Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform

Overview

General Information

Sample URL:https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform
Analysis ID:1660649
Infos:

Detection

Score:1
Range:0 - 100
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7672389889802415310,10890540999702537262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.81.238:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.81.238:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /recaptcha/api.js?trustedtypes=true HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: docs.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownHTTP traffic detected: POST /forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/null/d/null/naLogImpressions HTTP/1.1Host: docs.google.comConnection: keep-aliveContent-Length: 5620X-Client-Deadline-Ms: 20000sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0X-Same-Domain: 1Accept: */*Origin: https://docs.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedformAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: S=spreadsheet_forms=RL6dCFnTK4lVN8qq_RIx0O5s10zxPkAl8FGi4tW2OVY; COMPASS=spreadsheet_forms=CjIACWuJVxFRNvgab4_DduDSArS5Ksfdqn1ZMeEWopngrk8QNN03Gn6b9AlWzKtH4cd3tRDrtdm_BhpDAAlriVeGY0FP9OONgsYhKasJPl0fpm0XLoEnttYPEr7JNQisw_4Zow-W819IJSxUZcmxaU-6rTzXeqS0p1xCZao3sw==; NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 09 Apr 2025 10:33:02 GMTX-Content-Type-Options: nosniffx-chromium-appcache-fallback-override: disallow-fallbackContent-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttOrigin-Trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=X-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 09 Apr 2025 10:33:02 GMTX-Content-Type-Options: nosniffx-chromium-appcache-fallback-override: disallow-fallbackContent-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttOrigin-Trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=X-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: chromecache_75.2.drString found in binary or memory: https://angular.dev/license
Source: chromecache_67.2.dr, chromecache_78.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: chromecache_69.2.drString found in binary or memory: https://cloud.google.com/contact
Source: chromecache_69.2.drString found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_69.2.drString found in binary or memory: https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#automated-query-error
Source: chromecache_69.2.drString found in binary or memory: https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#localhost-error
Source: chromecache_69.2.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_82.2.dr, chromecache_64.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v60/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_82.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_82.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_82.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_82.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_64.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_75.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_67.2.dr, chromecache_78.2.drString found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_69.2.drString found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_69.2.drString found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_69.2.drString found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_69.2.drString found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_75.2.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_69.2.dr, chromecache_85.2.drString found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_69.2.drString found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__.
Source: chromecache_78.2.drString found in binary or memory: https://www.gstatic.com/_/apps-fileview/_/js/
Source: chromecache_85.2.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
Source: chromecache_67.2.dr, chromecache_78.2.drString found in binary or memory: https://youtube.com/embed/
Source: chromecache_67.2.dr, chromecache_78.2.drString found in binary or memory: https://youtube.com/embed/?rel=0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.81.238:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.81.238:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir768_737268718Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir768_737268718Jump to behavior
Source: classification engineClassification label: clean1.win@21/42@19/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7672389889802415310,10890540999702537262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7672389889802415310,10890540999702537262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1660649 URL: https://docs.google.com/for... Startdate: 09/04/2025 Architecture: WINDOWS Score: 1 14 beacons.gcp.gvt2.com 2->14 16 beacons-handoff.gcp.gvt2.com 2->16 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 18 192.168.2.15 unknown unknown 6->18 20 192.168.2.4, 138, 443, 49293 unknown unknown 6->20 11 chrome.exe 6->11         started        process5 dnsIp6 22 play.google.com 142.250.65.174, 443, 49753, 49755 GOOGLEUS United States 11->22 24 docs.google.com 142.250.81.238, 443, 49730, 49731 GOOGLEUS United States 11->24 26 5 other IPs or domains 11->26

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
docs.google.com
142.250.81.238
truefalse
    		high
    google.com
    		142.251.40.238
    		truefalse
      		high
      play.google.com
      		142.250.65.174
      		truefalse
        		high
        beacons-handoff.gcp.gvt2.com
        		142.251.186.94
        		truefalse
          		high
          gce-beacons.gcp.gvt2.com
          		35.227.218.218
          		truefalse
            		high
            www.google.com
            		142.251.40.132
            		truefalse
              		high
              beacons.gcp.gvt2.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.google.com/recaptcha/api.js?trustedtypes=truefalse
                  		high
                  https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/null/d/null/naLogImpressionsfalse
                    		high
                    https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/null/d/null/font/getmetadatafalse
                      		high
                      http://c.pki.goog/r/r4.crlfalse
                        		high
                        https://play.google.com/log?format=json&hasfast=true&authuser=0false
                          		high
                          https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedformfalse
                            		high
                            http://c.pki.goog/r/gsr1.crlfalse
                              		high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#localhost-errorchromecache_69.2.drfalse
                                		high
                                https://youtube.com/embed/?rel=0chromecache_67.2.dr, chromecache_78.2.drfalse
                                  		high
                                  https://cdnjs.cloudflare.com/ajax/libs/mathjax/chromecache_67.2.dr, chromecache_78.2.drfalse
                                    		high
                                    https://youtube.com/embed/chromecache_67.2.dr, chromecache_78.2.drfalse
                                      		high
                                      https://support.google.com/recaptcha#6262736chromecache_69.2.drfalse
                                        		high
                                        https://cloud.google.com/recaptcha-enterprise/billing-informationchromecache_69.2.drfalse
                                          		high
                                          https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#automated-query-errorchromecache_69.2.drfalse
                                            		high
                                            https://angular.dev/licensechromecache_75.2.drfalse
                                              		high
                                              https://support.google.com/recaptcha/?hl=en#6223828chromecache_69.2.drfalse
                                                		high
                                                https://cloud.google.com/contactchromecache_69.2.drfalse
                                                  		high
                                                  https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_75.2.drfalse
                                                    		high
                                                    https://www.gstatic.c..?/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__.chromecache_69.2.drfalse
                                                      		high
                                                      https://play.google.com/log?format=json&hasfast=truechromecache_75.2.drfalse
                                                        		high
                                                        https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-recachromecache_69.2.drfalse
                                                          		high
                                                          https://support.google.com/recaptcha/#6175971chromecache_69.2.drfalse
                                                            		high
                                                            https://www.google.com/recaptcha/api2/chromecache_69.2.dr, chromecache_85.2.drfalse
                                                              		high
                                                              https://fonts.google.com/license/googlerestrictedchromecache_82.2.dr, chromecache_64.2.drfalse
                                                                		high
                                                                https://support.google.com/recaptchachromecache_69.2.drfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  142.250.65.174
                                                                  		play.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  142.250.81.238
                                                                  		docs.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  142.251.40.132
                                                                  		www.google.comUnited States
                                                                  		15169GOOGLEUSfalse

                                                                  Private

                                                                  IP
                                                                  192.168.2.4
                                                                  192.168.2.15

                                                                  General Information

                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                  Analysis ID:1660649
                                                                  Start date and time:2025-04-09 12:31:51 +02:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 3m 14s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:browseurl.jbs
                                                                  Sample URL:https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:21
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:CLEAN
                                                                  Classification:clean1.win@21/42@19/5
                                                                  EGA Information:Failed
                                                                  HCA Information:
                                                                  • Successful, ratio: 100%
                                                                  • Number of executed functions: 0
                                                                  • Number of non-executed functions: 0
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 142.251.40.238, 142.250.65.163, 142.251.40.206, 192.178.155.84, 142.251.32.110, 142.250.65.238, 142.251.35.174, 142.250.80.99, 142.250.81.234, 142.251.41.3, 142.250.176.195, 142.251.40.131, 199.232.214.172, 142.250.80.67, 23.203.176.221, 142.250.80.78, 142.251.41.14, 142.250.65.206, 142.250.65.227, 172.217.165.142, 142.250.176.206, 23.204.23.20, 52.149.20.212
                                                                  • Excluded domains from analysis (whitelisted): fonts.googleapis.com, ssl.gstatic.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, c.pki.goog
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  No context

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  No context

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  Chrome Cache Entry: 63

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):18536
                                                                  Entropy (8bit):7.986571198050597
                                                                  Encrypted:false
                                                                  SSDEEP:384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc
                                                                  MD5:8EFF0B8045FD1959E117F85654AE7770
                                                                  SHA1:227FEE13CEB7C410B5C0BB8000258B6643CB6255
                                                                  SHA-256:89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
                                                                  SHA-512:2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                  Preview:wOF2......Hh..........H..............................Z..|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.|.......%*..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`*m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R*...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.*+.M E..`......R.$T

                                                                  Chrome Cache Entry: 64

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (1572)
                                                                  Category:downloaded
                                                                  Size (bytes):29649
                                                                  Entropy (8bit):5.545452104367033
                                                                  Encrypted:false
                                                                  SSDEEP:768:V/hSTO+MerX/+QBUHNieLZD4EFRPRYHBCu4utyiVVl:V/kTf
                                                                  MD5:2241684F5D8066C120792F3514BE8163
                                                                  SHA1:5FE694D0737BEB7C2661848FFEA58170952CDECF
                                                                  SHA-256:4B13C0BDCD4FEECF3B5CB1084A565C6800A7BCB38AAF6B2C8CAA9125E0635E89
                                                                  SHA-512:59F9430FDB880DD1748D8DDBAC515833C1C1E71AD3A3CD11092D85A72E1926700EF5867C9413E36CE8EC85046F707D781FD0BC4AA44EBD6FB3D96E9DE78A4BE1
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:"https://fonts.googleapis.com/css?family=Google+Sans_old:400,500|Roboto_old:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext"
                                                                  Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* armenian */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v60/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiIUvaYr.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./* bengali */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v60/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiAUvaYr.woff2) format('woff2');. unicode-range: U+0951-0952, U+0964-0965, U+0980-09FE, U+1CD0, U+1CD2, U+1CD5-1CD6, U+1CD8, U+1CE1, U+1CEA, U+1CED, U+1CF2, U+1CF5-1CF7, U+200C-200D, U+20B9, U+25CC, U+A8F1;.}./* cyrillic-ext */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v60/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_I

                                                                  Chrome Cache Entry: 65

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 3920, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):3920
                                                                  Entropy (8bit):7.936910222388939
                                                                  Encrypted:false
                                                                  SSDEEP:96:l7fmthUeIAh/HmAgoWuqkjQ6ZDI89LCVRIqrqljd:JfIUeIAmVua6Zn9AP+hd
                                                                  MD5:6765F5BD215CD2C602B556A234C54B43
                                                                  SHA1:57F399C40FCCE53B34A432C726AF46CCC32B48E9
                                                                  SHA-256:3FB996BA3B12645DE6771FB387E25693ADC3941EF19BC814F5CB2A3E90C549F4
                                                                  SHA-512:2BCBCD7A8EA5F09D3A06CB97D9BEBF108C934DD25FC540E39F20917F5F85443A2D7DF4B9AEBA922DAF80AB96ADC135F8F9817C4E199F0B9070422ECE947F6F8B
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmSiAo.woff2
                                                                  Preview:wOF2.......P.......d..................................4.`?STAT^.f..~.........g....6.$. . ..x. ..N...#..5*._..dh<.1...&..U5..O......8h..cC[p..hB..i..#.......s....D......P.L4|dG(=...?..7..hW.-..'7..Gp.5.P..u..e...,..(....3......z.R..d...y.Un..`.1....~...|.-..yo.......1....E.....u..L|......{...+....de..{'.....L...[..@F.&)..~...J[!\m...=.......=V}'.4.pZOfuB.u..,.o...P.n.z.B.VQ..-...lA.dI..3A.-h./.<?..I.*.@q..h(c.S...L...p...[i6..nPl#-].{.......\.-B..E0..Q..Ak..r..'.3/?..........B.....<...t..B......wp3...8...c.......Io.".I...P..."f....t.w...a...........z.............h.K.*hU.c....#....o.Elo...x.......wj|.#..N.|...=..S8.c..v.yR...G.:....4...8..{..p.}.._..e7=.......>.h...h..5.......VR....7+.-...+..m......n.uVS....gqa~nvfzjrb|ltdxhp@..H.............X-c..7_...E....g..t...}:.....G........).W...Y...r..s.2..>X0.?.z<....)...KF.R.s..r.`!w.4..xZZ.....-..,+....J..q.....yk.....L.E).....z.0~o...a.8.9.....i8.]...+n.S..R].Ud:>...........,.%......+y.H.i..X...a

                                                                  Chrome Cache Entry: 66

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 50372, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):50372
                                                                  Entropy (8bit):7.995685302339476
                                                                  Encrypted:true
                                                                  SSDEEP:1536:JUP7WB7vQPjldKR7Q2DC9y5oGyaIAH/PyTxY/6:ykQPjlG7Q2DC9IaaIIYxu6
                                                                  MD5:7CD733CC1479E6442254262828FAA384
                                                                  SHA1:03F59B138B54A462A522A0E4F4B13E81E03F8EF8
                                                                  SHA-256:ECE67ECACA6A1DD35419E90DC7E3392C186A7A01117F6BF431A2D4DCDE9E09FD
                                                                  SHA-512:BCD05A82F5EE437459744C411DCCE4D42F90EB9EEFFB26BACBFEC344D097FAFDFEE116C28CE6B190CCC0E4E56F7243BA16B2FEFE439A7AE9E1B566F4484371FA
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbWmW.woff2
                                                                  Preview:wOF2...............x...Z..........................f...&..R.`?STAT^.....~.................6.$.... ..x. ..N[?...z.6..F.v..|.a...~.9..L}wS.....U_.t.<..'...........O.1M......"..V...-...\.v.=.Cb..%H.G.5.....p..d.h:...s.Rc@n..5.Y.\...+".zCDp?..4!...)....Bm1..ws.)5.q....6...p..5.=<.?2...o.&.......-...jY..Y..k.....OL+......)..}B.x[#..d.;.w."v.)..I9....g.H.)...D".N.@.~.R.`........1...t.R.D).0../...;.(:7/5|.X../\..b.x..4e;..V7.II..X...iCQ"..EOwH.r..ei.S.P.-.A......L..".4<.eu~..o...7..s.......Z..q..H.q..<.9O......7.&f...L..;...H3*.mm+.........s............'.Y...P....v.PD"2.C......KD.;BS:Ps...E.....c.+!..........a....v.....c%.....p..Bd*k....E.....+i.+...[Z..5...W...........d..zw...............@.....MYl..D.............@....%a"...QQ...wM..s..X.P.......95..d.......S ....J....A...D....T....;.6.P..oNm....jB..4.O..!....,.O..r..D?'...F..;i...mC.x.%.&.I>.x.EHp..k...XU......qu.r.m*.....H.1..m@$M....D..F...-.j....i.\..UO$.....}:........R...qD.....>....)..C...

                                                                  Chrome Cache Entry: 67

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (1586)
                                                                  Category:dropped
                                                                  Size (bytes):462985
                                                                  Entropy (8bit):5.701369766489667
                                                                  Encrypted:false
                                                                  SSDEEP:6144:KoNdYtvDrAJ/noMxSS8Uu2+vQwGhXlcbQq:UOno+BnwCiQq
                                                                  MD5:A080E30A3E48F372EC0D9DEC8BB98E47
                                                                  SHA1:03DCEFE936F70D69F93D3FB664B8AB49448BE69B
                                                                  SHA-256:7F35E5FA17ED0436722A80DB3AD64D242B1BFB6C73A4B4B1F5EFBFE206CB9745
                                                                  SHA-512:EFAA479BCB3050B8B61F28006F513C6DF755B9840BBCF6F7C0DFD42850A1E0569717818BDF76AE404B232CFE6178E215DF24BEB69EC26695ECC7A01521E663CF
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:"use strict";this.default_v=this.default_v||{};(function(_){var window=this;.try{._.Zs(_.$y);.}catch(e){_._DumpException(e)}.try{._.q("vGOnYd");.var WUb=function(){this.type=1;this.view=null},qY=function(){_.Cu.call(this)};_.B(qY,_.Eu);qY.ya=_.Eu.ya;qY.prototype.j=function(){return _.ss()};qY.prototype.start=function(){return new WUb};qY.prototype.cancel=function(){};qY.prototype.render=function(){return _.ts()};_.Gu(_.SBa,qY);._.u();.}catch(e){_._DumpException(e)}.try{.var sKa;_.rKa=function(a,b){if(a!=null)if(typeof a==="string")a=a?new _.cc(a,_.Th):_.Uh();else if(a.constructor!==_.cc)if(_.bb(a))a=a.length?new _.cc(new Uint8Array(a),_.Th):_.Uh();else{if(!b)throw Error();a=void 0}return a};sKa=function(a){return _.rKa(a,!0)};_.tKa=function(a,b){return _.zc(a.Ba,void 0,b,void 0,sKa)};_.lB=function(a,b){a=_.tKa(a,b);return a==null?_.Uh():a};_.uKa=function(a){this.Ba=_.n(a)};_.B(_.uKa,_.D);_.mB=[1];_.nB=function(a){this.Ba=_.n(a)};_.B(_.nB,_.D);_.nB.prototype.setBooleanValue=function(a){

                                                                  Chrome Cache Entry: 68

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:SVG Scalable Vector Graphics image
                                                                  Category:downloaded
                                                                  Size (bytes):1510
                                                                  Entropy (8bit):4.0355432662902455
                                                                  Encrypted:false
                                                                  SSDEEP:24:t4qU/S93QRhYj45kRHDu9+u1lUetmCmifvqbbLaHu9HGn1u1lIdUWA/jTq9Km2zQ:A/S9rU5I1YdtmMqPLmum1YUUZ/jTq9J
                                                                  MD5:CECA603BD198568DAB00E6DFC3120706
                                                                  SHA1:871C637521103DCE8F6DF9AAC0D1B62900D511B8
                                                                  SHA-256:F4AF84EFE90891185D9B29A841181CA9D26D7560864EA47B6CD709D3B964AEE3
                                                                  SHA-512:D3F4A52AEADEA52FDAC82C8B9A7427897359B43C3FBCF3E79AACBF30571B3482C991C5346069CC5DDD474C3814CF6507065C4914369C1236FDE641A934A08706
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_dark_clr_74x24px.svg
                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24zm15.76-2c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52zm28.58-8.03h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5zM38 6.19c-3.21 0

                                                                  Chrome Cache Entry: 69

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (594)
                                                                  Category:downloaded
                                                                  Size (bytes):561652
                                                                  Entropy (8bit):5.637398859811323
                                                                  Encrypted:false
                                                                  SSDEEP:12288:Cxh1RKtVFgp1RkOgInBLMueXl9JvpGEwmYb:e/RKNgpjDLMueXl9JvKt
                                                                  MD5:A3BA6F3831DFAC23271ED79DB3467B14
                                                                  SHA1:2F93EAE45276ABDCF26B684EF45036C7BF0D7F61
                                                                  SHA-256:9C60F375BB60B19DC9BB69D9F8ABC316D7652A2F088B26C42FCCBDFC15E6FF6A
                                                                  SHA-512:5583D01793029A9CC82260B74200812CBDB58CB715F20CCADD5AF76BCD7D561ACBABED018D3107951069AFFF11DC9A3D63A65F6AD17AC263FC0FFB8BECD9CFD1
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
                                                                  Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var T=function(){return[function(c,u,t,d,h,F){if(!(c-((c^(h=[7,40,5],h[1]))&3||w.call(this,u),h[2])&h[0]))H[4](88,u,d,t);return F},function(c,u,t,d,h,F,Z,E,y,m,W,a,G){return((((((a=[33,"play",250],(c|5)>>4)||(u_.call(this,t),this.S=u||""),(c|80)==c)&&(m=["1","block","none"],h==(t.F==3)?G=k[38](5):h?(Z=t.F,y=t.f9(),E=H[7](3,u,t),t.mS()?E.add(k[39](54,null,!1,t)):E.add(V[3](74,"",t,y,Z,!1)),k[4](16,!1,m[0],m[1],t),d&&d.resolve(),W=H[6](61),J[16](15,null,J[28](58,t),E,u,El(function(){W.resolve()},t)),.t.p9(3),E[a[1]](),G=W.promise):(H[39](7,"0",m[2],a[2],!0,t,F),t.p9(1),G=k[38](9))),(c|8)&6)==2&&(Z=d.eq,u[t]=function

                                                                  Chrome Cache Entry: 70

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                  Category:dropped
                                                                  Size (bytes):43
                                                                  Entropy (8bit):3.16293190511019
                                                                  Encrypted:false
                                                                  SSDEEP:3:CUmExltxlHh/:Jb/
                                                                  MD5:FC94FB0C3ED8A8F909DBC7630A0987FF
                                                                  SHA1:56D45F8A17F5078A20AF9962C992CA4678450765
                                                                  SHA-256:2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
                                                                  SHA-512:C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                  Chrome Cache Entry: 71

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:SVG Scalable Vector Graphics image
                                                                  Category:dropped
                                                                  Size (bytes):1510
                                                                  Entropy (8bit):4.0355432662902455
                                                                  Encrypted:false
                                                                  SSDEEP:24:t4qU/S93QRhYj45kRHDu9+u1lUetmCmifvqbbLaHu9HGn1u1lIdUWA/jTq9Km2zQ:A/S9rU5I1YdtmMqPLmum1YUUZ/jTq9J
                                                                  MD5:CECA603BD198568DAB00E6DFC3120706
                                                                  SHA1:871C637521103DCE8F6DF9AAC0D1B62900D511B8
                                                                  SHA-256:F4AF84EFE90891185D9B29A841181CA9D26D7560864EA47B6CD709D3B964AEE3
                                                                  SHA-512:D3F4A52AEADEA52FDAC82C8B9A7427897359B43C3FBCF3E79AACBF30571B3482C991C5346069CC5DDD474C3814CF6507065C4914369C1236FDE641A934A08706
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24zm15.76-2c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52zm28.58-8.03h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5zM38 6.19c-3.21 0

                                                                  Chrome Cache Entry: 72

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:downloaded
                                                                  Size (bytes):15447
                                                                  Entropy (8bit):1.7278338539839808
                                                                  Encrypted:false
                                                                  SSDEEP:48:b/68u+k29W8sEvlxN+Y9Ml6BCj1L81/L8C+sc5IY7J9FPm:bSGkEWRQxNXesc5lFe
                                                                  MD5:8DF19EC399BE913884590015105AA584
                                                                  SHA1:5502576575AFF37A626934FA655C124291C58AD6
                                                                  SHA-256:D48A0F5A08249E1768C06ACA31C16D50D1216434E1C91BA322CF5521577A59E3
                                                                  SHA-512:89D09ED10A4E440A423443586F111E247C3BFB1BE58AEFC3E62586354EF21F0CCF66619F54F6BC06CD81DD81C57B60DFB3D052C37AE8DC0E972963B67B3380C0
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://ssl.gstatic.com/docs/spreadsheets/forms/favicon_qp2.png
                                                                  Preview:.PNG........IHDR................a....pHYs...............;.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2015-08-12T10:01:56-04:00</xmp:CreateDate>. <xmp:ModifyDate>2015-08-18T09:59:41-04:00</xmp:ModifyDate>. <xmp

                                                                  Chrome Cache Entry: 73

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 51908, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):51908
                                                                  Entropy (8bit):7.996595502684702
                                                                  Encrypted:true
                                                                  SSDEEP:768:fzGnGwKraL9FifsTJDbwFLin7jmqdaNID8i4LisZQIXEgEMRMEsTlENiCX21So/L:7GnhLJPwNiH0GIXEgbRMLCdo/x6gfBh
                                                                  MD5:0094E8971B7980E06254D21F1891BCE3
                                                                  SHA1:7132DF9F85FA53AB626E2CEE5EEDB2D518539023
                                                                  SHA-256:2DA7BADF8D39D06D1C009D38A133DACFB529BA49B7F0BE3646F7737B65792200
                                                                  SHA-512:CAEE6C3CE7496300910ADD9B1777342AC8723BF9603B419028FB3D3A2547C2F7C8764C37E56B3CCE1710C209B9BEF0E24063EB2254DE424174E31905025490C8
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuYjammW.woff2
                                                                  Preview:wOF2...................Z..........................f...b..R.`?STATZ.....~........|..p.....6.$.... ..`. ..N[;.....8:...............1.]+=.P.......6...P.Z....m[......d!cz..}>... Z...u...=E......I..;N....|f.).l=.mb.I..N%..c..3...8_..x.W.g*....Tj6&*.>....X.T..k.kW.&..6....]J.:..9...../...vO/...iC.._..&xs!..ya5n.....X....s|.b..l..e.{ Y...S...V)e(.."...2x...BJ*..}..._....*.$*Q.-\:.Yo/Z.......e...e.Fp..3.!.Y.$Y?.REi.0.kdE2..lx.'C.0]....6N.W.O.DF...?.M.&d.%w.Fx............Cwli5n2..B....\...e;r.I./O<k<.;3._.&q.C3KV..t<$B!4J...y~m.9..~..6a..........?F.fb.`$F.bD..*...h^CL...i.M....u....U1.,X.....fMmc.(.2^Q@.m0..#..W..o...f.3.....B=.....,V.H..R1X@oT..mZ..8/..............u3........S..5Flc........"F.T...#..T.Q..1Q..`.;.g6.za.{.\..kS0...r-.X../t.WWX..l.r..`....?.{G.*...E..X.....E.............?....sR...&I.E.[q~~.....UP!....{.N?...U.6K.&.a..o.OZ.|i...../..E...=(..H7...@.$1..N..j....n.b(:7.z...s..U.{s.f&..v.(..$.XVD..EL.X....1....;4..d...J..21....L.........D.O0....9...

                                                                  Chrome Cache Entry: 74

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                  Category:downloaded
                                                                  Size (bytes):43
                                                                  Entropy (8bit):3.16293190511019
                                                                  Encrypted:false
                                                                  SSDEEP:3:CUmExltxlHh/:Jb/
                                                                  MD5:FC94FB0C3ED8A8F909DBC7630A0987FF
                                                                  SHA1:56D45F8A17F5078A20AF9962C992CA4678450765
                                                                  SHA-256:2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
                                                                  SHA-512:C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://ssl.gstatic.com/docs/common/cleardot.gif?zx=8x7s8lmxbwg8
                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                  Chrome Cache Entry: 75

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (519)
                                                                  Category:downloaded
                                                                  Size (bytes):563615
                                                                  Entropy (8bit):5.560370316360003
                                                                  Encrypted:false
                                                                  SSDEEP:6144:SFXHP7YqQY+U50ZeKGh3s5qppT8o+HCkIgDIXSx+j+Bx4:CXHuY+EowX+Fx+
                                                                  MD5:31E6D552254AB702383271ECD8221187
                                                                  SHA1:9ABBC801F39BD32644367A8EFEE14389D43CE454
                                                                  SHA-256:CEB4B573F6E103EEA8BD5F4E687045786B3278FF859EEA4B1EEBDD6C929DE9AE
                                                                  SHA-512:E023CBC4C39DEB9F5ABCB9991AF6108870B549F6500226D8703F62BE86382E9A13BBE76374583B3EE9F947FA241B406A6489D14FBDB1F318318C54122CB06D77
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en.XqHWrQSsDSw.O/am=AAw/d=1/rs=AMjVe6iq2IuhbfxXnqw3ALA__NRKoOpICQ/m=viewer_base
                                                                  Preview:"use strict";this.default_v=this.default_v||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0xc00, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC All Rights Reserved... Use of this source code is governed by an MIT-style license that can be. found in the LICENSE file at https://angular.dev/license.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aaa,qa,ta,caa,daa,eaa,faa,ya,gaa,jaa,kaa,naa,taa,eb,vaa,yaa,zaa,Faa,Gaa,tb,Kaa,Naa,Haa,Iaa,Qaa,Raa,Db,Taa,Vaa,Waa,Xaa,Saa,Yaa,aba,fba,gba,hba,iba,jba,kba,Rb,lba,cba,mba,Pb,dba,eba,oba,qba,rba,uba,vba,xba,zba,Aba,Bba,

                                                                  Chrome Cache Entry: 76

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                  Category:downloaded
                                                                  Size (bytes):43
                                                                  Entropy (8bit):3.16293190511019
                                                                  Encrypted:false
                                                                  SSDEEP:3:CUmExltxlHh/:Jb/
                                                                  MD5:FC94FB0C3ED8A8F909DBC7630A0987FF
                                                                  SHA1:56D45F8A17F5078A20AF9962C992CA4678450765
                                                                  SHA-256:2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
                                                                  SHA-512:C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://ssl.gstatic.com/docs/common/cleardot.gif?zx=czrlnclpagkg
                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                  Chrome Cache Entry: 77

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 55180, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):55180
                                                                  Entropy (8bit):7.995663305053901
                                                                  Encrypted:true
                                                                  SSDEEP:1536:v1V0wmxyewLmc7wfAR6+p85r0SonYL2hi8ReWsnK4FF:v1VhmxDu37lR6+p8aSpLmiffR
                                                                  MD5:FFB453D1B8E953CFA9719644D99A20EF
                                                                  SHA1:BDCB8968E7DDDA2229D9404EDFFCD591CE79BE91
                                                                  SHA-256:309E5B3CD957F7BA866D91286B645D8F3AEBA04EAD4B16F5CC5A13CB4B237880
                                                                  SHA-512:41B779B785CDFEE84064A840D9FD7327B7AD1056EDD24E22F1B00F3CC943FCBCDBDA07A60FCD0AEE06D5294D0177617A4BB2AEB7B3BF87E4DCA42D2AE8D36AE7
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLoHQiAo.woff2
                                                                  Preview:wOF2.................. ..........................f...&..R.`?STATZ.....~.................6.$.... ..\. ..N[..q...E...Y....^....j.t..=..2}e..E...d..O. ....w$...K:.i...27Aq../..#....V.s..8...J....~.>....(F.X*..m....,.^.E.^....K.R..U........)s.KK..... .T...`.g..qX.......{..1.H'V...S.Zo.x/..^N.....q..k.U.$Z.Io....0..... ..m..!..........BII.L.h"+L9...>N..T....I..&....*G.I.h.o4...Q...S....i{.Z..d..).._........d.xlNR"Z.g..g..!.mv%..K.....O9.T:[V.{T.w:....J..OOP..".8...y....H.&.c,....v................c.`.`,.e..F...0....`~?.H......`!H... Q.Z..'...[.(F......E+"."Y..bY,.1"Gn(QRz>......w...^4.r....w.u........"Y..z...E.RW.E. ...@.....8>... ..4....o..~...$...D.U....r...G4...\H.`../f......1...a."-b.:^Z..<1..}_L..Zi....4U....a...<.....z........vy...CP.m....'KDB!T..H...R.F.?........v..#...N..(.....B...........@...JR.v.X....f..51.}N.r.b.r.j......@...@.W......Ca.(...61X.`H...WiM#~.I...F.....$.Sv.lNTO?....I.i.......s.m..7..&.T.j.5...zN.O1[g.&X....:.C.E..B.....IU.

                                                                  Chrome Cache Entry: 78

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (1586)
                                                                  Category:downloaded
                                                                  Size (bytes):462985
                                                                  Entropy (8bit):5.701369766489667
                                                                  Encrypted:false
                                                                  SSDEEP:6144:KoNdYtvDrAJ/noMxSS8Uu2+vQwGhXlcbQq:UOno+BnwCiQq
                                                                  MD5:A080E30A3E48F372EC0D9DEC8BB98E47
                                                                  SHA1:03DCEFE936F70D69F93D3FB664B8AB49448BE69B
                                                                  SHA-256:7F35E5FA17ED0436722A80DB3AD64D242B1BFB6C73A4B4B1F5EFBFE206CB9745
                                                                  SHA-512:EFAA479BCB3050B8B61F28006F513C6DF755B9840BBCF6F7C0DFD42850A1E0569717818BDF76AE404B232CFE6178E215DF24BEB69EC26695ECC7A01521E663CF
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:"https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en.XqHWrQSsDSw.O/am=AAw/d=0/rs=AMjVe6iq2IuhbfxXnqw3ALA__NRKoOpICQ/m=sy17,vGOnYd,syf,IZT63,vfuNJf,MpJwZc,n73qwf,sy9,ws9Tlc,sy5,syi,syh,syk,syb,syj,sy11,sy12,syz,sy10,siKnQd,T8YtQb,RyvaUb,sy4p,sy4s,sy8x,sy8w,sy4q,sy8u,OShpD,sy7c,sy8z,sy91,sy93,sy7q,sy90,sy92,sy8v,sy8y,sy94,J8mJTc,SLqN2,gkf10d,j2YlP,syq,sym,syo,syp,syt,syx,syd,syw,cEt90b,KUM7Z,yxTchf,sya,syc,xQtZb,qddgKe,syr,wR5FRb,pXdRYb,iFQyKf,syg,syl,YNjGDd,syn,sys,PrPYRd,syu,hc6Ubd,sy13,SpsfSb,dIoSBb,sy4,sy14,sy15,sy16,sy18,zbML3c,zr1jrb,EmZ2Bf,syy,Uas9Hd,sy78,sybb,WO9ee,b2l6fe,sy3v,O6y8ed,sy1,sy3p,sy7m,sy9g,sy5t,sy9c,sy9f,sy99,sy9a,sy9m,sy9n,sy9i,sya6,Sk9apb,sy1b,sy1c,sy40,V3dDOb,szrus,sy1a,L1AAkb,QvB8bb,bCfhJc,aW3pY,sy7,sy51,sy52,sy2e,sy50,sy2f,sy53,sy8s,I6YDgd,sy46,sy4d,sy47,sy4c,sy48,sy3w,sy3x,sy4e,sy4f,sy4k,sy19,sy3y,sy41,sy44,sy45,sy49,sy4a,sy4b,sy4g,sy4h,sy4i,sy4j,fgj8Rb,IvDHfc,sy3r,sy3o,sy83,sy9b,sy9t,sy80,syb6,sy7s,sy8,sy9e,sy9l,syb3,syb5,syb7,sy8p,sy9s,sy37,sy4l,sy4t,sy7x,syb0,syba,p2tbsc,nV4ih,syb9,LxALBf,SM1lmd,Vnjw0c,QwQO1b,JCrucd,rK97wb,DhgO0d,oZECf,sy3j,akEJMc,sy3k,sy3l,zG2TEe,sy3m,sy3n,sy3t,lzHmAf,sy3q,sy3s,sy3u,jjSbr,sy7z,syad,syac,sy7e,sy7g,sy9k,sy7l,syaf,syae,syaz,syb4,syay,syb2,xKXrob,sy4x,sy7f,sy84,sy9q,sy9w,syau,syax,syb1,DPwS9e,sy98,syd8,syda,sy6a,sydb,sydd,sy5y,sy68,syak,sycl,sycm,syan,syap,sycz,syd9,sydg,sydl,sydu,sy69,sy95,syal,syai,syam,syao,sycc,sycn,sycy,sydi,sydm,syas,sydx,sydt,sydw,sy6p,syag,sydc,sy6o,sydn,sydp,sydr,sydv,sycb,syck,u9ZRK,sydo,sydq,syds,sbHRWb,RGrRJf,OkF2xb"
                                                                  Preview:"use strict";this.default_v=this.default_v||{};(function(_){var window=this;.try{._.Zs(_.$y);.}catch(e){_._DumpException(e)}.try{._.q("vGOnYd");.var WUb=function(){this.type=1;this.view=null},qY=function(){_.Cu.call(this)};_.B(qY,_.Eu);qY.ya=_.Eu.ya;qY.prototype.j=function(){return _.ss()};qY.prototype.start=function(){return new WUb};qY.prototype.cancel=function(){};qY.prototype.render=function(){return _.ts()};_.Gu(_.SBa,qY);._.u();.}catch(e){_._DumpException(e)}.try{.var sKa;_.rKa=function(a,b){if(a!=null)if(typeof a==="string")a=a?new _.cc(a,_.Th):_.Uh();else if(a.constructor!==_.cc)if(_.bb(a))a=a.length?new _.cc(new Uint8Array(a),_.Th):_.Uh();else{if(!b)throw Error();a=void 0}return a};sKa=function(a){return _.rKa(a,!0)};_.tKa=function(a,b){return _.zc(a.Ba,void 0,b,void 0,sKa)};_.lB=function(a,b){a=_.tKa(a,b);return a==null?_.Uh():a};_.uKa=function(a){this.Ba=_.n(a)};_.B(_.uKa,_.D);_.mB=[1];_.nB=function(a){this.Ba=_.n(a)};_.B(_.nB,_.D);_.nB.prototype.setBooleanValue=function(a){

                                                                  Chrome Cache Entry: 79

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                  Category:dropped
                                                                  Size (bytes):43
                                                                  Entropy (8bit):3.16293190511019
                                                                  Encrypted:false
                                                                  SSDEEP:3:CUmExltxlHh/:Jb/
                                                                  MD5:FC94FB0C3ED8A8F909DBC7630A0987FF
                                                                  SHA1:56D45F8A17F5078A20AF9962C992CA4678450765
                                                                  SHA-256:2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
                                                                  SHA-512:C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                  Chrome Cache Entry: 80

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                  Category:downloaded
                                                                  Size (bytes):1182807
                                                                  Entropy (8bit):5.58866202728252
                                                                  Encrypted:false
                                                                  SSDEEP:12288:jCx1sUYgX3BlDXSoUPUIRSUjziaRjjPnl/jTez:jCx1kj1jT6
                                                                  MD5:C8051A896F4B39618557BF56C08EFBFD
                                                                  SHA1:BB2A489BE49CAD18210B5CAC52CFF403B2B4C83A
                                                                  SHA-256:D8F6B9E0783A8DF92F21D30187C4FCCCF2147D2055DB860F78566D093B88F21C
                                                                  SHA-512:2A0240EBC89D07EF8BD86B1DF479F790048351F31B48C4DFA64762B0D4675D805C8D6034E1D85B7102268AC48C95A6CD4516B662289B5F48BFEA94754FA70EE7
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://www.gstatic.com/_/freebird/_/ss/k=freebird.v.eTWLarv6G-8.L.W.O/am=AAw/d=1/rs=AMjVe6hR45BCFa_YWStrfCdB-gRmXn74pg
                                                                  Preview:.tk3N6e-cXJiPb{-webkit-border-radius:2px;border-radius:2px;-webkit-box-shadow:0px 2px 4px rgba(0,0,0,.2);box-shadow:0px 2px 4px rgba(0,0,0,.2);-webkit-transition:all 0s linear 1s,opacity 1s;transition:all 0s linear 1s,opacity 1s;border-style:solid;border-width:0;font-size:11px;height:0;opacity:0;visibility:hidden;overflow:hidden;padding:0;text-align:center}.tk3N6e-cXJiPb-Tswv1b{background-color:#f9edbe;border-color:#f0c36d;color:#333}.tk3N6e-cXJiPb-u0pjoe{background-color:#484848;border-color:#202020;color:#fff}.tk3N6e-cXJiPb-EfADOe{background-color:#d6e9f8;border-color:#4d90f0;color:#333}.tk3N6e-cXJiPb-GMvhG{background-color:#dd4b39;border-color:#602019;color:#fff}.tk3N6e-cXJiPb-TSZdd{-webkit-transition:opacity 0.218s;transition:opacity 0.218s;border-width:1px;min-height:14px;height:auto;opacity:1;visibility:visible;padding:6px 16px}.tk3N6e-cXJiPb-yolsp.tk3N6e-cXJiPb-TSZdd{padding:2px 16px}.HB1eCd-X3SwIb-haAclf{font-weight:500;height:0;position:absolute;text-align:center;top:32px;widt

                                                                  Chrome Cache Entry: 81

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
                                                                  Category:dropped
                                                                  Size (bytes):1555
                                                                  Entropy (8bit):5.249530958699059
                                                                  Encrypted:false
                                                                  SSDEEP:24:hY6svN/6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z1sW:3qN/2+pUAew85zf
                                                                  MD5:FBE36EB2EECF1B90451A3A72701E49D2
                                                                  SHA1:AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
                                                                  SHA-256:E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
                                                                  SHA-512:7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

                                                                  Chrome Cache Entry: 82

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text
                                                                  Category:downloaded
                                                                  Size (bytes):1477
                                                                  Entropy (8bit):5.437792107168178
                                                                  Encrypted:false
                                                                  SSDEEP:24:G9vCD7OYs/dPrWq/bF/RRD7OYs/dPrPfuO4D7OYs/dPrcQtJc+u/rD7OYs/dPrru:GUOL1jWqjFZVOL1jx+OL1jBJc+u7OL1W
                                                                  MD5:3941CD60FA643ED248F99441154F151E
                                                                  SHA1:9300D366354B80085699A5CAF72F625EB706A19E
                                                                  SHA-256:0A5A52ACCFFFAFFBACC3FC4F4515ED7B73049FC088786B9B74CCAC76F490DD5B
                                                                  SHA-512:53040F13547713C2049A4CBE7248F0956A5CBF6773821A1A4ECEFAF40D1696A5FDD1EC4E6DE7638E84E99AFE8091AC376542901B3B8C29FAB6F5347C522E8F85
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:"https://fonts.googleapis.com/css?family=Product+Sans&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext"
                                                                  Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2) format('woff2');. unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;.}./* latin-ext */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1

                                                                  Chrome Cache Entry: 83

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 56276, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):56276
                                                                  Entropy (8bit):7.99584957081655
                                                                  Encrypted:true
                                                                  SSDEEP:768:NOCx/4iDbHOLS4ug42OPixaeyHQ10BBzqyg73BYnNE3f1pP0/U5st:NjDDbHO62ci4ecBBzqyiRYnNEP1pP0/d
                                                                  MD5:FD4BB1EE55C832AD5041CCC7E814B02C
                                                                  SHA1:957787D0EC02A6836D9753DC200B7363709F828F
                                                                  SHA-256:A739B70EB113F5ECCE39C737366B4ABC41AD4011F014C4462B1C539895CCE724
                                                                  SHA-512:ED393ABEE0B70D1D2A5820F9ECD59D55462DE63F83BA125F0112E941AE35891A4BCAD3931F4E92EE0EBD6A5440083E6D6F917E6B0BF5171037B60F7C88199A0D
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/roboto/v47/KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLmbXiAo.woff2
                                                                  Preview:wOF2..................h..........................f...b..R.`?STATV.....~........X..y.....6.$.... .... ..N[f......7z...U..([!...[._.X...TM.?..i7...,Y.Qf.....+.I.V..$....Ji..".<RJ).]_.Ji...SJs.....{..5H[...0q.H..f.O..3..G.N..B...q..S....vo...QNi5>.~..Ug..W9..O..)u~H...[..:s....._;b.^........k.L@T...4..q.K.7R)|U....G..;...q.....yp.)..H...H....Rp....#.A.........S.8WJ..*t....o..U.SK.....7.U.....a./3..s.zi.(sc.*j....\O.X..9.+@`.x....'.........:"J.....O|.{Ds63.{..rq...y..P.T.&J..._s..>P...P..*WE0..-.UW{.....S.7t......A.......#..AF.wtL4UN..&.."... ..(.@*..........U.7@s.F.0J.(J.D*..d..K...*HX...9.....B.DQ_.2?r.t..IH6..I.)..J...B.-...H....(.(.....".rzw..y.==.Z.k...mv..........u....I..e..q\4p,P.._..{fN..})*R.Y....Ca.....WU. HP$....-S.d .n`..17.e...~.5.../..1S.+?...M.d.4..0I......xS..BIQmS^,.+...9?....~e.TK.a.K..X.t.Pb.S.8..k.......RS.op^h..w9$..T...E..$.j......m......m.^.tx~../.&F..ZYL.B..m...{se.J.c...t.u.k3.M.f...u..Kg.~s.*..n<!_w......D..ma.T.

                                                                  Chrome Cache Entry: 84

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 35060, version 1.0
                                                                  Category:downloaded
                                                                  Size (bytes):35060
                                                                  Entropy (8bit):7.9934247518702914
                                                                  Encrypted:true
                                                                  SSDEEP:768:VWgzOJq8VMlI+d620JaSUhkJN1tLmkLqnEsKeeBClx7styedpa12:dSJBVMlfd6VJaSUCv1RmkavKetUXnZ
                                                                  MD5:0360DBC6E8C09DCE9183A1FD78F3BE2E
                                                                  SHA1:6CD4B65A94707AE941D78B12F082C968CB05EC92
                                                                  SHA-256:2DB6BC36808D43FA89029C652636E206FA3E889B35ECF71814AB85F8BA944AF3
                                                                  SHA-512:93C9F1856142DA0709F807CA3E5836065E61BC8160F9281FEC9244F31ED8AE8DF500CD5C64048AC59B4DBC36EBD18BA8E7FBCEEF58134DD76441079FAE147AB9
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
                                                                  Preview:wOF2..............u$..............................T....`..P.l..a.....D..;.."......6.$..@. ..,..6...[.]q..}:P..(....W.(........(;h 8..r.o...........k..........>..eZT\K.....4l..Z]...1B.1.G.....|..p..._..S/...^I.e..l.=.I1...0..L./..D..Y{.w...*.(.....Q..J....v.........z......Q/.K..f._...-..T.f...[..U.).>.K35v...n.?-thr......w.?[D.u.Q.}..i_.cp..0E.R5m.>I.......x......H."C,....2...q...E..r.?...R../.J..m..X97...E.fJ...=.Q.>..`.QXuw..e."........\^.....~....>M.....h.Q.-.......SM,;W......#..#.B.....K.o...`...z...t....".$..s....o.v...w.I.mg.$n....../...N.....8H........^.~....X.Q.,YB.U...uX.e.o.l..o.2f..^_].~.3w*........J$2)_.c8...&^.>...r.29.D&.I....T".H....O.2.$..r.\...1.}.ES~5...t.X`.x.gQk..e.L.N......{.6...4..G.....2.z...V...Vy.'..../.....'...z..i.G.......`...$@.k......1.....{PH.....qf......_...A.e..7.....C.?.^.....,......NDa<b..*F...:.....+..|.._I+.2.^......l...3..^.)qJ...0.....X.....yj....J"...lo..._j...Z...0...m..2.$.EBa.....w...|..2&!.$..!S/^'..*...r.U-.

                                                                  Chrome Cache Entry: 85

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with very long lines (1633), with no line terminators
                                                                  Category:downloaded
                                                                  Size (bytes):1633
                                                                  Entropy (8bit):5.756570073015658
                                                                  Encrypted:false
                                                                  SSDEEP:48:VKEcznfKo7dJ+CytXsN/HFmc8s1eLrwUnG:f3vXcJHFbHOsuG
                                                                  MD5:65C6F083BC6A0C82DCEB563A4E9EB583
                                                                  SHA1:639AB7890B1168D9AD748340BB1AFF749F113047
                                                                  SHA-256:866FE9CE0A109783BB187C571DEB817FE61A626AB824B8848236E5F42CA4B55C
                                                                  SHA-512:A28E4D1D86216900505E99F6C15A08503BE27A838D93A2E822BA20334B2830886FDE21B314C1A405B9CC652C2093C59E2A22D528C97FDBD3B56885199EB4AC0F
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  URL:https://www.google.com/recaptcha/api.js?trustedtypes=true
                                                                  Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A7vZI3v+Gz7JfuRolKNM4Aff6zaGuT7X0mf3wtoZTnKv6497cVMnhy03KDqX7kBz/q/iidW7srW31oQbBt4VhgoAAACUeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJEaXNhYmxlVGhpcmRQYXJ0eVN0b3JhZ2VQYXJ0aXRpb25pbmczIiwiZXhwaXJ5IjoxNzU3OTgwODAwLCJpc1N1YmRvbWFpbiI6dHJ1ZSwiaXNUaGlyZFBhcnR5Ijp0cnVlfQ==';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='tre

                                                                  Chrome Cache Entry: 86

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):15447
                                                                  Entropy (8bit):1.7278338539839808
                                                                  Encrypted:false
                                                                  SSDEEP:48:b/68u+k29W8sEvlxN+Y9Ml6BCj1L81/L8C+sc5IY7J9FPm:bSGkEWRQxNXesc5lFe
                                                                  MD5:8DF19EC399BE913884590015105AA584
                                                                  SHA1:5502576575AFF37A626934FA655C124291C58AD6
                                                                  SHA-256:D48A0F5A08249E1768C06ACA31C16D50D1216434E1C91BA322CF5521577A59E3
                                                                  SHA-512:89D09ED10A4E440A423443586F111E247C3BFB1BE58AEFC3E62586354EF21F0CCF66619F54F6BC06CD81DD81C57B60DFB3D052C37AE8DC0E972963B67B3380C0
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:.PNG........IHDR................a....pHYs...............;.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2015-08-12T10:01:56-04:00</xmp:CreateDate>. <xmp:ModifyDate>2015-08-18T09:59:41-04:00</xmp:ModifyDate>. <xmp

                                                                  Static File Info

                                                                  No static file info

                                                                  Network Behavior

                                                                  Download Network PCAP: filteredfull

                                                                  Network Port Distribution

                                                                  • Total Packets: 140
                                                                  • 443 (HTTPS)
                                                                  • 80 (HTTP)
                                                                  • 53 (DNS)
                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Apr 9, 2025 12:32:43.743462086 CEST49680443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:32:49.993105888 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:32:50.305888891 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:32:51.087171078 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:32:52.326201916 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:32:53.352015972 CEST49680443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:32:54.728707075 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:32:56.280735016 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:56.280797958 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:32:56.280890942 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:56.281090021 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:56.281109095 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:32:56.488473892 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:32:56.488559961 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:56.490015030 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:56.490026951 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:32:56.490438938 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:32:56.539446115 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:32:57.875416994 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.875479937 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:57.875544071 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.876425982 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.876478910 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:57.876616955 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.876840115 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.876852036 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:57.877037048 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:57.877051115 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.076630116 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.076702118 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.077452898 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.077522993 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.077600002 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.077651978 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.080313921 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.080374956 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.406970978 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.407010078 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.407361031 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.407541037 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.407578945 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.407856941 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.408135891 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.409432888 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:32:58.449060917 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:58.452277899 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:58.714170933 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:32:59.068363905 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.068381071 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.068454027 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.068489075 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.068547010 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.080415010 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.080498934 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.093939066 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.094023943 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.101288080 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.101358891 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.164192915 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.164269924 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.173002005 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.173079967 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.180157900 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.180212021 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.193491936 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.193555117 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.193619013 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.201256990 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.201302052 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.201318979 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.207516909 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.207575083 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.207585096 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.214633942 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.214680910 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.214692116 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.220865965 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.220917940 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.220926046 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.226723909 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.226789951 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.226800919 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.233489990 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.233539104 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.233547926 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.239825010 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.239852905 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.239898920 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.239909887 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.239945889 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.245202065 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.253786087 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.253818035 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.253830910 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.253844023 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.253878117 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.259211063 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.259357929 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.259403944 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.259649992 CEST49730443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:32:59.259664059 CEST44349730142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:32:59.327467918 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:32:59.540357113 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:33:00.528134108 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:33:00.953809977 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:00.996278048 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:01.071129084 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:01.071206093 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:01.071480989 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:01.071511030 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:01.071557045 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:01.071616888 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:01.109564066 CEST49727443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:01.109589100 CEST44349727142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:02.471528053 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.471528053 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.471632004 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.471777916 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.495345116 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.495390892 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.495534897 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.496153116 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.496166945 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.605019093 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.605057001 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.605263948 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.605454922 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.605465889 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.703632116 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.706367016 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.706417084 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.707379103 CEST49731443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.707396984 CEST44349731142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.716742992 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.717252970 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.717252970 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.717282057 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.717292070 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.717875957 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.717880964 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.814038038 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.814121962 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.814819098 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.814870119 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.816195011 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.816210985 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.816473961 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.816895962 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:02.864273071 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:02.937875032 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:33:02.965285063 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.965665102 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:02.965874910 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.967586994 CEST49751443192.168.2.4142.250.81.238
                                                                  Apr 9, 2025 12:33:02.967600107 CEST44349751142.250.81.238192.168.2.4
                                                                  Apr 9, 2025 12:33:03.032099009 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.032174110 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.032439947 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.038360119 CEST49753443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.038378000 CEST44349753142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.039365053 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.039417982 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.039839029 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.040499926 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.040524006 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.251058102 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.251183987 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.251837015 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.252285957 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.268739939 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.268760920 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.269752979 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.270230055 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.270257950 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.270402908 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.461766958 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.461996078 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.462263107 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.474569082 CEST49755443192.168.2.4142.250.65.174
                                                                  Apr 9, 2025 12:33:03.474592924 CEST44349755142.250.65.174192.168.2.4
                                                                  Apr 9, 2025 12:33:03.775363922 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:04.073503971 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.086520910 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:04.090739965 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.090827942 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.166878939 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.167918921 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.167939901 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.167984962 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.168051004 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.168843031 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.183933020 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.183957100 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.187963009 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.187983990 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.188014030 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.188050985 CEST49710443192.168.2.4204.79.197.222
                                                                  Apr 9, 2025 12:33:04.266113043 CEST44349710204.79.197.222192.168.2.4
                                                                  Apr 9, 2025 12:33:04.510763884 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:04.606012106 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:33:04.606107950 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:04.614092112 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:04.695938110 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:04.707552910 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:33:04.708163023 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:33:04.709897041 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:33:04.710026026 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:04.715121031 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:04.809910059 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:33:04.854221106 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:33:05.901285887 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:07.750248909 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:33:08.320102930 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:09.145014048 CEST49671443192.168.2.4204.79.197.203
                                                                  Apr 9, 2025 12:33:13.133635998 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:17.355823994 CEST49678443192.168.2.420.189.173.27
                                                                  Apr 9, 2025 12:33:22.743820906 CEST4968180192.168.2.42.17.190.73
                                                                  Apr 9, 2025 12:33:56.244627953 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:56.244677067 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:56.244745016 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:56.244932890 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:56.244946003 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:56.443928003 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:33:56.444370031 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:33:56.444403887 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:34:05.130664110 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:34:05.226135969 CEST8049761142.251.35.163192.168.2.4
                                                                  Apr 9, 2025 12:34:05.226190090 CEST4976180192.168.2.4142.251.35.163
                                                                  Apr 9, 2025 12:34:06.455938101 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:34:06.456098080 CEST44349770142.251.40.132192.168.2.4
                                                                  Apr 9, 2025 12:34:06.456177950 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:34:08.183859110 CEST49770443192.168.2.4142.251.40.132
                                                                  Apr 9, 2025 12:34:08.183900118 CEST44349770142.251.40.132192.168.2.4
                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Apr 9, 2025 12:32:51.978074074 CEST53647461.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:52.145365000 CEST53493381.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:52.958030939 CEST53596121.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:53.105799913 CEST53578831.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:56.181869984 CEST6175753192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:32:56.182118893 CEST5959653192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:32:56.279072046 CEST53617571.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:56.279383898 CEST53595961.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:57.734024048 CEST6386353192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:32:57.734330893 CEST4984553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:32:57.832504988 CEST53498451.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:57.832967997 CEST53638631.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:59.249253035 CEST53564611.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:32:59.252758980 CEST53649451.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:01.507076025 CEST53618701.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:02.286248922 CEST53605151.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:02.504342079 CEST5070153192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:33:02.505875111 CEST5908653192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:33:02.603203058 CEST53507011.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:02.603698969 CEST53590861.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:03.594476938 CEST6132553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:33:03.594847918 CEST6208853192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:33:03.687314987 CEST53639921.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:03.692328930 CEST53613251.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:03.692477942 CEST53620881.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:10.445481062 CEST53500171.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:29.268481016 CEST53492931.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:51.648565054 CEST53635861.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:52.070050955 CEST53523111.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:54.638385057 CEST53648041.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:33:57.483799934 CEST138138192.168.2.4192.168.2.255
                                                                  Apr 9, 2025 12:34:02.184849977 CEST5821953192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:02.185152054 CEST6507253192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:02.282064915 CEST53582191.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:02.282839060 CEST53650721.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:03.206291914 CEST6332653192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:03.206439972 CEST6334853192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:03.304375887 CEST53633261.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:03.305264950 CEST53633481.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:04.186702967 CEST6433853192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:04.186702967 CEST4995953192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:04.284955025 CEST53499591.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:04.285742998 CEST53643381.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:05.233510017 CEST5928553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:05.331660032 CEST53592851.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:06.243483067 CEST5928553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:06.340646029 CEST53592851.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:07.242961884 CEST5928553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:07.340516090 CEST53592851.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:09.258501053 CEST5928553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:09.355865955 CEST53592851.1.1.1192.168.2.4
                                                                  Apr 9, 2025 12:34:13.259049892 CEST5928553192.168.2.41.1.1.1
                                                                  Apr 9, 2025 12:34:13.357084990 CEST53592851.1.1.1192.168.2.4

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Apr 9, 2025 12:32:56.181869984 CEST192.168.2.41.1.1.10x664Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:32:56.182118893 CEST192.168.2.41.1.1.10xbc8cStandard query (0)www.google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:32:57.734024048 CEST192.168.2.41.1.1.10x716aStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:32:57.734330893 CEST192.168.2.41.1.1.10xd11fStandard query (0)docs.google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:33:02.504342079 CEST192.168.2.41.1.1.10x9563Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:33:02.505875111 CEST192.168.2.41.1.1.10xc599Standard query (0)play.google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:33:03.594476938 CEST192.168.2.41.1.1.10xb528Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:33:03.594847918 CEST192.168.2.41.1.1.10xc590Standard query (0)play.google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.184849977 CEST192.168.2.41.1.1.10x77bdStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.185152054 CEST192.168.2.41.1.1.10xc4f8Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:34:03.206291914 CEST192.168.2.41.1.1.10xa09cStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:03.206439972 CEST192.168.2.41.1.1.10x23fbStandard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:34:04.186702967 CEST192.168.2.41.1.1.10x22d0Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:04.186702967 CEST192.168.2.41.1.1.10x5df9Standard query (0)google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:34:05.233510017 CEST192.168.2.41.1.1.10x4664Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:06.243483067 CEST192.168.2.41.1.1.10x4664Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:07.242961884 CEST192.168.2.41.1.1.10x4664Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:09.258501053 CEST192.168.2.41.1.1.10x4664Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:13.259049892 CEST192.168.2.41.1.1.10x4664Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Apr 9, 2025 12:32:56.279072046 CEST1.1.1.1192.168.2.40x664No error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:32:56.279383898 CEST1.1.1.1192.168.2.40xbc8cNo error (0)www.google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:32:57.832967997 CEST1.1.1.1192.168.2.40x716aNo error (0)docs.google.com142.250.81.238A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:33:02.603203058 CEST1.1.1.1192.168.2.40x9563No error (0)play.google.com142.250.65.174A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:33:03.692328930 CEST1.1.1.1192.168.2.40xb528No error (0)play.google.com142.250.65.206A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.282064915 CEST1.1.1.1192.168.2.40x77bdNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.282064915 CEST1.1.1.1192.168.2.40x77bdNo error (0)beacons-handoff.gcp.gvt2.comgce-beacons.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.282064915 CEST1.1.1.1192.168.2.40x77bdNo error (0)gce-beacons.gcp.gvt2.com35.227.218.218A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:02.282839060 CEST1.1.1.1192.168.2.40xc4f8No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:03.304375887 CEST1.1.1.1192.168.2.40xa09cNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:03.304375887 CEST1.1.1.1192.168.2.40xa09cNo error (0)beacons-handoff.gcp.gvt2.com142.251.186.94A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:03.305264950 CEST1.1.1.1192.168.2.40x23fbNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:04.284955025 CEST1.1.1.1192.168.2.40x5df9No error (0)google.com65IN (0x0001)false
                                                                  Apr 9, 2025 12:34:04.285742998 CEST1.1.1.1192.168.2.40x22d0No error (0)google.com142.251.40.238A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:05.331660032 CEST1.1.1.1192.168.2.40x4664No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:05.331660032 CEST1.1.1.1192.168.2.40x4664No error (0)beacons-handoff.gcp.gvt2.com64.233.185.94A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:06.340646029 CEST1.1.1.1192.168.2.40x4664No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:06.340646029 CEST1.1.1.1192.168.2.40x4664No error (0)beacons-handoff.gcp.gvt2.com64.233.185.94A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:07.340516090 CEST1.1.1.1192.168.2.40x4664No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:07.340516090 CEST1.1.1.1192.168.2.40x4664No error (0)beacons-handoff.gcp.gvt2.com64.233.185.94A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:09.355865955 CEST1.1.1.1192.168.2.40x4664No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:09.355865955 CEST1.1.1.1192.168.2.40x4664No error (0)beacons-handoff.gcp.gvt2.com64.233.185.94A (IP address)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:13.357084990 CEST1.1.1.1192.168.2.40x4664No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                  Apr 9, 2025 12:34:13.357084990 CEST1.1.1.1192.168.2.40x4664No error (0)beacons-handoff.gcp.gvt2.com64.233.185.94A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • docs.google.com
                                                                    • www.google.com
                                                                    • play.google.com
                                                                  • c.pki.goog

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                  0192.168.2.449761142.251.35.16380
                                                                  TimestampBytes transferredDirectionData
                                                                  Apr 9, 2025 12:33:04.614092112 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                                                                  Cache-Control: max-age = 3000
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                                                  User-Agent: Microsoft-CryptoAPI/10.0
                                                                  Host: c.pki.goog
                                                                  Apr 9, 2025 12:33:04.708163023 CEST1254INHTTP/1.1 200 OK
                                                                  Accept-Ranges: bytes
                                                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                                                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                                                  Content-Length: 1739
                                                                  X-Content-Type-Options: nosniff
                                                                  Server: sffe
                                                                  X-XSS-Protection: 0
                                                                  Date: Wed, 09 Apr 2025 10:26:39 GMT
                                                                  Expires: Wed, 09 Apr 2025 11:16:39 GMT
                                                                  Cache-Control: public, max-age=3000
                                                                  Age: 385
                                                                  Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT
                                                                  Content-Type: application/pkix-crl
                                                                  Vary: Accept-Encoding
                                                                  Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a [TRUNCATED]
                                                                  Data Ascii: 000*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00*D141125000000Z00U0*)E141125000000Z00U0* h141125000000Z00U0*,^141125000000Z00U0*KZ160107000000Z00U0*/NIR170419000000Z00U0*/NG170419000000Z00U0*/N9191120000000Z00U0*/N=k191204000000Z00U
                                                                  Apr 9, 2025 12:33:04.709897041 CEST1198INData Raw: 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2f 4e e1 3b 58 17 0d 31 39 31 32 30 34 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 47 c3 0f ff 8a 61 9a 37 f5 a8 2e f0 b5 75 17 0d 32 30 30 36 33 30 30 30 30 30 30 30 5a 30
                                                                  Data Ascii: 0*/N;X191204000000Z00U0-Ga7.u200630000000Z00U0-GA>ThA200630000000Z00U0-GK&TA+200630000000Z00U0*6::200711160000Z00U0/vSBS
                                                                  Apr 9, 2025 12:33:04.715121031 CEST200OUTGET /r/r4.crl HTTP/1.1
                                                                  Cache-Control: max-age = 3000
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                                  User-Agent: Microsoft-CryptoAPI/10.0
                                                                  Host: c.pki.goog
                                                                  Apr 9, 2025 12:33:04.809910059 CEST1243INHTTP/1.1 200 OK
                                                                  Accept-Ranges: bytes
                                                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                                                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                                                  Content-Length: 530
                                                                  X-Content-Type-Options: nosniff
                                                                  Server: sffe
                                                                  X-XSS-Protection: 0
                                                                  Date: Wed, 09 Apr 2025 10:08:38 GMT
                                                                  Expires: Wed, 09 Apr 2025 10:58:38 GMT
                                                                  Cache-Control: public, max-age=3000
                                                                  Age: 1466
                                                                  Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                                                                  Content-Type: application/pkix-crl
                                                                  Vary: Accept-Encoding
                                                                  Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
                                                                  Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.449730142.250.81.2384435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:32:58 UTC1030OUTGET /forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform HTTP/1.1
                                                                  Host: docs.google.com
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                  sec-ch-ua-mobile: ?0
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Upgrade-Insecure-Requests: 1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  X-Browser-Channel: stable
                                                                  X-Browser-Year: 2025
                                                                  X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=
                                                                  X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.
                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: navigate
                                                                  Sec-Fetch-User: ?1
                                                                  Sec-Fetch-Dest: document
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2025-04-09 10:32:59 UTC3979INHTTP/1.1 200 OK
                                                                  Content-Type: text/html; charset=utf-8
                                                                  X-Robots-Tag: noindex, nofollow, nosnippet
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Wed, 09 Apr 2025 10:32:59 GMT
                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
                                                                  Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-wnJGIndebx025H_GDzY9SA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
                                                                  Origin-Trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  Reporting-Endpoints: default="/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/web-reports?bl=apps-forms.freebird_20250401.02_p1&context=eJwNx3lQ1GUcx_GH3-95viIIwoLLtWxB5IwwMkCWpmjBssuhgmPigxMEEusIgRAyHk3l8Yc6EOhIHFoKcSQBS2aSg-WBDYY1GGiDouaM5rmsLZAbxyT0-eM178_HZcTFwSSrc5bM4irZuJtkjR6S6TWS9WglW-gj2UevSha2ULLD4ZIVLpJsf6xktXBjo2SPYXaOZH7waYlkFXBzt2RPYEm5ZAkwdEiyp5BaJZkZpmslcz8iWdBlySLB-lyyKdjmkGwfnAxIYxchXp_GJBQkprFPYODdNHYP_l0wrEzDis2jigksP48qnWC_N6aMQ_5uh1IC6l6H4gqjH4wrkyCWTyhu8ABscN88oVhhV-mEsh-mr0wq9OukUqaZUipB_9WUMh9c2IyigQe6GcUGaTtnlCxIb3JScyClXlElhPYoahRsV1V1F_y-VlVvQNgeVX0NdPtVNQQqHqpqNayxL-VpUOlYxr-AWzXR_D7MtEfzWZZoXrtkOa-HLPk23wzzA2N4OBxIiOGHoDwphldB4bMYvh3WtcXydOhpj-V9UL7CwKvgmyID_w5Sthm4hNCTBh4FVacM_Bg87TTwUZgKiuNKcBz_O8jIp-GvMCMfhvZcIz8NPR8aeR_0nzPym_DkkZGPgDHYxIshIMvEX4GgHSYeCcaUBJ4KZakJvBKui0R-G1y9ErkXRM9K4nGQ7JLE10PKO3VCQsmZOvExeI_ViRDIeF4vzKDzahAh0BzWIDrhzTuNIga67I2iG7Ijm0QxROU3iaWQ9wAfLhc0i0Gw__S1GIfZlhPCE84_OyGuQtdLLaIbeje0iH64e7pFPILJ6lbhVNMqFGurcAHjyjaxGhyr28QLSK1pE2aoamkT [TRUNCATED]
                                                                  Document-Policy: include-js-call-stacks-in-crash-reports
                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                  X-Content-Type-Options: nosniff
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Server: GSE
                                                                  Set-Cookie: S=spreadsheet_forms=RL6dCFnTK4lVN8qq_RIx0O5s10zxPkAl8FGi4tW2OVY; Domain=.docs.google.com; Expires=Wed, 09-Apr-2025 11:32:59 GMT; Path=/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw; Secure; HttpOnly; Priority=LOW; SameSite=none
                                                                  Set-Cookie: COMPASS=spreadsheet_forms=CjIACWuJVxFRNvgab4_DduDSArS5Ksfdqn1ZMeEWopngrk8QNN03Gn6b9AlWzKtH4cd3tRDrtdm_BhpDAAlriVeGY0FP9OONgsYhKasJPl0fpm0XLoEnttYPEr7JNQisw_4Zow-W819IJSxUZcmxaU-6rTzXeqS0p1xCZao3sw==; Domain=.docs.google.com; Expires=Wed, 09-Apr-2025 11:32:59 GMT; Path=/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw; Secure; HttpOnly; Priority=LOW; SameSite=none
                                                                  Set-Cookie: NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0; expires=Thu, 09-Oct-2025 10:32:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 37 30 30 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 48 42 31 65 43 64 2d 55 4d 72 6e 6d 62 20 50 48 4f 63 56 62 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 73 70 72 65 61 64 73 68 65 65 74 73 2f 66 6f 72 6d 73 2f 66 61 76 69 63 6f 6e 5f 71 70 32 2e 70 6e 67 22 3e 3c 74 69 74 6c 65 3e 45 6e 72 6f 6c 6c 20 69 6e 20 45 6d 61 69 6c 20 49 6e 76 6f 69 63 65 73 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73
                                                                  Data Ascii: 7006<!DOCTYPE html><html class="HB1eCd-UMrnmb PHOcVb"><head><link rel="shortcut icon" sizes="16x16" href="https://ssl.gstatic.com/docs/spreadsheets/forms/favicon_qp2.png"><title>Enroll in Email Invoices</title><link rel="stylesheet" href="https://www.gs
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 69 73 4c 6f 63 61 6c 22 3a 66 61 6c 73 65 2c 22 75 72 6c 22 3a 22 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 34 37 2f 4b 46 4f 4d 43 6e 71 45 75 39 32 46 72 31 4d 45 37 6b 53 6e 36 36 61 47 4c 64 54 79 6c 55 41 4d 51 58 43 38 39 59 6d 43 32 44 50 4e 57 75 59 61 61 6d 6d 57 2e 77 6f 66 66 32 22 7d 5d 2c 22 73 74 79 6c 65 22 3a 22 6e 6f 72 6d 61 6c 22 2c 22 73 75 62 73 65 74 22 3a 22 41 4c 4c 22 2c 22 73 75 62 73 65 74 56 61 6c 75 65 22 3a 22 2a 22 2c 22 77 65 69 67 68 74 22 3a 36 30 30 2c 22 77 65 69 67 68 74 65 64 46 6f 6e 74 46 61 6d 69 6c 79 22 3a 22 52 6f 62 6f 74 6f 20 53 65 6d 69 42 6f 6c 64 22 7d 2c 7b 22 66 6f 6e 74 44 72 61 77 53 69 7a 65 22 3a 7b 22 53 54 79 70 6f 41 73 63 65 6e 64 65 72 22 3a 31 35
                                                                  Data Ascii: isLocal":false,"url":"//fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuYaammW.woff2"}],"style":"normal","subset":"ALL","subsetValue":"*","weight":600,"weightedFontFamily":"Roboto SemiBold"},{"fontDrawSize":{"STypoAscender":15
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 75 33 72 31 67 49 68 4f 73 7a 6d 4f 43 6c 48 72 73 36 6c 6a 58 66 4d 4d 4c 6f 48 51 69 41 6f 2e 77 6f 66 66 32 22 7d 5d 2c 22 73 74 79 6c 65 22 3a 22 69 74 61 6c 69 63 22 2c 22 73 75 62 73 65 74 22 3a 22 41 4c 4c 22 2c 22 73 75 62 73 65 74 56 61 6c 75 65 22 3a 22 2a 22 2c 22 77 65 69 67 68 74 22 3a 34 30 30 2c 22 77 65 69 67 68 74 65 64 46 6f 6e 74 46 61 6d 69 6c 79 22 3a 22 52 6f 62 6f 74 6f 20 52 65 67 75 6c 61 72 22 7d 2c 7b 22 66 6f 6e 74 44 72 61 77 53 69 7a 65 22 3a 7b 22 53 54 79 70 6f 41 73 63 65 6e 64 65 72 22 3a 31 35 33 36 2c 22 53 54 79 70 6f 44 65 73 63 65 6e 64 65 72 22 3a 2d 35 31 32 2c 22 53 54 79 70 6f 4c 69 6e 65 47 61 70 22 3a 31 30 32 2c 22 61 73 63 65 6e 64 65 72 22 3a 31 39 30 30 2c 22 63 6d 61 70 46 6f 72 6d 61 74 32 22 3a 66 61 6c
                                                                  Data Ascii: u3r1gIhOszmOClHrs6ljXfMMLoHQiAo.woff2"}],"style":"italic","subset":"ALL","subsetValue":"*","weight":400,"weightedFontFamily":"Roboto Regular"},{"fontDrawSize":{"STypoAscender":1536,"STypoDescender":-512,"STypoLineGap":102,"ascender":1900,"cmapFormat2":fal
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 61 63 65 73 20 3d 20 6e 75 6c 6c 3b 20 5f 64 6f 63 73 5f 77 65 62 66 6f 6e 74 73 5f 69 66 72 61 6d 65 5f 66 6f 6e 74 46 61 63 65 73 20 3d 20 6e 75 6c 6c 3b 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 5f 64 6f 63 73 5f 77 65 62 66 6f 6e 74 73 5f 63 72 65 61 74 65 46 6f 6e 74 46 61 63 65 73 20 3d 20 66 75 6e 63 74 69 6f 6e 28 64 6f 63 29 20 7b 69 66 20 28 64 6f 63 20 26 26 20 64 6f 63 2e 66 6f 6e 74 73 29 20 7b 76 61 72 20 77 69 6e 20 3d 20 77 69 6e 64 6f 77 3b 20 76 61 72 20 66 6f 6e 74 46 61 63 65 4f 62 6a 65 63 74 20 3d 20 7b 7d 3b 20 76 61 72 20 64 6f 63 73 5f 66 6f 6e 74 46 61 63 65 73 5f 64 61 74 61 20 3d 20 7b 22 52 6f 62 6f 74 6f 2d 34 30 30 2d 6e 6f 72 6d 61 6c 22 3a 7b 22 66 6f 6e 74 46 61 6d 69 6c 79 22 3a 22 64 6f 63 73 2d 52 6f 62 6f 74 6f 22 2c 22
                                                                  Data Ascii: aces = null; _docs_webfonts_iframe_fontFaces = null;(function() {_docs_webfonts_createFontFaces = function(doc) {if (doc && doc.fonts) {var win = window; var fontFaceObject = {}; var docs_fontFaces_data = {"Roboto-400-normal":{"fontFamily":"docs-Roboto","
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 6f 76 4b 48 73 62 5c 22 5d 2c 5b 34 35 36 37 33 36 38 36 2c 6e 75 6c 6c 2c 66 61 6c 73 65 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 54 56 64 6b 75 63 5c 22 5d 2c 5b 34 35 36 37 37 34 36 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 71 62 36 36 68 64 5c 22 2c 5b 5c 22 5b 5d 5c 22 5d 5d 2c 5b 34 35 36 37 33 36 38 37 2c 6e 75 6c 6c 2c 66 61 6c 73 65 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 4f 51 4b 67 6b 64 5c 22 5d 2c 5b 34 35 36 38 31 31 34 35 2c 6e 75 6c 6c 2c 66 61 6c 73 65 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 68 56 36 6b 63 64 5c 22 5d 2c 5b 34 35 36 37 38 32 36 35 2c 6e 75 6c 6c 2c 66 61 6c 73 65 2c 6e 75 6c 6c 2c 6e 75
                                                                  Data Ascii: null,null,null,\"ovKHsb\"],[45673686,null,false,null,null,null,\"TVdkuc\"],[45677461,null,null,null,null,null,\"qb66hd\",[\"[]\"]],[45673687,null,false,null,null,null,\"OQKgkd\"],[45681145,null,false,null,null,null,\"hV6kcd\"],[45678265,null,false,null,nu
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 51 46 62 65 2e 75 33 62 57 34 65 20 3e 20 2e 4d 62 68 55 7a 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 37 36 2c 20 31 37 35 2c 20 38 30 2c 20 30 2e 31 35 29 3b 7d 2e 77 47 51 46 62 65 2e 77 47 51 46 62 65 3a 68 6f 76 65 72 20 3e 20 2e 4d 62 68 55 7a 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 37 36 2c 20 31 37 35 2c 20 38 30 2c 20 30 2e 30 34 29 3b 7d 2e 77 47 51 46 62 65 2e 77 47 51 46 62 65 3a 66 6f 63 75 73 20 3e 20 2e 4d 62 68 55 7a 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 37 36 2c 20 31 37 35 2c 20 38 30 2c 20 30 2e 31 35 29 3b 7d 2e 42 4a 48 41 50 2e 4e 32 52 70 42 65 2e 52 44 50 5a 45 2c 20 2e 42 4a 48 41 50 2e 42 36 56 68 71 65 2e 52 44 50 5a
                                                                  Data Ascii: QFbe.u3bW4e > .MbhUzd {background-color: rgba(76, 175, 80, 0.15);}.wGQFbe.wGQFbe:hover > .MbhUzd {background-color: rgba(76, 175, 80, 0.04);}.wGQFbe.wGQFbe:focus > .MbhUzd {background-color: rgba(76, 175, 80, 0.15);}.BJHAP.N2RpBe.RDPZE, .BJHAP.B6Vhqe.RDPZ
                                                                  2025-04-09 10:32:59 UTC3979INData Raw: 73 2d 77 69 74 68 69 6e 20 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 20 31 34 35 2c 20 30 29 3b 7d 2e 4c 4b 48 30 67 65 20 2e 49 73 37 46 68 62 20 7b 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 20 31 34 35 2c 20 30 29 3b 7d 2e 4c 4b 48 30 67 65 2e 75 33 62 57 34 65 20 2e 73 6e 42 79 61 63 20 7b 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 20 31 34 35 2c 20 30 29 3b 7d 2e 4c 4b 48 30 67 65 2e 49 59 65 77 72 20 2e 6f 4a 65 57 75 66 2e 6d 49 5a 68 31 63 2c 20 2e 4c 4b 48 30 67 65 2e 49 59 65 77 72 20 2e 6f 4a 65 57 75 66 2e 63 58 72 64 71 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 31 30 2c 20 32 33 35 2c 20 32 31 31 29 3b 7d 2e 77 68 73 4f 6e 64 3a 6e 6f 74 28 5b 64 69 73 61 62 6c 65 64 5d 29
                                                                  Data Ascii: s-within {border-bottom-color: rgb(0, 145, 0);}.LKH0ge .Is7Fhb {color: rgb(0, 145, 0);}.LKH0ge.u3bW4e .snByac {color: rgb(0, 145, 0);}.LKH0ge.IYewr .oJeWuf.mIZh1c, .LKH0ge.IYewr .oJeWuf.cXrdqd {background-color: rgb(210, 235, 211);}.whsOnd:not([disabled])
                                                                  2025-04-09 10:32:59 UTC833INData Raw: 3a 20 31 2e 35 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 3b 7d 2e 4f 49 43 39 30 63 2c 20 2e 4f 49 43 39 30 63 2e 52 6a 73 50 45 2c 20 2e 4f 49 43 39 30 63 20 2e 7a 48 51 6b 42 66 2c 20 2e 4f 49 43 39 30 63 20 2e 57 69 63 30 33 63 20 2e 74 4c 39 51 34 63 2c 20 2e 4f 49 43 39 30 63 20 2e 49 39 4f 4a 48 65 20 2e 4b 52 6f 71 52 63 2c 20 2e 4f 49 43 39 30 63 20 2e 50 79 72 42 34 2c 20 2e 4f 49 43 39 30 63 20 2e 73 6e 42 79 61 63 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 64 6f 63 73 2d 52 6f 62 6f 74 6f 27 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 74 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 3b 7d 2e 4f 49 43 39 30 63 20
                                                                  Data Ascii: : 1.5;letter-spacing: 0;}.OIC90c, .OIC90c.RjsPE, .OIC90c .zHQkBf, .OIC90c .Wic03c .tL9Q4c, .OIC90c .I9OJHe .KRoqRc, .OIC90c .PyrB4, .OIC90c .snByac {font-family: 'docs-Roboto'; font-weight: 400;font-size: 11pt; line-height: 1.5;letter-spacing: 0;}.OIC90c
                                                                  2025-04-09 10:32:59 UTC1220INData Raw: 34 30 30 32 0d 0a 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 3f 74 72 75 73 74 65 64 74 79 70 65 73 3d 74 72 75 65 22 20 61 73 79 6e 63 20 64 65 66 65 72 20 6e 6f 6e 63 65 3d 22 77 6e 4a 47 49 6e 64 65 62 78 30 32 35 48 5f 47 44 7a 59 39 53 41 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 77 6e 4a 47 49 6e 64 65 62 78 30 32 35 48 5f 47 44 7a 59 39 53 41 22 3e 5f 64 6f 63 73 5f 66 6c 61 67 5f 69 6e 69 74 69 61 6c 44 61 74 61 3d 7b 22 64 6f 63 73 2d 61 69 6c 73 22 3a 22 64 6f 63 73 5f 63 6f 6c 64 22 2c 22 64 6f 63 73 2d 66 77 64 73 22 3a 22 64 6f 63 73 5f 6e 66 22 2c 22 64 6f 63 73 2d 63 72 73 22 3a 22 64 6f 63 73 5f 63 72 73 5f 6e 6c 6f 22 2c 22 64 6f 63 73 2d
                                                                  Data Ascii: 4002ps://www.google.com/recaptcha/api.js?trustedtypes=true" async defer nonce="wnJGIndebx025H_GDzY9SA"></script><script nonce="wnJGIndebx025H_GDzY9SA">_docs_flag_initialData={"docs-ails":"docs_cold","docs-fwds":"docs_nf","docs-crs":"docs_crs_nlo","docs-
                                                                  2025-04-09 10:32:59 UTC1220INData Raw: 22 2c 22 64 6f 63 73 2d 66 73 75 22 3a 22 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 6f 6f 6c 73 2f 66 65 65 64 62 61 63 6b 22 2c 22 64 6f 63 73 2d 6f 62 73 49 6d 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 63 6f 6d 6d 6f 6e 2f 6e 65 74 63 68 65 63 6b 2e 67 69 66 22 2c 22 64 6f 63 73 2d 74 65 78 74 2d 65 77 66 22 3a 74 72 75 65 2c 22 64 6f 63 73 2d 77 66 73 6c 22 3a 5b 22 63 61 22 2c 22 64 61 22 2c 22 64 65 22 2c 22 65 6e 22 2c 22 65 73 22 2c 22 66 69 22 2c 22 66 72 22 2c 22 69 74 22 2c 22 6e 6c 22 2c 22 6e 6f 22 2c 22 70 74 22 2c 22 73 76 22 5d 2c 22 64 6f 63 73 2d 65 66 72 73 64 65 22 3a 74 72 75 65 2c 22 64 6f 63 73 2d 65 66 70 73 66 22 3a 74 72 75 65 2c 22 64 6f 63 73 2d 65 64 66 6e 22
                                                                  Data Ascii: ","docs-fsu":"www.google.com/tools/feedback","docs-obsImUrl":"https://ssl.gstatic.com/docs/common/netcheck.gif","docs-text-ewf":true,"docs-wfsl":["ca","da","de","en","es","fi","fr","it","nl","no","pt","sv"],"docs-efrsde":true,"docs-efpsf":true,"docs-edfn"


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.449727142.251.40.1324435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:33:00 UTC887OUTGET /recaptcha/api.js?trustedtypes=true HTTP/1.1
                                                                  Host: www.google.com
                                                                  Connection: keep-alive
                                                                  sec-ch-ua-platform: "Windows"
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                  sec-ch-ua-mobile: ?0
                                                                  Accept: */*
                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                  Sec-Fetch-Site: same-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: script
                                                                  Referer: https://docs.google.com/
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
                                                                  2025-04-09 10:33:01 UTC749INHTTP/1.1 200 OK
                                                                  Content-Type: text/javascript; charset=utf-8
                                                                  Expires: Wed, 09 Apr 2025 10:33:01 GMT
                                                                  Date: Wed, 09 Apr 2025 10:33:01 GMT
                                                                  Cache-Control: private, max-age=300
                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
                                                                  Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
                                                                  Server: ESF
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2025-04-09 10:33:01 UTC471INData Raw: 36 36 31 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67
                                                                  Data Ascii: 661/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.g
                                                                  2025-04-09 10:33:01 UTC1169INData Raw: 63 72 69 70 74 27 3b 70 6f 2e 61 73 79 6e 63 3d 74 72 75 65 3b 20 70 6f 2e 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3b 76 61 72 20 76 3d 77 2e 6e 61 76 69 67 61 74 6f 72 2c 6d 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 6d 65 74 61 27 29 3b 6d 2e 68 74 74 70 45 71 75 69 76 3d 27 6f 72 69 67 69 6e 2d 74 72 69 61 6c 27 3b 6d 2e 63 6f 6e 74 65 6e 74 3d 27 41 37 76 5a 49 33 76 2b 47 7a 37 4a 66 75 52 6f 6c 4b 4e 4d 34 41 66 66 36 7a 61 47 75 54 37 58 30 6d 66 33 77 74 6f 5a 54 6e 4b 76 36 34 39 37 63 56 4d 6e 68 79 30 33 4b 44 71 58 37 6b 42 7a 2f 71 2f 69 69 64 57 37 73 72 57 33 31 6f 51 62 42 74 34 56 68 67 6f 41 41 41 43 55 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 33 64 33 64 79 35 6e 62 32 39 6e 62 47 55 75
                                                                  Data Ascii: cript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A7vZI3v+Gz7JfuRolKNM4Aff6zaGuT7X0mf3wtoZTnKv6497cVMnhy03KDqX7kBz/q/iidW7srW31oQbBt4VhgoAAACUeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUu
                                                                  2025-04-09 10:33:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.449731142.250.81.2384435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:33:02 UTC1455OUTPOST /forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/null/d/null/naLogImpressions HTTP/1.1
                                                                  Host: docs.google.com
                                                                  Connection: keep-alive
                                                                  Content-Length: 5620
                                                                  X-Client-Deadline-Ms: 20000
                                                                  sec-ch-ua-platform: "Windows"
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                  Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                  sec-ch-ua-mobile: ?0
                                                                  X-Same-Domain: 1
                                                                  Accept: */*
                                                                  Origin: https://docs.google.com
                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                  Sec-Fetch-Site: same-origin
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Referer: https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: S=spreadsheet_forms=RL6dCFnTK4lVN8qq_RIx0O5s10zxPkAl8FGi4tW2OVY; COMPASS=spreadsheet_forms=CjIACWuJVxFRNvgab4_DduDSArS5Ksfdqn1ZMeEWopngrk8QNN03Gn6b9AlWzKtH4cd3tRDrtdm_BhpDAAlriVeGY0FP9OONgsYhKasJPl0fpm0XLoEnttYPEr7JNQisw_4Zow-W819IJSxUZcmxaU-6rTzXeqS0p1xCZao3sw==; NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
                                                                  2025-04-09 10:33:02 UTC5620OUTData Raw: 69 6d 70 72 65 73 73 69 6f 6e 42 61 74 63 68 3d 25 35 42 25 35 42 25 35 42 6e 75 6c 6c 25 32 43 6e 75 6c 6c 25 32 43 31 25 32 43 31 37 34 34 31 39 34 37 38 31 39 32 39 30 30 30 25 32 43 6e 75 6c 6c 25 32 43 6e 75 6c 6c 25 32 43 6e 75 6c 6c 25 32 43 25 35 42 25 35 42 31 37 34 34 31 39 34 37 38 31 39 32 39 30 30 30 25 35 44 25 32 43 6e 75 6c 6c 25 32 43 31 25 35 44 25 32 43 6e 75 6c 6c 25 32 43 37 31 36 25 32 43 6e 75 6c 6c 25 32 43 31 25 32 43 31 25 35 44 25 35 44 25 32 43 25 35 42 25 32 32 43 4a 44 35 34 66 48 66 79 6f 77 44 46 64 65 47 64 77 51 64 4a 35 41 6e 56 67 25 32 32 25 32 43 31 37 34 34 31 39 34 37 38 31 39 32 38 30 30 30 25 32 43 31 37 34 34 31 39 34 37 37 38 39 38 37 36 36 33 25 32 43 25 32 32 41 44 46 4e 2d 63 73 6c 46 37 54 51 62 64 66 51 7a
                                                                  Data Ascii: impressionBatch=%5B%5B%5Bnull%2Cnull%2C1%2C1744194781929000%2Cnull%2Cnull%2Cnull%2C%5B%5B1744194781929000%5D%2Cnull%2C1%5D%2Cnull%2C716%2Cnull%2C1%2C1%5D%5D%2C%5B%22CJD54fHfyowDFdeGdwQdJ5AnVg%22%2C1744194781928000%2C1744194778987663%2C%22ADFN-cslF7TQbdfQz
                                                                  2025-04-09 10:33:02 UTC944INHTTP/1.1 404 Not Found
                                                                  Content-Type: application/json; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Wed, 09 Apr 2025 10:33:02 GMT
                                                                  X-Content-Type-Options: nosniff
                                                                  x-chromium-appcache-fallback-override: disallow-fallback
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
                                                                  Origin-Trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Server: GSE
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2025-04-09 10:33:02 UTC71INData Raw: 34 31 0d 0a 29 5d 7d 27 0a 0a 5b 5b 22 65 72 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 34 30 34 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 35 5d 2c 5b 22 64 69 22 2c 31 31 5d 5d 0d 0a
                                                                  Data Ascii: 41)]}'[["er",null,null,null,null,404,null,null,null,5],["di",11]]
                                                                  2025-04-09 10:33:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.449751142.250.81.2384435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:33:02 UTC1454OUTPOST /forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/null/d/null/font/getmetadata HTTP/1.1
                                                                  Host: docs.google.com
                                                                  Connection: keep-alive
                                                                  Content-Length: 237
                                                                  X-Client-Deadline-Ms: 20000
                                                                  sec-ch-ua-platform: "Windows"
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                  Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                  sec-ch-ua-mobile: ?0
                                                                  X-Same-Domain: 1
                                                                  Accept: */*
                                                                  Origin: https://docs.google.com
                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                  Sec-Fetch-Site: same-origin
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Referer: https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: S=spreadsheet_forms=RL6dCFnTK4lVN8qq_RIx0O5s10zxPkAl8FGi4tW2OVY; COMPASS=spreadsheet_forms=CjIACWuJVxFRNvgab4_DduDSArS5Ksfdqn1ZMeEWopngrk8QNN03Gn6b9AlWzKtH4cd3tRDrtdm_BhpDAAlriVeGY0FP9OONgsYhKasJPl0fpm0XLoEnttYPEr7JNQisw_4Zow-W819IJSxUZcmxaU-6rTzXeqS0p1xCZao3sw==; NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
                                                                  2025-04-09 10:33:02 UTC237OUTData Raw: 66 61 6d 69 6c 69 65 73 3d 41 6d 61 74 69 63 25 32 30 53 43 25 32 43 43 61 76 65 61 74 25 32 43 43 6f 6d 66 6f 72 74 61 61 25 32 43 45 42 25 32 30 47 61 72 61 6d 6f 6e 64 25 32 43 4c 65 78 65 6e 64 25 32 43 4c 6f 62 73 74 65 72 25 32 43 4c 6f 72 61 25 32 43 4d 65 72 72 69 77 65 61 74 68 65 72 25 32 43 4d 6f 6e 74 73 65 72 72 61 74 25 32 43 4e 75 6e 69 74 6f 25 32 43 4f 73 77 61 6c 64 25 32 43 50 61 63 69 66 69 63 6f 25 32 43 50 6c 61 79 66 61 69 72 25 32 30 44 69 73 70 6c 61 79 25 32 43 52 6f 62 6f 74 6f 25 32 30 4d 6f 6e 6f 25 32 43 52 6f 62 6f 74 6f 25 32 30 53 65 72 69 66 25 32 43 53 70 65 63 74 72 61 6c 26 75 73 65 41 6c 6c 53 75 62 73 65 74 73 3d 74 72 75 65 26 66 6f 72 6d 61 74 3d 77 6f 66 66 32
                                                                  Data Ascii: families=Amatic%20SC%2CCaveat%2CComfortaa%2CEB%20Garamond%2CLexend%2CLobster%2CLora%2CMerriweather%2CMontserrat%2CNunito%2COswald%2CPacifico%2CPlayfair%20Display%2CRoboto%20Mono%2CRoboto%20Serif%2CSpectral&useAllSubsets=true&format=woff2
                                                                  2025-04-09 10:33:02 UTC944INHTTP/1.1 404 Not Found
                                                                  Content-Type: application/json; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Wed, 09 Apr 2025 10:33:02 GMT
                                                                  X-Content-Type-Options: nosniff
                                                                  x-chromium-appcache-fallback-override: disallow-fallback
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
                                                                  Origin-Trial: AsBCEoVg8pIwAkst2T88NNY429HzlH4fGwN+ALnF27Zl16u/ZR0Vylgws0om63IHSaH6pHPqY+k1GQ1sheqdhwgAAACGeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQ5NTEzNjAwLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Server: GSE
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2025-04-09 10:33:02 UTC71INData Raw: 34 31 0d 0a 29 5d 7d 27 0a 0a 5b 5b 22 65 72 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 34 30 34 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 35 5d 2c 5b 22 64 69 22 2c 31 30 5d 5d 0d 0a
                                                                  Data Ascii: 41)]}'[["er",null,null,null,null,404,null,null,null,5],["di",10]]
                                                                  2025-04-09 10:33:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.449753142.250.65.1744435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:33:02 UTC577OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                  Host: play.google.com
                                                                  Connection: keep-alive
                                                                  Accept: */*
                                                                  Access-Control-Request-Method: POST
                                                                  Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
                                                                  Origin: https://docs.google.com
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Site: same-site
                                                                  Sec-Fetch-Dest: empty
                                                                  Referer: https://docs.google.com/
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2025-04-09 10:33:03 UTC546INHTTP/1.1 200 OK
                                                                  Access-Control-Allow-Origin: https://docs.google.com
                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                  Access-Control-Max-Age: 86400
                                                                  Access-Control-Allow-Credentials: true
                                                                  Access-Control-Allow-Headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
                                                                  Content-Type: text/plain; charset=UTF-8
                                                                  Date: Wed, 09 Apr 2025 10:33:02 GMT
                                                                  Server: Playlog
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.449755142.250.65.1744435944C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-04-09 10:33:03 UTC1023OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                  Host: play.google.com
                                                                  Connection: keep-alive
                                                                  Content-Length: 1711
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Content-Encoding: gzip
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                  sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                  Content-Type: application/binary
                                                                  X-Goog-AuthUser: 0
                                                                  sec-ch-ua-mobile: ?0
                                                                  Accept: */*
                                                                  Origin: https://docs.google.com
                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                  Sec-Fetch-Site: same-site
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Referer: https://docs.google.com/
                                                                  Accept-Encoding: gzip, deflate, br, zstd
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Cookie: NID=523=qq5ATcMX3RFSS7mL2yBskQFV9NHcwWD4JOe-cyu8DRbOqr3MrO6hFD8On3QTxQV0I2UpSyEkfypOy94o_T2zZmXN1X9py1ugtt-rB11SnjM3pACbHHRe3PGoy4KEQkwD4T4q_qxX-u6fAXm70IGq-x5k9A8l-wVObADr-H_gRK_B_m6lJdzHNG8Gwo6SpQgrJ_6Vgv0
                                                                  2025-04-09 10:33:03 UTC1711OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a b5 d8 59 6f 15 47 16 00 e0 bf 62 f9 29 91 3a 70 f6 45 79 62 42 08 d9 18 91 44 83 66 ae af 22 88 ed c4 c4 80 85 43 60 f8 f5 a3 73 aa ca d8 a0 28 c9 c3 c8 92 cf 77 ab 4f 2d 5d bd 56 ef 76 b8 3d 7f 75 7e fe 97 ff ed fe 5e b6 6c b0 df ef 37 02 d6 6d b7 3b 44 17 c1 14 0f 4c ca c3 3f a9 7c b8 db 5d eb 0d b7 1b 95 01 e0 83 ce 76 ef 67 ec 67 d5 19 1d ed aa ad fd 7e db 1d 1d 7e f6 d5 5d 95 d3 fb a7 ff 7d f1 fa ee bd e3 93 2f 8e 5f 3f 3c fe 4a ef 3c ff d7 cf 47 87 37 fa 8b ea 6f 15 78 64 b8 19 6f 47 87 77 ee de 7b f0 c9 4f 97 e7 f7 fc 87 87 4f 8e 4f 1f be e5 df fe f1 ec e7 1f 1f c0 eb 7f fe e7 f4 c9 97 df 7c 72 ca af 5e 5d 3c e3 a7 7c fc e6 eb 2f df 9c 3f 05 f8 fc bb ef 1e 7d 7e ef e9 bf 5f 7d 7f 79 79 f1 cb db bb cf 9e 5f de 7f f8 e4
                                                                  Data Ascii: YoGb):pEybBDf"C`s(wO-]Vv=u~^l7m;DL?|]vgg~~]}/_?<J<G7oxdoGw{OOO|r^]<|/?}~_}yy_
                                                                  2025-04-09 10:33:03 UTC957INHTTP/1.1 200 OK
                                                                  Access-Control-Allow-Origin: https://docs.google.com
                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                  Access-Control-Allow-Credentials: true
                                                                  Access-Control-Allow-Headers: X-Playlog-Web
                                                                  Set-Cookie: NID=523=F_pWXRnlx650zeP4R4efVMrrzWtNdWx5QfcNGoyBqPTs7ZyLtk-IkQMVRQXR4niStzPwqPqBc2D0EgDXrlDDhEOLLT5bBSZo4qx5XMEN43LiiS60yf_rEYE3-dqeKfbWbZYasKtBA0UcreXjN-MFTnD5YRA39m32tBiBU343ZpEP-_rhydpMta_5vaaj0IkQRySHXxYUYRaO6MI; expires=Thu, 09-Oct-2025 10:32:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                  Content-Type: text/plain; charset=UTF-8
                                                                  Date: Wed, 09 Apr 2025 10:33:03 GMT
                                                                  Server: Playlog
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Accept-Ranges: none
                                                                  Vary: Accept-Encoding
                                                                  Expires: Wed, 09 Apr 2025 10:33:03 GMT
                                                                  Cache-Control: private
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  2025-04-09 10:33:03 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                  Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                  2025-04-09 10:33:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Statistics

                                                                  CPU Usage

                                                                  020406080s020406080100

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  020406080s0.0050100MB

                                                                  Click to jump to process

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:1
                                                                  Start time:06:32:47
                                                                  Start date:09/04/2025
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                  Imagebase:0x7ff786830000
                                                                  File size:3'388'000 bytes
                                                                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:false
                                                                  Show Windows behavior

                                                                  File Activities

                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  Show Windows behavior

                                                                  COM Activities

                                                                  Show Windows behavior

                                                                  Process Activities

                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  Show Windows behavior

                                                                  Memory Activities

                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  Show Windows behavior

                                                                  Process Token Activities


                                                                  General

                                                                  Target ID:2
                                                                  Start time:06:32:50
                                                                  Start date:09/04/2025
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7672389889802415310,10890540999702537262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
                                                                  Imagebase:0x7ff786830000
                                                                  File size:3'388'000 bytes
                                                                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:false
                                                                  Show Windows behavior

                                                                  File Activities

                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  Show Windows behavior

                                                                  Memory Activities

                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                  General

                                                                  Target ID:4
                                                                  Start time:06:32:57
                                                                  Start date:09/04/2025
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/forms/d/e/1FAIpQLSehU-GQCFTDukP2GLfO71VT4SUm9bWzqqY7GMqE9J3bVLFOUw/closedform"
                                                                  Imagebase:0x7ff786830000
                                                                  File size:3'388'000 bytes
                                                                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true
                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                  Show Windows behavior

                                                                  Memory Activities


                                                                  Disassembly

                                                                  No disassembly