApow1YE1g8acM2lJM6+sYVqvLWoGzsSiHp8dbbgu/9YLH4adIi3zNPuSsHIpy3u+8Nx4kL6GsbJb4cLOIMFaNzlkNMSuHP8mqKHHB7WY1NURtGqwBUJUzxqGhGinLhkstxbI+x5Mw75VyKo/V3gcHfwjwIZPz0JiyWbWwiLSIe
                                  2024-12-18 21:05:39 UTC1390INData Raw: 6f 38 62 4b 70 4b 53 78 72 43 74 68 46 64 47 71 79 79 57 36 78 6b 70 72 36 76 74 6c 54 46 66 42 4a 62 45 69 56 77 31 79 42 56 5a 49 68 57 45 64 2b 49 70 57 70 4e 37 71 4a 6a 55 57 77 33 49 7a 72 76 4d 4b 72 6d 78 6a 4a 66 35 75 6b 45 63 72 39 6c 53 50 52 58 6f 4c 7a 35 6d 64 4e 66 59 69 49 62 6d 4b 46 78 61 35 61 72 62 67 71 6c 77 75 55 32 4f 46 73 45 70 36 33 30 44 4c 64 7a 54 57 34 75 4a 6f 38 2b 37 59 50 56 59 71 74 67 79 6a 71 68 4a 51 37 55 36 33 31 34 37 68 34 73 70 43 70 73 4f 53 78 68 70 7a 64 52 6d 36 71 74 58 49 31 58 6d 2f 66 39 47 6e 73 7a 41 38 43 71 74 63 57 46 36 77 69 75 58 38 43 68 58 57 41 6a 65 57 68 5a 57 65 2b 51 70 68 55 76 55 32 4d 68 67 4f 68 78 33 38 4b 62 53 6b 74 4b 53 7a 35 6a 67 4a 43 52 62 4a 4f 6d 36 64 4e 47 37 37 6c 48 4b
                                  Data Ascii: o8bKpKSxrCthFdGqyyW6xkpr6vtlTFfBJbEiVw1yBVZIhWEd+IpWpN7qJjUWw3IzrvMKrmxjJf5ukEcr9lSPRXoLz5mdNfYiIbmKFxa5arbgqlwuU2OFsEp630DLdzTW4uJo8+7YPVYqtgyjqhJQ7U63147h4spCpsOSxhpzdRm6qtXI1Xm/f9GnszA8CqtcWF6wiuX8ChXWAjeWhZWe+QphUvU2MhgOhx38KbSktKSz5jgJCRbJOm6dNG77lHK
                                  2024-12-18 21:05:39 UTC1390INData Raw: 46 6b 41 77 73 62 4c 46 70 5a 55 61 39 6f 56 72 48 65 42 4f 42 6c 6d 30 4a 4c 4e 41 7a 46 6c 39 47 69 5a 30 64 62 61 6e 63 79 43 55 2b 37 43 4f 44 57 43 62 76 44 4a 59 68 6c 32 62 31 33 4d 30 30 73 45 6c 67 6f 46 71 78 59 51 37 4f 57 47 2b 76 5a 47 58 39 73 4e 6a 59 4c 79 49 75 46 44 52 59 78 68 64 37 65 43 48 6e 46 4a 57 49 4a 4c 38 64 78 79 56 51 73 72 68 66 45 6f 6d 62 4a 62 56 6c 34 4b 4a 54 55 6f 2f 52 4d 43 46 61 52 54 78 47 37 44 58 4b 4c 75 75 55 36 59 64 48 73 70 56 36 42 57 4e 2b 43 57 4c 78 57 64 62 45 6d 56 45 50 2b 61 66 59 62 72 57 6d 43 31 62 68 66 31 54 50 78 59 4a 42 49 52 63 55 4b 79 58 6b 6c 56 46 68 47 72 59 36 50 4c 45 4a 64 71 7a 69 72 4e 78 73 79 32 57 77 75 6e 77 4b 7a 41 44 52 4c 53 38 41 74 43 38 57 53 50 6a 4b 44 75 7a 75 30 6f
                                  Data Ascii: FkAwsbLFpZUa9oVrHeBOBlm0JLNAzFl9GiZ0dbancyCU+7CODWCbvDJYhl2b13M00sElgoFqxYQ7OWG+vZGX9sNjYLyIuFDRYxhd7eCHnFJWIJL8dxyVQsrhfEombJbVl4KJTUo/RMCFaRTxG7DXKLuuU6YdHspV6BWN+CWLxWdbEmVEP+afYbrWmC1bhf1TPxYJBIRcUKyXklVFhGrY6PLEJdqzirNxsy2WwunwKzADRLS8AtC8WSPjKDuzu0o
                                  2024-12-18 21:05:39 UTC1390INData Raw: 72 43 63 76 4e 78 2f 41 77 4c 4c 62 47 6c 35 68 59 4b 46 58 77 67 58 30 38 31 65 76 33 7a 7a 30 68 5a 78 31 71 78 36 46 66 66 37 41 4b 6b 34 73 6c 47 6c 30 5a 42 51 67 58 33 61 53 36 37 47 66 35 67 61 32 53 53 49 38 78 56 71 2f 56 4a 4e 70 65 62 48 57 54 33 5a 38 6a 35 42 30 45 71 4a 59 38 51 53 6a 7a 38 71 49 6c 63 72 54 57 55 67 53 79 38 78 41 2b 53 34 56 53 39 70 6a 6f 56 68 48 6a 32 34 2b 4c 51 53 57 43 79 42 65 48 57 2b 33 59 64 58 4c 68 69 2f 65 76 76 61 2f 49 32 59 39 63 71 72 4c 4a 78 2b 46 58 39 31 2f 2f 63 68 33 63 74 58 75 57 41 32 70 4a 43 69 35 70 59 36 47 48 35 4e 6c 4e 41 42 2b 53 64 46 79 70 64 6f 41 46 44 30 4b 66 39 6c 4f 59 75 47 4b 52 53 63 68 65 34 2f 46 42 51 74 58 4c 47 46 37 70 32 49 78 65 6e 31 4c 52 59 6f 50 4f 45 68 72 72 47 61
                                  Data Ascii: rCcvNx/AwLLbGl5hYKFXwgX081ev3zz0hZx1qx6Fff7AKk4slGl0ZBQgX3aS67Gf5ga2SSI8xVq/VJNpebHWT3Z8j5B0EqJY8QSjz8qIlcrTWUgSy8xA+S4VS9pjoVhHj24+LQSWCyBeHW+3YdXLhi/evva/I2Y9cqrLJx+FX91//ch3ctXuWA2pJCi5pY6GH5NlNAB+SdFypdoAFD0Kf9lOYuGKRSche4/FBQtXLGF7p2Ixen1LRYoPOEhrrGa
                                  2024-12-18 21:05:39 UTC1390INData Raw: 6f 47 39 42 38 39 65 76 52 52 58 6c 56 68 49 69 59 31 6a 50 2b 39 4f 31 71 68 31 2b 2f 31 39 32 53 7a 66 52 45 31 4c 2b 31 6b 6d 4b 34 59 56 41 35 6a 47 56 2b 51 4d 6f 78 4e 42 4d 68 71 77 46 5a 6f 6f 52 35 57 68 36 33 75 2f 41 32 47 70 68 62 61 35 63 6f 45 31 6d 48 4d 64 69 6b 30 67 5a 58 4a 41 46 64 7a 69 35 41 79 61 58 4f 7a 74 44 75 35 5a 75 2f 4f 42 31 6e 55 5a 43 46 5a 30 47 49 68 57 58 42 41 56 6b 75 6c 56 66 67 79 56 6c 6f 39 4d 66 67 2b 59 6c 55 6c 4c 49 7a 4e 34 4f 72 65 62 66 7a 79 75 52 71 52 36 69 53 71 50 71 77 45 36 36 47 6d 53 44 79 75 78 30 2f 57 76 72 78 35 38 78 38 52 4a 5a 6c 71 54 4e 62 42 39 58 56 74 66 58 33 39 30 4b 46 39 2b 2f 59 35 4a 54 57 2b 6b 31 69 56 77 54 4b 6f 45 70 34 43 6c 45 52 63 34 6b 52 73 59 53 30 55 5a 46 6d 44 4e
                                  Data Ascii: oG9B89evRRXlVhIiY1jP+9O1qh1+/192SzfRE1L+1kmK4YVA5jGV+QMoxNBMhqwFZooR5Wh63u/A2Gphba5coE1mHMdik0gZXJAFdzi5AyaXOztDu5Zu/OB1nUZCFZ0GIhWXBAVkulVfgyVlo9Mfg+YlUlLIzN4OrebfzyuRqR6iSqPqwE66GmSDyux0/Wvrx58x8RJZlqTNbB9XVtfX390KF9+/Y5JTW+k1iVwTKoEp4ClERc4kRsYS0UZFmDN
                                  2024-12-18 21:05:39 UTC1390INData Raw: 57 74 46 79 4b 2f 6f 63 4b 36 70 71 45 49 58 54 35 35 48 43 53 6b 49 4a 53 38 32 41 74 62 6f 4e 56 6b 51 4c 37 32 44 6e 54 6c 77 5a 57 48 6d 46 72 35 43 6f 35 33 6a 34 38 65 54 31 65 30 58 63 54 71 38 4c 74 43 58 51 73 74 56 75 34 59 50 54 6d 32 5a 6a 49 56 65 37 46 57 36 73 79 6f 46 44 61 50 54 57 61 4d 62 30 6f 6e 42 52 37 45 73 32 68 42 58 69 77 72 49 79 46 6e 4c 46 69 71 47 4f 31 74 30 50 73 4c 66 53 36 56 6f 46 59 58 46 66 57 51 68 4c 4a 4b 76 55 6b 30 63 63 77 53 72 65 6d 4d 78 4e 49 6c 63 51 4e 5a 57 50 4b 31 71 71 72 64 39 43 4c 34 43 31 64 50 54 6f 30 59 47 42 67 61 2b 50 5a 65 4f 71 5a 78 65 45 42 56 32 35 30 4a 57 4f 31 66 4f 41 48 35 6d 69 65 50 47 42 63 65 75 74 6c 74 76 68 38 48 67 63 74 63 48 61 45 39 76 63 4e 42 6c 72 59 55 54 61 7a 56 54
                                  Data Ascii: WtFyK/ocK6pqEIXT55HCSkIJS82AtboNVkQL72DnTlwZWHmFr5Co53j48eT1e0XcTq8LtCXQstVu4YPTm2ZjIVe7FW6syoFDaPTWaMb0onBR7Es2hBXiwrIyFnLFiqGO1t0PsLfS6VoFYXFfWQhLJKvUk0ccwSremMxNIlcQNZWPK1qqrd9CL4C1dPTo0YGBga+PZeOqZxeEBV250JWO1fOAH5miePGBceutltvh8HgctcHaE9vcNBlrYUTazVT
                                  2024-12-18 21:05:39 UTC1390INData Raw: 68 79 53 32 42 6c 4e 61 6a 34 35 74 75 2f 34 6c 72 55 38 33 5a 55 51 6e 70 4a 69 4d 49 43 74 46 42 58 7a 46 59 55 51 52 5a 45 6f 4f 58 7a 67 62 56 63 4e 4a 7a 42 59 4f 74 4f 59 48 56 61 57 4a 4a 74 59 77 75 69 66 62 50 31 41 70 39 79 70 52 46 58 6d 4b 70 50 6c 4a 73 6f 64 31 67 58 30 30 67 55 59 55 57 2b 73 75 61 4b 46 30 50 5a 59 32 49 72 6b 59 76 6d 34 6f 67 54 78 34 70 38 4a 63 4f 42 61 61 30 51 35 72 50 35 6c 53 4c 6e 71 76 67 51 4e 38 36 38 32 53 47 77 78 44 56 43 4c 33 62 75 31 47 44 70 57 4c 33 75 65 37 32 33 44 31 66 66 66 72 46 36 52 4c 70 37 66 45 41 57 50 6d 31 65 65 4d 71 34 73 39 4a 49 46 5a 38 33 64 48 4b 45 4a 52 38 55 7a 58 73 34 72 43 52 54 62 71 75 66 7a 4f 77 73 49 6d 75 69 4c 4b 79 70 6b 5a 43 2b 74 71 6d 71 6e 44 4f 77 47 5a 59 31 57
                                  Data Ascii: hyS2BlNaj45tu/4lrU83ZUQnpJiMICtFBXzFYUQRZEoOXzgbVcNJzBYOtOYHVaWJJtYwuifbP1Ap9ypRFXmKpPlJsod1gX00gUYUW+suaKF0PZY2IrkYvm4ogTx4p8JcOBaa0Q5rP5lSLnqvgQN8682SGwxDVCL3bu1GDpWL3ue723D1fffrF6RLp7fEAWPm1eeMq4s9JIFZ83dHKEJR8UzXs4rCRTbqufzOwsImuiLKypkZC+tqmqnDOwGZY1W


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.1649719142.250.181.1324436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:38 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:05:39 UTC1018INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Strict-Transport-Security: max-age=31536000
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Wed, 18 Dec 2024 21:05:39 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2024-12-18 21:05:39 UTC372INData Raw: 31 34 31 33 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                  Data Ascii: 1413)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                  2024-12-18 21:05:39 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                  2024-12-18 21:05:39 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                  2024-12-18 21:05:39 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                  2024-12-18 21:05:39 UTC605INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                  2024-12-18 21:05:39 UTC852INData Raw: 33 34 64 0d 0a 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 68 65 61 64 65 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61
                                  Data Ascii: 34d\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u003c\/div\u003e\u003c\/header\u003e\u003cdiv class\u003d\"gb_Qc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv cla
                                  2024-12-18 21:05:39 UTC1390INData Raw: 38 30 30 30 0d 0a 33 37 30 30 33 31 32 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29
                                  Data Ascii: 80003700312,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c)
                                  2024-12-18 21:05:39 UTC1390INData Raw: 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30
                                  Data Ascii: u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u0
                                  2024-12-18 21:05:39 UTC1390INData Raw: 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72
                                  Data Ascii: (Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).quer
                                  2024-12-18 21:05:39 UTC1390INData Raw: 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f
                                  Data Ascii: a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"fo


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.1649720142.250.181.1324436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:38 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:05:39 UTC933INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Wed, 18 Dec 2024 21:05:39 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2024-12-18 21:05:39 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                  2024-12-18 21:05:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.1649724142.250.181.1324436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:42 UTC677OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=coelhocontabilidadedigital.com&oit=3&cp=30&pgcl=7&gs_rn=42&psi=29OGPLr1eZiLLjdC&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  9192.168.2.1649727162.241.3.44436392C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-18 21:05:44 UTC673OUTGET / HTTP/1.1
                                  Host: coelhocontabilidadedigital.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-12-18 21:05:45 UTC195INHTTP/1.1 500 Internal Server Error
                                  Date: Wed, 18 Dec 2024 21:05:45 GMT
                                  Server: Apache
                                  Upgrade: h2,h2c
                                  Connection: Upgrade, close
                                  Content-Length: 0
                                  Content-Type: text/html; charset=utf-8


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:16:03:52
                                  Start date:18/12/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:1
                                  Start time:16:03:53
                                  Start date:18/12/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1948,i,10297392431265034447,11680345600636547601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:2
                                  Start time:16:03:54
                                  Start date:18/12/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20="
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  No disassembly