Edit tour

Windows Analysis Report
Fact-2024-10.pdf

Overview

General Information

Sample name:	Fact-2024-10.pdf
Analysis ID:	1527856
MD5:	be0f0c241442901014ee5b364e911b7e
SHA1:	e41a6b08f9af0e18afc3acaa51fca1b83109f9ab
SHA256:	5c05d426782d494decfcb5ca6cda4765090a03d05a3ab2d70c66826c21740cff
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Connects to many IPs within the same subnet mask (likely port scanning)

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Suspicious form URL found

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fact-2024-10.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6328 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5624 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1732,i,380461973633087296,8658590429477565550,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://banderolaver.pro/microsoft-verify.php?user_email=cristina.marinello@smeg.es" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 8004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1572,i,13587436803085101893,8356992849763643841,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: POST /gen_204?s=webhp&t=cap&atyp=csi&ei=K5kDZ4GuK5mqxc8PnK3nmQ0&rt=wsrt.1575,cbs.92,cbt.436,hst.45&opi=89978449&dt=&ts=201376 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"Content-Type: text/plain;charset=UTF-8sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.google.comX-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlaHLAQic/swBCPqYzQEIhaDNAQjcvc0BCNrDzQEIucrNAQif0c0BCNzTzQEI0dbNAQj01s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=2IPV99F8I4K9bZ_VqhXjTcQUBqqeHEk_hgeNJ-_BobpZoYS82tkp9frtlyNNytujocldaiTf0gyORfTNKdDQ8LgNgNCDg17y7JuNpeSLw0dpLY2lDbIJh9j-ucQXosc_EOtkI64AjjoJU4Xn4oWCDfrMSKX1bOE-G7Gt78yiZi1EqpN_CjTFmLQus1D4e4aR8NE; AEC=AVYB7crB1F1G-zgAOZEEzXr5bq2_oqxspub171EE_8WdjjIXjJ82j73Fghc

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cacheX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockX-Cloud-Trace-Context: 395e59fcfcea6fee3dda35449cfaf195Date: Mon, 07 Oct 2024 08:19:11 GMTServer: Google FrontendContent-Length: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_1343.12.dr, chromecache_701.12.dr, chromecache_1011.12.dr, chromecache_1057.12.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_985.12.dr	String found in binary or memory: http://blog.igorescobar.com
Source: chromecache_1057.12.dr	String found in binary or memory: http://errors.angularjs.org/1.6.10/
Source: chromecache_897.12.dr	String found in binary or memory: http://greensock.com
Source: chromecache_897.12.dr	String found in binary or memory: http://greensock.com/standard-license
Source: chromecache_858.12.dr, chromecache_1301.12.dr	String found in binary or memory: http://hammerjs.github.io/
Source: chromecache_1296.12.dr	String found in binary or memory: http://scrollmagic.io
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_599.12.dr, chromecache_943.12.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_985.12.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ri9kuwotliet3wfbgspsga2
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.
Source: chromecache_596.12.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: chromecache_927.12.dr	String found in binary or memory: https://about.google
Source: chromecache_927.12.dr	String found in binary or memory: https://about.google/
Source: chromecache_927.12.dr	String found in binary or memory: https://about.google/products/
Source: chromecache_1333.12.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_755.12.dr	String found in binary or memory: https://ad.doubleclick.net
Source: chromecache_755.12.dr	String found in binary or memory: https://ade.googlesyndication.com
Source: chromecache_940.12.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_927.12.dr	String found in binary or memory: https://ai.google/
Source: chromecache_596.12.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_929.12.dr, chromecache_1066.12.dr, chromecache_1220.12.dr, chromecache_961.12.dr, chromecache_943.12.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_1119.12.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://apps.apple.com
Source: chromecache_927.12.dr	String found in binary or memory: https://blog.google/
Source: chromecache_927.12.dr	String found in binary or memory: https://blog.google/products/news/fact-checking-misinformation-google-features/
Source: chromecache_927.12.dr	String found in binary or memory: https://blog.google/products/search/generative-ai-google-search-may-2024/
Source: chromecache_927.12.dr	String found in binary or memory: https://blog.google/products/search/google-search-update-march-2024/
Source: chromecache_927.12.dr	String found in binary or memory: https://blog.google/products/search/overview-our-rater-guidelines-search/
Source: chromecache_1032.12.dr	String found in binary or memory: https://careers.google.com/hardware/?&src=Online/Direct/MadebyGoogle
Source: chromecache_755.12.dr, chromecache_867.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_799.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_995.12.dr, chromecache_940.12.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_1001.12.dr, chromecache_567.12.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_1333.12.dr	String found in binary or memory: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/account_agreement
Source: chromecache_1333.12.dr	String found in binary or memory: https://cdn.klarna.com/1.0/shared/content/legal/terms/EID/de_de/account
Source: chromecache_596.12.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_567.12.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_1066.12.dr, chromecache_961.12.dr, chromecache_599.12.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_927.12.dr	String found in binary or memory: https://economicimpact.google/
Source: chromecache_1001.12.dr, chromecache_567.12.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_927.12.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_927.12.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Material
Source: chromecache_927.12.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v61/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv39oS_a.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDvD9oS_a.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDvH9oS_a.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDvr9oS_a.woff2)
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etB77TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2)
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBP7TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBT7TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etB_7TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtB77TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBD7TA.woff2)
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBP7TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBT7TKx9.woff2
Source: chromecache_947.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtB_7TKx9.woff2
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9Gh09GixI.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9Ghk9GixI.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9Gik9GixI.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GjU9GixI.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_947.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_947.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_947.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_947.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_947.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTsDO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTtDO_.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTtzO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTujO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTuzO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OemxTsDO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OemxTtDO_.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OemxTtzO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OemxTujO_PZ0.woff2)
Source: chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OemxTuzO_PZ0.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_976.12.dr, chromecache_947.12.dr, chromecache_1137.12.dr, chromecache_1229.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2)
Source: chromecache_976.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialsymbolsoutlined/v210/kJF4BvYX7BgnkSrUwT8OhrdQw4oELdPIeeII9v6oDMz
Source: chromecache_976.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialsymbolsrounded/v209/syl7-zNym6YjUruM-QrEh7-nyTnjDwKNJ_190FjpZIvD
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr, chromecache_1137.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_976.12.dr, chromecache_1223.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_1032.12.dr	String found in binary or memory: https://forms.gle/eMyYzH1uhEdEtup9A
Source: chromecache_889.12.dr	String found in binary or memory: https://github.com/shoelace-style/shoelace/blob/next/LICENSE.md
Source: chromecache_889.12.dr	String found in binary or memory: https://github.com/shoelace-style/shoelace/blob/next/src/internal/slot.ts
Source: chromecache_985.12.dr	String found in binary or memory: https://github.com/umdjs/umd/blob/master/jqueryPluginCommonjs.js
Source: chromecache_596.12.dr	String found in binary or memory: https://google.com
Source: chromecache_755.12.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_927.12.dr	String found in binary or memory: https://googletagmanager.com
Source: chromecache_659.12.dr	String found in binary or memory: https://goto.corp.google.com/neo-bug;target;_blank;class;J3FJZc;title;Blow
Source: chromecache_553.12.dr, chromecache_843.12.dr	String found in binary or memory: https://gsap.com
Source: chromecache_553.12.dr, chromecache_843.12.dr	String found in binary or memory: https://gsap.com/standard-license
Source: chromecache_927.12.dr	String found in binary or memory: https://gstatic.com
Source: chromecache_1032.12.dr	String found in binary or memory: https://home.nest.com/en/US
Source: chromecache_1032.12.dr	String found in binary or memory: https://instagram.com/madebygoogle
Source: chromecache_599.12.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_1001.12.dr, chromecache_567.12.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_599.12.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://lh3.googleusercontent.com
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/-l2uCHxepneGNmf6MyjbK_YHkf7i3lgbrUWvNJL8CQInmOWrMChhC9vcKs27pJqtER
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/0fVDL02i6kLapIFkzsaMkokcsyNFdTDEaCm2Dy_BVkH_zQKnEmF7x0A0aLzXII5cvU
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/24zWLiJ8B55uJZvtvjfBAVvqqZZvU7Fm3tKrfy2ME_1OpdjoT3Xl5ocLOMd4hT8o3f
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/6Q907Y7fYBiaW6VAnv1r8BHZnFXjJm138u89gr8j8NSikSES5OrnMMP0bDiTWR7YyY
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/8wBvg3eOS-vqrtRCD4UUB_jzKVelD0YP1fVQ1QapYCMdD5ZAlxQUYspIiBi7k12ACE
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/AWAtSwGZaLr1UrvVSj5_72Uv2ckdZVWM9PIn9mm2qLdclYd2cYKLQXlvLIrVKHEzS5
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/ByIuDjG_OxNhZWu_Bix9cHR32kCnpGrjVaunDIzC9Q75eon4dC4Ei5h2pcD85FyPcj
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/DeWZgEYlH2q4TTbBRoog4uNnVRjqzWYmCj7_meS-_EZ_TSyWr22SIBeaCTsEAuu5U0
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/EBPAhXOL1V7V-htVUiggxWVB6mPR2IJrSak2HsjCMAM-FA5nQYnvp8epTuRSDwDQPv
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/HX2vTdXOdmn1-AwipdtTylH6l-1DaI2BOwHwV7cKGy9WXDe7_BTaXdSQ7Yyrr3khwv
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/KFlNAaVs85YpfRd4QhVbLq0xLBY-aRG2TLZxxMNyXyXDis2RfuycaeIqpASHRwANta
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/MfSkcsOaJkmnP-qxR6nZ3jiaIbyEqxGs7zCkorzmvi-Y9oVUkr0UThdrhaqhC2CT1h
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/OMmSijDU0neu_vZPqLWBrVJsQGT_D0ejrnpIgQMPkTZC-0s9dO6_kbV3sGb2q9BWmp
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/PM7UAwj1OzXpnVicShhwZFMiEopov5pKyUo9KaEwgz8D1JwKG8J6pHmcpwVye8Hv7G
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/Q7m2I_ODiRn76wp078wOZAtg_R5Wi6lhnMPqzklZmoFCrnmXBGwON03RHF0oGxCdum
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/S2sc8pdC5kjDG6bj9jP-nd_arufG2FyGuRt5D-5rurKoTapQoQS7s9fT5dX_rqGLNT
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/SV-lQ7dro_j893r7EmFDLDY8mbWpIE7MU7qfplzYXU3erqBd6C6fiG2La5XMfvKsjX
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/Uz8hURiPb6c6RI_ybfaTgycT9MdcROQJyWniVZeBJ68gmb0rPbMIVvn-f79_ger8Be
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/VT4SCA4b12NEXu4W5qmH5nMdrHvYyXiasJ8kqJWUd7rtLUdO78YTV5v0ulPoXyXn8X
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/VzZoNfTFy0Q5bMd9mVfo4M7dp1-OXWmUWsSAttnwnbw6agWisqAeJeJUCzxiZq1UhJ
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/bQMmtG0JpDbglGhGU7LaiPx316noDwOV6joBjbZfwuytEs1wPhDp-Ey1Z7wmrhQuD5
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/fNUA4JyoE0kOcu75PdKVirKEeqgTl7WhvQm_pEG50glEQQrTJ5SD13gGMO3hgSeX_T
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/fs2pYfDpV_ktdKUy3Tsfx44gSMoe50XLFzRMG0gxlF8aDmM1dKGDELLBDBibRd41nY
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/fvNhHugJAnsAS2DJW1V3kQ-0lsCTl2eDWV9NW2p4KXStsynp7EjqGSiACH9xSdCIvP
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/gI_Wu9CXaFAeN534A2tATDsZ3bEG8n3-WBS9wLKP04aO_ld5Fc9AtgS9HneoWjp3HQ
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/iRxTGREAOizQhtbCjDGShDHvBc39qEI004M8SClsSzIBgvBsbUMFNVMDfAfzoEzgvr
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/iuYMfEL7ekOLOkCxcalbhrdDgsmWPE7bT_rsqvKe8g-mCNUvjv8ACZPfOwkxr2-n1k
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/kYKjcB1SrNqvglhExsD83KBl4tBxuvDsw-m9GJFu77_W0-SxWpOc1a8hq0db3qyFQz
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/pIcy0CyeA_AQK4UlfeP_ik-wj7MJase5DOkxgI73pUBsbfIOBWthLbB1xsC-J5GR_q
Source: chromecache_983.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/qN7B3-XsAtLKXTj8nGi839OyQHwQJTVk2TjOTp8tbKPxIlTN2tUb8syb7PjZ2tX7_x
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/sU9b4DnKsmnoffra1naF53caNe0XiPrQEzC9K3ioFPZ85t7C479Uvn2Ly7wsm0dUwz
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/tlPsQ5KKbWOC_t091G4j8qmYcAh_C4mRiUw4bMjx9yj0Ttfw6_1s10u3Rq0MQQOS8T
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/u6Yn2QEOiy2p-mBo1fciHbNRxyk21baK_gbR7mXcVv4Px-wrktmdMwPbqNyChAonkr
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/uEalHdGqJHrnhoH1O5rYmk5kO2c-xB5HxCobW5KSipKv22HsrmhZNjVvQmBdWcV06W
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/uJrIoy0GJ8gU_MZo9wDRvrJM9LWV1noGXNytkoQtZE8sgTKXS5MM5NPMckKZyrk4sG
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/uzQ6-2Ma8AG_Ldb0Ur-jD9n_zLQkHQlYD9bo2Wuizivk_feBYc2sJfqTKxr63bySVt
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/vjhuALGISZMQkUavk1But1VHJBDTBUeLUbExtzI8nuIk9UNhEG0rRlOOOr1VxH-UrO
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/vlL7CAnhikPYRIIxc-qbyXpsyDvgthIpWLiQ-ezyCN-cIFs9jVIUftvnEczhT_vF-l
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/x56lg5bBK6Pa84w02ZiizXr1ED2Szz_t02tKlR4MD8d_3tNoq0e558CpmNTRa-fe6X
Source: chromecache_927.12.dr	String found in binary or memory: https://lh3.googleusercontent.com/zVX_dAFZOrsdAax2aYItNILgBV4SU93ES5ih12EORRQ4TqiRa7eSbTllW__cwtNCyp
Source: chromecache_927.12.dr	String found in binary or memory: https://myaccount.google.com/yourdata/search?pli=1
Source: chromecache_1032.12.dr	String found in binary or memory: https://nest.com/$s/%2/widget/pro-finder/
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://one.google.com
Source: chromecache_1333.12.dr	String found in binary or memory: https://one.google.com/benefits?campaignId=ef1a05ab849404b022a40a24f8d7bdfd&utm_source=gstore&utm_me
Source: chromecache_927.12.dr	String found in binary or memory: https://one.google.com/terms-of-service?hl=en
Source: chromecache_940.12.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_755.12.dr, chromecache_867.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_799.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_995.12.dr, chromecache_940.12.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_1333.12.dr	String found in binary or memory: https://payments.google.com/payments/html/complaintsHandlingProcess.html
Source: chromecache_992.12.dr, chromecache_1354.12.dr, chromecache_689.12.dr, chromecache_563.12.dr	String found in binary or memory: https://play.google.com
Source: chromecache_943.12.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_961.12.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_1032.12.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_927.12.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: chromecache_927.12.dr	String found in binary or memory: https://publicpolicy.google/
Source: chromecache_1001.12.dr, chromecache_567.12.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://safety.google
Source: chromecache_1032.12.dr	String found in binary or memory: https://safety.google/intl/%3/nest/
Source: chromecache_927.12.dr	String found in binary or memory: https://safety.google/intl/en/
Source: chromecache_861.12.dr	String found in binary or memory: https://services.google.com/fb/submissions
Source: chromecache_861.12.dr	String found in binary or memory: https://services.google.com/fb/submissions/googleforsmallbusiness-simpleemailcapture
Source: chromecache_801.12.dr	String found in binary or memory: https://smallbusiness.withgoogle.com/
Source: chromecache_801.12.dr	String found in binary or memory: https://smallbusiness.withgoogle.com/?subid=us-en-et-g-awa-a-g_hpbfoot1_1
Source: chromecache_1279.12.dr, chromecache_736.12.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/
Source: chromecache_1142.12.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/1727769678237/operatordeferred_bin_base.js
Source: chromecache_867.12.dr, chromecache_807.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_940.12.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_1207.12.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_1333.12.dr	String found in binary or memory: https://storage.googleapis.com/
Source: chromecache_1333.12.dr	String found in binary or memory: https://storage.googleapis.com/%path
Source: chromecache_927.12.dr	String found in binary or memory: https://storage.googleapis.com/googwebreview.appspot.com/grow-ext-file-upload/1704855130612873/favic
Source: chromecache_927.12.dr	String found in binary or memory: https://storage.googleapis.com/gweb-mobius-cdn/hsw/uploads/607d4e0d335c6955f1ce12555c8cada41491dd24.
Source: chromecache_992.12.dr, chromecache_689.12.dr	String found in binary or memory: https://storage.googleapis.com/mannequin/2018/modal/exit-white.svg
Source: chromecache_1333.12.dr	String found in binary or memory: https://storage.googleapis.com/mannequin/blobs/5281ac26-3596-409c-840d-a27e2151144f.svg)
Source: chromecache_1333.12.dr	String found in binary or memory: https://storage.googleapis.com/mannequin/blobs/588c0eb3-02fe-42b4-9d78-7a87bf32ed2f.svg)
Source: chromecache_1032.12.dr	String found in binary or memory: https://store.google.com/intl/%1_$s/about/device-terms.html
Source: chromecache_1032.12.dr	String found in binary or memory: https://store.google.com/intl/%2/ideas/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/best-pixel-camera/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/gemini-advanced-features/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/gemini-ai-assistant/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/pixel-iphone-rcs/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/pixel-phone-comparison/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/pixel-safety-features/
Source: chromecache_983.12.dr	String found in binary or memory: https://store.google.com/intl/en/ideas/articles/pixel-screenshots/
Source: chromecache_1032.12.dr	String found in binary or memory: https://store.google.com/intl/en_au/ideas/
Source: chromecache_1032.12.dr	String found in binary or memory: https://store.google.com/intl/en_au/ideas/pixel-for-students/
Source: chromecache_1032.12.dr	String found in binary or memory: https://store.google.com/intl/en_uk/ideas/
Source: chromecache_992.12.dr, chromecache_1354.12.dr, chromecache_689.12.dr, chromecache_563.12.dr	String found in binary or memory: https://support.google.com
Source: chromecache_1279.12.dr, chromecache_1001.12.dr, chromecache_736.12.dr, chromecache_567.12.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/accessibility/android/?hl=ja
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/accessibility/answer/7641084?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/legal/answer/14261249
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/pixelphone
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/pixelphone/gethelp
Source: chromecache_1333.12.dr	String found in binary or memory: https://support.google.com/store
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/
Source: chromecache_1333.12.dr	String found in binary or memory: https://support.google.com/store/?p=free_shipping&hl=
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/11291219?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/11499359
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/12436460?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/12436460?hl=%3#free_standard_shipping
Source: chromecache_1333.12.dr	String found in binary or memory: https://support.google.com/store/answer/12436460?hl=en-GB
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/2462844?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/2664771?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/3036017?hl=%2&ref_topic=3244667
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/6160267?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/answer/6380753?hl=%3
Source: chromecache_1032.12.dr	String found in binary or memory: https://support.google.com/store/gethelp
Source: chromecache_1000.12.dr, chromecache_971.12.dr	String found in binary or memory: https://support.google.com/store;target;_blank;rel;noopener
Source: chromecache_1333.12.dr	String found in binary or memory: https://support.google.com/store?p=store_nav&hl=
Source: chromecache_599.12.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_927.12.dr	String found in binary or memory: https://support.google.com/websearch?hl=en
Source: chromecache_927.12.dr	String found in binary or memory: https://sustainability.google/
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_755.12.dr, chromecache_867.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_799.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_995.12.dr, chromecache_940.12.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_927.12.dr	String found in binary or memory: https://transparency.google/intl/en/
Source: chromecache_1032.12.dr	String found in binary or memory: https://twitter.com/madebygoogle
Source: chromecache_1119.12.dr, chromecache_599.12.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_1066.12.dr, chromecache_961.12.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.financial-ombudsman.org.uk/
Source: chromecache_1000.12.dr, chromecache_971.12.dr	String found in binary or memory: https://www.ftc.go.kr/selectBizOvrCommPop.do?apvPermMgtNo=2022%EA%B3%B5%EC%A0%950001;target;_blank;r
Source: chromecache_1328.12.dr, chromecache_799.12.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_1032.12.dr	String found in binary or memory: https://www.google.%1/contact/impressum.html
Source: chromecache_940.12.dr, chromecache_563.12.dr, chromecache_943.12.dr	String found in binary or memory: https://www.google.com
Source: chromecache_596.12.dr	String found in binary or memory: https://www.google.com/
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_1032.12.dr	String found in binary or memory: https://www.google.com/intl/%1_$s/policies/terms/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/ar/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/bg/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/cs/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/da/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/de/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/el/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/en-AU/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/en-GB/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/en-IN/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/en/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/es-419/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/es/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/fi/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/fr-CA/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/fr/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/hi/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/hr/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/hu/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/id/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/it/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/iw/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/ja/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/ko/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/lt/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/nl/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/no/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/pl/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/pt-BR/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/pt/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/ro/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/ru/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/sk/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/sl/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/sv/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/th/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/tr/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/uk/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/vi/search/howsearchworks/
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/intl/zh-TW/search/howsearchworks/
Source: chromecache_599.12.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_1104.12.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/667229379/?random
Source: chromecache_927.12.dr	String found in binary or memory: https://www.google.com/search/howsearchworks/
Source: chromecache_1279.12.dr, chromecache_1001.12.dr, chromecache_736.12.dr, chromecache_567.12.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_755.12.dr, chromecache_867.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_799.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_995.12.dr, chromecache_940.12.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_961.12.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_961.12.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_940.12.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_755.12.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_755.12.dr	String found in binary or memory: https://www.googletagmanager.com/dclk/ns/v1.js
Source: chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_927.12.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=$
Source: chromecache_927.12.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WXBX8JC
Source: chromecache_755.12.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_1332.12.dr, chromecache_1196.12.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_1354.12.dr, chromecache_563.12.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_927.12.dr	String found in binary or memory: https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css
Source: chromecache_927.12.dr	String found in binary or memory: https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js
Source: chromecache_927.12.dr	String found in binary or memory: https://www.gstatic.com/gumdrop/files/hsw-overview-v6.pdf
Source: chromecache_927.12.dr	String found in binary or memory: https://www.gstatic.com/gumdrop/files/hsw-personalization-v5.pdf
Source: chromecache_927.12.dr	String found in binary or memory: https://www.gstatic.com/gumdrop/files/hsw-privacy-controls-v5.pdf
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_943.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_929.12.dr, chromecache_1220.12.dr, chromecache_943.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.gstatic.com/store/base/icon_
Source: chromecache_992.12.dr, chromecache_689.12.dr, chromecache_1333.12.dr	String found in binary or memory: https://www.gstatic.com/store/fonts/eejietype/EejietypeSans-Bold.woff2)
Source: chromecache_567.12.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.klarna.com/es/legal/
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.klarna.com/ie/terms-and-conditions
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.klarna.com/it/
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.klarna.com/uk/terms-and-conditions/
Source: chromecache_867.12.dr, chromecache_807.12.dr, chromecache_759.12.dr, chromecache_731.12.dr, chromecache_940.12.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_1032.12.dr	String found in binary or memory: https://www.tiktok.com/
Source: chromecache_1333.12.dr	String found in binary or memory: https://www.youtube.com/
Source: chromecache_755.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_995.12.dr, chromecache_940.12.dr, chromecache_861.12.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 50612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 50783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50705
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50708
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50718
Source: unknown	Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 50546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 59273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 50685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50779
Source: unknown	Network traffic detected: HTTP traffic on port 50911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50778
Source: unknown	Network traffic detected: HTTP traffic on port 50571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown	Network traffic detected: HTTP traffic on port 50943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50789
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50780
Source: unknown	Network traffic detected: HTTP traffic on port 50702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 50456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50574 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 50952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 50639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50275
Source: unknown	Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50283
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50282
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284
Source: unknown	Network traffic detected: HTTP traffic on port 50689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50294
Source: unknown	Network traffic detected: HTTP traffic on port 50799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50862
Source: unknown	Network traffic detected: HTTP traffic on port 50543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50877
Source: unknown	Network traffic detected: HTTP traffic on port 50657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50874
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 50601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50409
Source: unknown	Network traffic detected: HTTP traffic on port 50725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50884
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50453 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.12:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.12:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.44:443 -> 192.168.2.12:50174 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.troj.winPDF@57/1337@106/37

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 04-17-11-067.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fact-2024-10.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1732,i,380461973633087296,8658590429477565550,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://banderolaver.pro/microsoft-verify.php?user_email=cristina.marinello@smeg.es"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1572,i,13587436803085101893,8356992849763643841,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1732,i,380461973633087296,8658590429477565550,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1572,i,13587436803085101893,8356992849763643841,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.11.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: _.ndb=function(a,b,c,d){_.eoa()&&_.foa.get(a)&&(a=_.Te.get(a),!c&&b&&(c=_.Ue(b)),_.Je(b\|\|document.body,a,{element:b,dataset:c,event:d,jL:void 0,nxb:!0}))};_.odb=function(a,b,c){_.Xga(a,c);return _.tb(a,2,_.Wea(b),_.La())};_.pdb=function(a){return a.previousElementSibling!==void 0?a.previousElementSibling:_.wAa(a.previousSibling,!1)};qdb=function(a,b,c,d,e,f,g){_.cm.call(this,a);this.clientX=c;this.clientY=d;this.left=f!==void 0?f:b.deltaX;this.top=g!==void 0?g:b.deltaY;this.ka=b};_.hh(qdb,_.cm); source: chromecache_599.12.dr
Source:	Binary string: _.pDb=_.J("zbW2Cf");_.qDb=_.J("OZ3M7e"); source: chromecache_567.12.dr
Source:	Binary string: [];f=JNb(f,c);!f&&b&&(b=e?a.slice(0,d):a,f=JNb(b,c));return f},LNb=function(a,b){for(var c=a.length-1;c>=0;c--){var d=a[c];if(_.XLb(d,b))return d}},MNb=function(a,b){var c=b===void 0?{}:b;b=c.threshold===void 0?0:c.threshold;c=c.wrap===void 0?!0:c.wrap;var d=INb(a);a=d.pDb;d=d.k9b;var e=d>=0&&d<a.length,f=e?a.slice(0,d+1):[];f=LNb(f,b);!f&&c&&(c=e?a.slice(d+1):a,f=LNb(c,b));return f},NNb=function(a){(0,_.un)(function(){throw a;},0)},ONb=function(a,b){var c;return(c=a.reverse().find(function(d){return d.Ua=== source: chromecache_599.12.dr
Source:	Binary string: a.Yf.Su("bs",r.body.length);e.push(r.body);break;case 4:t=document.createElement("script");_.Ok.vY(t,_.Cyb(r.body));x=document.createElement("div");x.appendChild(t);e.push(x.innerHTML);break;case 5:z=_.QDb(r.body,_.cHb,function(){return _.fd(Error("th`"+r.body.substr(0,100)),{Of:{l:""+r.body.length,t:a.Zz}})});f=_.mf(z,_.PDb,1,_.nf());g=_.Ch(z,_.Hyb,3)?_.u(z,_.Hyb,3):void 0;break;case 8:B=JSON.parse(r.body);h=Object.assign(h\|\|{},B);break;case 9:break;case 6:case 3:throw Error("uh");case 11:return V.Db(2); source: chromecache_567.12.dr
Source:	Binary string: var INb=function(a){if(!document.body.contains(a))throw Error("Yf");var b=Array.from(document.body.querySelectorAll("[tabindex], a, input, textarea, select, button"));a=_.$aa(b,a,_.zAa);if(a>=0)return{pDb:b,k9b:a-1,j9b:a+1};a=-a-1;return{pDb:b,k9b:a-1,j9b:a}},JNb=function(a,b){for(var c=0;c<a.length;c++){var d=a[c];if(_.XLb(d,b))return d}},KNb=function(a){var b={};var c=b.threshold===void 0?0:b.threshold;b=b.wrap===void 0?!0:b.wrap;var d=INb(a);a=d.pDb;d=d.j9b;var e=d>=0&&d<a.length,f=e?a.slice(d): source: chromecache_599.12.dr
Source:	Binary string: _.PDb=function(a){this.Da=_.n(a)};_.C(_.PDb,_.q);_.PDb.prototype.getId=function(){return _.E(this,1)};_.PDb.prototype.ka=function(){return _.E(this,2)}; source: chromecache_567.12.dr
Source:	Binary string: _.pHb(g,f.target.element)}).then(void 0,function(g){_.Qgc(f.target,"error");throw g;})},Rgc=function(a,b,c,d,e,f,g){return Pgc(a,b,c,d,e,g).fetch().then(function(h){f?f(b):b.log();return h})},Sgc=function(a,b){var c=new Map;b&&(c=zgc(b));c.set("google_abuse",a);return b=Object.fromEntries(c)},Tgc=function(a){_.fd(a,{Of:a.details})},Ugc=function(){_.loa("async",{u:function(a){a=a.qb.el();Ogc(a).then(void 0,Tgc)}});Ggc()},Vgc=_.Sb(_.Hyb),Wgc=_.Sb(_.PDb),Xgc=function(a,b){this.ka=b;this.cache=_.ke(_.ba.ka? source: chromecache_567.12.dr
Source:	Binary string: _.IDb=function(a,b,c,d,e,f,g){var h,l,m,p;return _.Kg(function(q){switch(q.oa){case 1:h=a.startUpdate();l=new _.jo("async","csi",void 0,{MYc:!1});m=new _.NDb(l,e.y7a,a);_.ODb(a,l,e.context,e.PPa);_.PDb(a,"yl");_.Cg(q,2);if(g){q.Fb(4);break}return q.yield(_.LDb(a,b,c,d,e,!1,l),5);case 5:g=q.Aa;case 4:return _.QDb(g),q.yield(RDb(e.onReady),6);case 6:return q.Aa?(a.setState("yp"),q.return(!1)):q.yield(_.ADb(h,g,a,{Hi:l,MAa:e.qIa,rX:m,kva:e.UK,Toa:e.Toa,ska:e.ska,source:f,triggerElement:e.trigger}),7); source: chromecache_1001.12.dr
Source:	Binary string: var sDb;sDb=function(a){_.rDb=_.td();_.Ne(document,_.pDb,a);return new _.xf(function(b){window.addEventListener("message",function e(d){d.data.type==="dosCookie"&&(window.removeEventListener("message",e),_.Ne(document,_.qDb),b(decodeURIComponent(d.data.exemptionCookie)))})})};_.rDb=null;_.tDb=sDb;_.uDb=!1; source: chromecache_567.12.dr
Source:	Binary string: case 7:if(!_.SDb(a,h))return q.return(!1);a.setState("yf");_.TDb(m,a.element);return q.return(!0);case 2:p=_.Gg(q);_.UDb(l,e.y7a);if(!_.SDb(a,h))return q.return(!1);_.PDb(a,"ye");throw p;}})};_.ODb=function(a,b,c,d){b.start();b.Gc("astyp",a.kH);(c==null?void 0:c.get("arc_id"))==="stev"&&(b.Gc("trt","st"),b.Gc("ssr","0"),d&&b.Gc("bb","1"));a=b.oa.startDate;var e,f,g,h;c=(e=google)==null?void 0:(f=e.timers)==null?void 0:(g=f.async)==null?void 0:(h=g.t)==null?void 0:h.atit;a&&c&&b.dB("tcdt",a-c)}; source: chromecache_1001.12.dr
Source:	Binary string: _.JDb.prototype.reset=function(){this.element.textContent="";this.element.removeAttribute("eid");this.setState("yp");delete this.element.__yup;_.hg()};_.JDb.prototype.setState=function(a){_.sl.removeAll(this.element,gEb);_.sl.removeAll(this.element,hEb);_.sl.add(this.element,a);_.Kt(this.element,iEb[a])};_.PDb=function(a,b){_.sl.removeAll(a.element,hEb);_.sl.add(a.element,b);_.Kt(a.element,iEb[b])};gEb=["yp","yf","yi"];hEb=["yl","ye"];jEb={}; source: chromecache_1001.12.dr
Source:	Binary string: _.pDb=function(a,b){oDb++;oDb===1&&_.Fqa("dos",function(){return""+oDb});_.Xd().Gc("dos","ssrc."+oDb+",target."+b).log()};_.qDb=function(a,b){_.Xd().Gc("dos","solved,target."+b).log()};_.rDb=function(a){var b,c,d;return(b=a?(c=window.google)==null?void 0:(d=c.ia)==null?void 0:d.r[a]:void 0)&&b.m===0?b:void 0}; source: chromecache_1001.12.dr
Source:	Binary string: cEb=function(a){var b,c,d;_.Kg(function(e){if(e.oa==1){if(a.oa!==a.Aa)return e.return();a.Hi.Gc("ima",String(a.Da));a.Hi.Gc("imn",String(a.oa));b=_.n(Object.keys(_.KCb));for(c=b.next();!c.done;c=b.next())d=c.value,a.Hi.Gc(d,_.KCb[d]());_.ko(a.Hi,"art");return a.y7a?e.yield(a.y7a(a.Hi),2):e.Fb(2)}a.Hi.log();_.Bg(e)})};var vDb=_.pDb,yDb=_.qDb;var fEb,gEb,hEb,jEb,iEb;fEb=0;_.JDb=function(a){this.element=a;this.Hra=_.ezb(a);this.oa=_.fzb(a);this.kH=_.gzb(this.Hra,this.oa,a);this.XIa=_.Xc(a,"asyncRclass")\|\|"";this.method=(this.P1=_.Xc(a,"asyncToken"))\|\|_.Xc(a,"asyncMethod")==="stateful"?"POST":"GET"};_.JDb.prototype.startUpdate=function(){fEb++;return this.element.__yup=fEb};_.SDb=function(a,b){return b===a.element.__yup}; source: chromecache_1001.12.dr
Source:	Binary string: _.LDb=function(a,b,c,d,e,f,g){var h=_.LCb.delegate().pyb.build(b,c,d,_.Rzb(a.element,e.trigger),e,a.element.id,f);g&&(h.Hi=g);var l=_.LCb.delegate().Us;return l.fetch(h).catch(function(m){return _.Kg(function(p){return p.return(xDb(m,a.element.id,l,h))})})};VDb=function(a){return function(b){var c=_.nDb(b);c&&_.pDb(c,a);throw b;}};_.QDb=function(a){a.header&&(a=_.H(a.header,2))&&a!==String(_.SCb)&&_.TCb.set(a,(_.TCb.get(a)\|\|0)+1)}; source: chromecache_1001.12.dr
Source:	Binary string: _.Odb=function(a,b){return Ndb(a.QN,b).then(function(c){if(c.size()>0)return c.Yc(0);throw _.MKa(a,b);})};_.nr=function(a,b,c){b=_.qg(b);return new _.lg(_.rf(a.QN,b,c))};_.or=function(a,b,c){b=_.qg(b);b=_.nr(a,b,c);if(b.size()>=1)return b.Yc(0);throw _.MKa(a,c);};_.Pdb=function(a,b){return _.Rn(a,'[jsname="'+b+'"]')};_.Qdb=function(a){a.oa=null;if(a.oL){if(a.oa){var b=a.oa;b.Oc=a.oL;b.render()}else _.yc(a.oL,_.Nk);_.Wl.Rb(a.oL,!!a.oa)}};_.Rdb=function(a,b){a.fRa=b;a.AP&&_.Wl.Rb(a.AP,a.fRa)}; source: chromecache_599.12.dr
Source:	Binary string: bHb=function(a,b){$Gb(_.Cyb(aHb(a,null,"script")),b)};dHb=function(a,b){var c=_.QDb(a,_.cHb,function(){_.fd(Error("If`"+a.substring(0,100)),{Of:{l:a.length.toString(),t:b}})});_.ba.W_jd\|\|(_.ba.W_jd={});for(var d=_.Ra(_.mf(c,_.PDb,1,_.nf())),e=d.next();!e.done;e=d.next())e=e.value,_.ba.W_jd[e.getId()]=JSON.parse(e.ka());_.Ch(c,_.Hyb,3)&&_.Lyb(_.u(c,_.Hyb,3))}; source: chromecache_567.12.dr

Source: Fact-2024-10.pdf	Initial sample: PDF keyword /JS count = 0
Source: Fact-2024-10.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Fact-2024-10.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Fact-2024-10.pdf	0%	Virustotal		Browse

Source	Detection	Scanner	Label
https://banderolaver.pro/microsoft-verify.php?user_email=cristina.marinello@smeg.es	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://support.google.com	0%	URL Reputation	safe
https://support.google.com	0%	URL Reputation	safe
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
https://sustainability.google/static/index.min.js?cache=47ade0f	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://sustainability.google/static/index.min.css?cache=732a3af	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://lens.google.com/gen204	0%	URL Reputation	safe
https://apis.google.com	0%	URL Reputation	safe
https://domains.google.com/suggest/flow	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dart.l.doubleclick.net	172.217.23.102	true	false	unknown
mail.google.com	142.250.185.69	true	false	unknown
googletagmanager.com	142.250.186.104	true	false	unknown
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true	false	unknown
appspot.l.google.com	142.250.185.177	true	false	unknown
adservice.google.com	142.250.184.194	true	false	unknown
about.google	216.239.32.29	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
ghs-svc-https-sni.ghs-ssl.googlehosted.com	142.250.185.147	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
banderolaver.pro	104.21.84.155	true	false	unknown
google.com	142.250.185.206	true	false	unknown
csp.withgoogle.com	142.250.186.113	true	false	unknown
plus.l.google.com	172.217.16.142	true	false	unknown
ad.doubleclick.net	142.250.186.70	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
smallbusiness.withgoogle.com	142.250.186.113	true	false	unknown
store.google.com	142.250.185.110	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www3.l.google.com	142.250.185.78	true	false	unknown
play.google.com	142.250.185.142	true	false	unknown
googleads.g.doubleclick.net	172.217.18.2	true	false	unknown
sustainability.google	216.239.36.21	true	false	unknown
td.doubleclick.net	142.250.186.98	true	false	unknown
blog.google	216.239.36.21	true	false	unknown
googlehosted.l.googleusercontent.com	172.217.16.129	true	false	unknown
www.blog.google	unknown	unknown	false	unknown
ogs.google.com	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	unknown
lh3.googleusercontent.com	unknown	unknown	false	unknown
2542116.fls.doubleclick.net	unknown	unknown	false	unknown
x1.i.lencr.org	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
survey.g.doubleclick.net	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://lh3.googleusercontent.com/2noIz2X2ov5fXwxhW8AbSDnLpp8tT3mI3-iV_OQ2UOwX_EhIBBgip7FPRs10DYmPKinVM98Qkjr1uN3BhQ3StGXCp1-O_wPwoLZeDQ=rw-e365-w2880	false		unknown
https://lh3.googleusercontent.com/dMQ1Q4xlLrl3-KsZvX_9v56emij4OkRxzapLM7RSuZVd7PgqfjPxKR4KY8hVHYXqP2ZkS-_ZueXb9ywW66H2oCyTglApr1ELCy3woOAviTgFP6uyAd0=h120	false		unknown
https://lh3.googleusercontent.com/RIuSgyC1CZvycdCvOhK6kyGWtKZwR6gN88CimyIAdew4WMYXisZeD2x5A3fOi3GETtFbnKgxw7hb_2_ERw1-ygGSCExAsemrYx79J0hRsa4SZzzxz3A?=w1440	false		unknown
https://lh3.googleusercontent.com/NksFVpnLFiAE4YKEh9n84ebvfznogwh0AyAUDpmpLqpBP7h791LS9RcIzWpE8XfsiR0NJiHomxV8FyVO2ccMF2VzB_L3omeUWuHu9d3LGJ4Ww6JKviev	false		unknown
https://lh3.googleusercontent.com/4-toCoht-pqFO58Z4u-TFBsGfwuNOORZURXtLloPAEw_87kPa7TKHqFmm3Z7mMO_hi5QWrjpBGqtY9zgr06lOsx3KVezooiNyD8bzJwIHK2UC1bE-RE=h120	false		unknown
https://www.google.com/search/howsearchworks/assets/hIvGK13F.min.js	false		unknown
https://lh3.googleusercontent.com/G723MydBoHRVwUpO7w9sZe6TfYCUenXv_B1mP4YhY4JYdKbpzRhdbobPFlJ60If-jIEYt6wxrdS99O1FZ19NaZMinIzE_-yKKpvV96ftdmcGW3WsWfc=-h255-e365-rwu	false		unknown
https://www.google.com/search/howsearchworks/assets/bAPu5B1A.min.js	false		unknown
https://www.google.com/search/howsearchworks/assets/J8wBfiw3.min.js	false		unknown
https://lh3.googleusercontent.com/WBLZJkX28kCd05v5OHikm8DtDP-uR6bu0P09l69suQGEz5An2DNEj5veTRUQDZJiDVGOJmTNn-NCJMLaU1EUahENSfSTx4P9sxk=rw-e365-w3000	false		unknown
https://sustainability.google/static/index.min.js?cache=47ade0f	false	URL Reputation: safe	unknown
https://www.google.com/xjs/_/ss/k=xjs.hd.Yezew14qcA8.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAQAGwkwAAACMAgA0ACAAAAAAAAQDAAAAAAAAAIAEAAAAEACoAAAAAAIAAABBBAACgCAAAAACAECAAAAEUQAhQgAQEiiAehQAAAMAAAAAhAAwwDEBQAcAoQAAAAACAAAACIAQAAACqAAQIANAjEAAGgJwAAAiBHgACAAAAQAAAASAAAGYCMEAGIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAUAAAAAAAAAAAAAAAAAAAAAAC/d=0/br=1/rs=ACT90oFmoh_FVZzcHrBlQ3yAMWh-gYP18g/m=syjy,syo2?xjs=s4	false		unknown
https://lh3.googleusercontent.com/kQDv-46ToDkqXJ2DIlr7hKXKalQvL0NJy4oGIhNlUkxX95btXayCKNoZuaY_KT-6U8-Iz35FlDZXRd1U3bNFo99a3k0-vwIIbtEIStTKYwD_UxNkjA	false		unknown
https://lh3.googleusercontent.com/GhfIwA6ZINFkFgE77BVZ596ZtFXFc72Z6OfHGeHh4VO8ZSNBZkXXcRdgWvhzJKDzmy22DROUcJKCaZbeDHpT7raQ-ZKBmj1MM1JqGQ=rw-e365-w2880	false		unknown
https://lh3.googleusercontent.com/fvNhHugJAnsAS2DJW1V3kQ-0lsCTl2eDWV9NW2p4KXStsynp7EjqGSiACH9xSdCIvPvw0z9l_L7kOtfVZH07iQuasGIGWyFqhpdY=s0-rw-e365	false		unknown
https://store.google.com/_/Gstore/browserinfo?f.sid=-1689536960398387825&bl=boq_gstore-neo_20241003.05_p1&hl=en-US&authuser&_reqid=215589&rt=j	false		unknown
https://lh3.googleusercontent.com/RwVe2Cm1EjeDmYhdTzr179G0ovq_PCxgPzQ92PO-YxTBEFTHWh0L6Ev8FFDWRgRGrE81vwn95tyg9Ey189OO4kllhhpLAMIsGFZ-UKA=h120	false		unknown
https://about.google/assets-products/img/glue-icons.svg	false		unknown
https://lh3.googleusercontent.com/66PxAD8XJR8BGD_OjZnKQKZu0xEVnHfPmso4XbKjMOqQORhSyZaEqsGVW0qwMbX5eJ58pY5CwbsY02RLksHDsec-h4M-UcShUtZO0HLJ9FB1Qt0RhA=-h48-e365-rwu	false		unknown
https://sustainability.google/static/index.min.css?cache=732a3af	false	URL Reputation: safe	unknown
https://www.google.com/favicon.ico	false		unknown
https://lh3.googleusercontent.com/XfxlbB7Imi28_w277XeVC0u8Yngn8e1bQxhd6YK2snOdqt_uiwripgSEl5VNxgS2cJP2kf0dHv6LfSq8AG6YeJf9cpu1BE1kP36R=h120	false		unknown
https://lh3.googleusercontent.com/moWtYpo1G3n-1QfF5rNSy7n2IIQs785-H9DStefngR0kWMsmnPkzMu-SKH3eUxHVddekMttIA5olrn_wo3p50z04NyRZYPHYBc2cxvE=h120	false		unknown
https://www.google.com/xjs/_/js/k=xjs.s.en_US.uzv50Xj9NxM.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAABAgQCAAAAAAACgAAAAAAAAAAAAAAAAAAAAAQCACAkBAAAAQAAAAWAAAAQEAAACAAAAQEAAAQIAIAACAAAAAAAAAAAACIAGACAAAAAAAuAAAIFAEAAAACAAAwAAAAEAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAEEIB-AAAAAAAAAAAAAAIAAAAAwAAAAAAAAAAAAEAAAAAQBAAADJABCAAAAAAAAOA-AAgeABhSWAAAAAAAAAAAAAAAAAAgQTAWJKAgAAAAAAAAAAAAAAAAAAAAgJSgiQME/d=0/dg=0/br=1/rs=ACT90oG05-vGRs33Gyc4kyp2lOqUCl5nyw/m=sy1j9,P10Owf,sy1dd,sy1da,sytb,gSZvdb,sy1et,sy1e2,WlNQGd,sytg,sytd,sytc,syta,DPreE,sy3qp,sy3qo,nabPbb,sy1e1,sy1dz,syj6,sy1cp,CnSW2d,kQvlef,sy5mf,fXO0xe?xjs=s4	false		unknown
https://lh3.googleusercontent.com/Kkh1J0HrlRSnxSQrtnP4DFSMb4SI7Rz0yAT0G6ku1QOARBJJ4To-rDzu0tfCOMWvNCtYvCYaM92ISqiDPr-8KtwNqYO3xuJERwASsfn2=rw-e365-w2880	false		unknown
https://lh3.googleusercontent.com/xeVlvzZX32eg9zc9V7MLUWaEeOnwoa5OQfrgI10U4ub8QA6iwdq1TgcOpLTBiKQTosiNxtMBtpOvh_z7fq7eoISf53UZqZMd0dZR0gSLAAMFkK9vVfQ?=w1440	false		unknown
https://lh3.googleusercontent.com/Amr8tRBfd1Uk8zYm779hnSCwMzArp3LGD1LUhcgPdCOIk0UJczmdKLa42Apx-wzQdrUnsATBiFsyHT5pVit9Al6PwfVewM09FnlwAA=h120	false		unknown
https://banderolaver.pro/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	true		unknown
https://lh3.googleusercontent.com/6xlGJ-dkwosfUisVYzRKNE1Wcr5QDDfRfZ4bXktF-Nn0J0ucHd_JI1wjXTls7lt5mvJvvcvtrNc0MESF98dAx6ivasEsZNxoaUZU-Q=h120	false		unknown
https://lh3.googleusercontent.com/sq57GaRCOEk-TcLHr8ZeehZOkRrOLLv0ZIL34gOO2TNqeQjAcLqZM_YvwoZCLFQbW1DS0K28QakL4JTKArVVV4pp-PtTltns7K25Pu5d7v-6dRSh-g=w1440-l90-sg-rj-c0xffffff	false		unknown
https://www.google.com/gen_204?s=imghp&t=cap&atyp=csi&ei=Z5kDZ46CBeiAxc8Pzf-N6Qg&rt=wsrt.945,cbs.98,cbt.1071,hst.43,prt.1059&opi=89978449&dt=&ts=196113	false		unknown
https://www.google.com/xjs/_/ss/k=xjs.s.N7uEhNpUhSA.L.B1.O/am=QAoAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAAEAACAAAAAAAAAAgAgAsEwCAAAwAgAANgAgAAAAAAAIAAAYAAAAAAAAkAAAAAAAAgBUAAAAAAAAAIAAAEAEBAAAFAIAAAAAAAAABgAAAACEAAEACKAAQgCgAAkIFAGIRyEAAAAwAAAAEAAGGAYgqABgAIAAAAAAAAAAAQAAAYAQAAAAUEEAAAECAPQIBIABICcAAIQAgAAgAAAAAEAAAAABAAEAgJgADJABCAAAAAAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAABA/d=1/ed=1/br=1/rs=ACT90oEcmwtRzquuKp01ZddG2RmHbAE5Ww/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl	false		unknown
https://lh3.googleusercontent.com/uzkOxzfGFGjzRx0FK6B541qcv469wNDTQf_TUu4oqH_oPUGJoajTkqHLJ9DD188Kmocg_DJg2OBf1FxyRc6MLK_gMFFRmm7n7XTreZU=h120	false		unknown
https://lh3.googleusercontent.com/p2EiNuo4FQe3s8dhYgEiejBxjryT3B46OTWNItLqiwF58V0T62GKHa7VrbOhI7BbnQOBvdkPFu-4YGG0Dg3b0moXWWSc_aB1hw67Kts=h120	false		unknown
https://lh3.googleusercontent.com/R7Wr9OkT5zk4gY2F3-tLiMwhFaMfO_hCU5LpTxztUaTOi8kU7_0QUIvOTlhHLyMol8kvHhVvdWUtjmAZ6cqiwGhwZzdg0fvc-UXtojU=h120	false		unknown
https://lh3.googleusercontent.com/kLMr5zuHxfe-IxhnKdLp_1JkP5sl2ova0svHjQkFnV1q8X7yE6uA9p8AToT_L7xL5s5EIayVVVljNtp7BgoL69PtZ-Mf00qUbpTLfrrqXWv99tatmXI=h120	false		unknown
https://lh3.googleusercontent.com/5CsRqfMEP1Rv-PPv9G4962lyEuvb4roSLJHJQWPbmCa51AmvynfoGfoKsKiS87QhX07xQMZAeLp8qoSy7CjVZkXJ1WapQiJkroCeJw=h120	false		unknown
https://about.google/assets-products/img/glue-google-color-logo.svg	false		unknown
https://www.google.com/search/howsearchworks/assets/0-7k4-1q.min.js	false		unknown
https://smallbusiness.withgoogle.com/?subid=us-en-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google&utm_medium=ep&utm_campaign=google_hpbfooter&utm_content=google_hpbfooter&gmbsrc=us-en_US-et-gs-z-gmb-s-z-u~sb-g4sb_srvcs-u#!/	false		unknown
https://lh3.googleusercontent.com/aD5GNhlaU2d70gmSy5ioL1dMSUZN9cHDWPLkIBLhCsJ-BgcGUm-PD6o8XExZcx1i2iZV6PH0P8v3ceg0x7Tzd_OZ5FV0nXs5mX15sgA=h120	false		unknown
https://www.google.com/gen_204?atyp=csi&ei=K5kDZ4GuK5mqxc8PnK3nmQ0&s=promo&rt=hpbas.5615,hpbarr.1720&zx=1728289073838&opi=89978449	false		unknown
https://lh3.googleusercontent.com/tC78k3bL_DjdIByD4HSnnblCZF0nlR599IWYDDghEJDn7dwg-tuOIXGVR1TwxePI063JTgu9NvrsvRutrqHOfR5AAWduD51R8zuswV8=h120	false		unknown
https://www.google.com/tools/feedback/chat_load.js	false		unknown
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=K5kDZ4GuK5mqxc8PnK3nmQ0&rt=wsrt.1575,cbs.92,cbt.436,hst.45&opi=89978449&dt=&ts=201376	false		unknown
https://www.google.com/search/howsearchworks/assets/IFunn9hk.min.js	false		unknown
https://lh3.googleusercontent.com/mjVS_Izc6fGAvuaT0v--gb2so5mZvAbI5EUMUB41cWB7tpy81trBCR8rIlj8NoKgPzDWGN-Hs97NlW0T9W57YJ5z9A8QQWwXUYa_Zg=h120	false		unknown
https://www.google.com/search/howsearchworks/assets/bS7WqXuL.min.js	false		unknown
https://lh3.googleusercontent.com/7j1-9AjGTjyFcEDU5lJw2BpZNYWNKgkxegHVv012Pm5OPBratN5ZsNVtpILRwXqE5Givogcj2VMswYdKR1dKvLvo2EQFSM0p7yTxYw=h120	false		unknown
https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpbfooter&fg=1	false		unknown
https://lh3.googleusercontent.com/1bBfkvken8Lqz8NftP9_n8PmC2j6iMPUovX_c-tahFJYXo1tImjmPBU1nv1ATO_XIIh2dHUH6DMp0blUuhL7PZ7JvhZwNQ4QaiYnBsE7sGZcTDP3fLI=h120	false		unknown
https://lh3.googleusercontent.com/UqqZocZvjGksiGtlRkKb5NsuhpQkMLt3A85lMQ81Pms9tSZ3lLpymbAeinPIe5qUJRdmOKqL9InBBVsh6_gK-1QcNGppeUa7owoKgqo=h120	false		unknown
https://www.google.com/search/howsearchworks/assets/BLvkbcMJ.min.js	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.google.com	chromecache_992.12.dr, chromecache_1354.12.dr, chromecache_689.12.dr, chromecache_563.12.dr	false	URL Reputation: safe URL Reputation: safe	unknown
http://blog.igorescobar.com	chromecache_985.12.dr	false		unknown
https://instagram.com/madebygoogle	chromecache_1032.12.dr	false		unknown
https://lh3.googleusercontent.com/6Q907Y7fYBiaW6VAnv1r8BHZnFXjJm138u89gr8j8NSikSES5OrnMMP0bDiTWR7YyY	chromecache_927.12.dr	false		unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_1240.12.dr, chromecache_887.12.dr, chromecache_1207.12.dr	false	URL Reputation: safe	unknown
https://support.google.com/store/answer/2664771?hl=%3	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/zh-TW/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/en-IN/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://lh3.googleusercontent.com/iRxTGREAOizQhtbCjDGShDHvBc39qEI004M8SClsSzIBgvBsbUMFNVMDfAfzoEzgvr	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/no/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/hr/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://nest.com/$s/%2/widget/pro-finder/	chromecache_1032.12.dr	false		unknown
https://lh3.googleusercontent.com/VT4SCA4b12NEXu4W5qmH5nMdrHvYyXiasJ8kqJWUd7rtLUdO78YTV5v0ulPoXyXn8X	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/es/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/el/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_1119.12.dr	false	URL Reputation: safe	unknown
https://support.google.com/pixelphone	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/es-419/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://blog.google/products/search/generative-ai-google-search-may-2024/	chromecache_927.12.dr	false		unknown
https://lh3.googleusercontent.com/uEalHdGqJHrnhoH1O5rYmk5kO2c-xB5HxCobW5KSipKv22HsrmhZNjVvQmBdWcV06W	chromecache_927.12.dr	false		unknown
https://github.com/shoelace-style/shoelace/blob/next/src/internal/slot.ts	chromecache_889.12.dr	false		unknown
https://support.google.com/store/answer/6160267?hl=%3	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/pt/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://safety.google	chromecache_992.12.dr, chromecache_689.12.dr	false		unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_985.12.dr	false	URL Reputation: safe	unknown
https://support.google.com/legal/answer/14261249	chromecache_1032.12.dr	false		unknown
https://support.google.com/store/answer/11291219?hl=%3	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/en-GB/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://lh3.googleusercontent.com/OMmSijDU0neu_vZPqLWBrVJsQGT_D0ejrnpIgQMPkTZC-0s9dO6_kbV3sGb2q9BWmp	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/da/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://www.google.com/intl/%1_$s/policies/terms/	chromecache_1032.12.dr	false		unknown
https://store.google.com/intl/en/ideas/articles/pixel-safety-features/	chromecache_983.12.dr	false		unknown
https://play.google.com	chromecache_992.12.dr, chromecache_1354.12.dr, chromecache_689.12.dr, chromecache_563.12.dr	false		unknown
https://www.google.com/intl/bg/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://www.google.%1/contact/impressum.html	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/id/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://lh3.googleusercontent.com/AWAtSwGZaLr1UrvVSj5_72Uv2ckdZVWM9PIn9mm2qLdclYd2cYKLQXlvLIrVKHEzS5	chromecache_983.12.dr	false		unknown
https://lh3.googleusercontent.com/qN7B3-XsAtLKXTj8nGi839OyQHwQJTVk2TjOTp8tbKPxIlTN2tUb8syb7PjZ2tX7_x	chromecache_983.12.dr	false		unknown
https://lens.google.com/gen204	chromecache_1001.12.dr, chromecache_567.12.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/hu/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://support.google.com/store/gethelp	chromecache_1032.12.dr	false		unknown
https://support.google.com/store/answer/12436460?hl=%3#free_standard_shipping	chromecache_1032.12.dr	false		unknown
https://www.google.com/intl/ru/search/howsearchworks/	chromecache_927.12.dr	false		unknown
https://home.nest.com/en/US	chromecache_1032.12.dr	false		unknown
https://apis.google.com	chromecache_929.12.dr, chromecache_1066.12.dr, chromecache_1220.12.dr, chromecache_961.12.dr, chromecache_943.12.dr	false	URL Reputation: safe	unknown
https://domains.google.com/suggest/flow	chromecache_1066.12.dr, chromecache_961.12.dr	false	URL Reputation: safe	unknown
https://lh3.googleusercontent.com/ByIuDjG_OxNhZWu_Bix9cHR32kCnpGrjVaunDIzC9Q75eon4dC4Ei5h2pcD85FyPcj	chromecache_927.12.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
142.250.185.147	ghs-svc-https-sni.ghs-ssl.googlehosted.com	United States	15169	GOOGLEUS	false
142.250.185.225	unknown	United States	15169	GOOGLEUS	false
104.21.84.155	banderolaver.pro	United States	13335	CLOUDFLARENETUS	false
216.239.36.21	sustainability.google	United States	15169	GOOGLEUS	false
142.250.186.70	ad.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.186.113	csp.withgoogle.com	United States	15169	GOOGLEUS	false
172.217.16.142	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
142.250.185.69	mail.google.com	United States	15169	GOOGLEUS	false
142.250.184.194	adservice.google.com	United States	15169	GOOGLEUS	false
13.107.253.67	s-part-0039.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.110	store.google.com	United States	15169	GOOGLEUS	false
172.217.18.6	unknown	United States	15169	GOOGLEUS	false
172.217.18.2	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.102	dart.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
172.217.16.193	unknown	United States	15169	GOOGLEUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.104	googletagmanager.com	United States	15169	GOOGLEUS	false
142.250.185.78	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.206	google.com	United States	15169	GOOGLEUS	false
142.250.184.209	unknown	United States	15169	GOOGLEUS	false
142.250.185.161	unknown	United States	15169	GOOGLEUS	false
142.250.186.98	td.doubleclick.net	United States	15169	GOOGLEUS	false
216.239.32.29	about.google	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.217.16.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.185.177	appspot.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
104.77.220.172	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.16
192.168.2.12

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527856
Start date and time:	2024-10-07 10:16:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Fact-2024-10.pdf
Detection:	MAL
Classification:	mal60.phis.troj.winPDF@57/1337@106/37
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Browse: https://google.com/ Browse: https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content= Browse: https://google.com/search/howsearchworks/?fg=1 Browse: https://mail.google.com/mail/&ogbl Browse: https://www.google.com/imghp?hl=en&ogbl Close Viewer Browse: https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpbfooter&fg=1 Browse: https://www.google.com/intl/en/about/products Browse: https://store.google.com/US?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-US

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 162.159.61.3, 172.64.41.3, 199.232.210.172, 192.229.221.95, 2.19.126.143, 2.19.126.149, 2.23.197.184, 142.250.185.227, 142.250.186.174, 74.125.133.84, 152.199.19.160, 34.104.35.123, 142.250.185.234, 172.217.16.138, 142.250.185.74, 216.58.212.170, 142.250.186.106, 142.250.184.234, 142.250.186.74, 142.250.185.170, 142.250.186.170, 172.217.18.106, 142.250.185.202, 216.58.206.42, 142.250.186.138, 142.250.185.106, 142.250.181.234, 142.250.186.42, 172.217.23.106, 216.58.206.74, 216.58.212.138, 172.217.16.202, 142.250.184.227, 216.58.206.67, 142.250.184.202, 172.217.18.10, 142.250.74.202, 142.250.185.138, 142.250.186.67, 142.250.186.99, 172.217.16.195, 216.58.206.59, 142.250.185.123, 142.250.185.251, 172.217.16.155, 142.250.74.219, 142.250.181.251, 142.250.185.91, 172.217.18.27, 216.58.206.91, 142.250.186.59, 142.250.184.251, 142.250.186.91, 142.250.184.219, 142.250.185.155, 142.250.185.187, 142.250
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, azurefd-t-fb-prod.trafficmanager.net, ssl.gstatic.com, e8652.dscx.akamaiedge.net, www.googleadservices.com, storage.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, www.googletagmanager.com, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, www.google-analytics.com, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, fonts.gstatic.com, ajax.googleapis.com, ctldl.windowsupdate.com, ogads-pa.googleapis.com, aadcdn.msauth.net, p13n.ado
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:17:21	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["Adobe Acrobat"], "contains_trigger_text":true, "trigger_text":"La conexin es lenta para previsualizar el PDF Descargar el documento y CLIC AQU para abrir", "prominent_button_name":"CLIC AQU", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"La conexin es lenta para previsualizar el PDF Descargar el documento y CLIC AQU para abrir", "has_visible_qrcode":false}

URL: https://banderolaver.pro/microsoft-verify.php?user_email=cristina.marinello@smeg.es Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":true, "trigger_text":"Datos confidenciales!", "prominent_button_name":"Iniciar sesin", "text_input_field_labels":["Contrasea"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Microsoft", "has_visible_qrcode":false}

URL: https://www.google.com/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign in", "text_input_field_labels":["Google Search", "I'm Feeling Lucky"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Google SearchI'm Feeling LuckyOur third decade of climate action: join us", "has_visible_qrcode":false}

URL: https://www.google.com/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign in", "text_input_field_labels":["Google Search", "I'm Feeling Lucky"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Google Search I'm Feeling Lucky Our third decade of climate action: join us", "has_visible_qrcode":false}

URL: https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content= Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"2024 Environmental Report", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"How to be more sustainable while commuting on a road trip", "has_visible_qrcode":false}

URL: https://www.google.com/search/howsearchworks/?fg=1 Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Learn more", "text_input_field_labels":["Generative AI in Search", "Check the facts with these Google features", "Your data in Search"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Explore the world of Google Search Discover the details of how Search works - from the technology we make to the approach we take.", "has_visible_qrcode":false}

URL: https://www.google.com/intl/en-US/gmail/about/ Model: jbxai	{ "brand":["Gmail"], "contains_trigger_text":true, "trigger_text":"Get more done with Gmail. Now integrated with Google Chat, Google Meet, and more, all in one place.", "prominent_button_name":"Create an account", "text_input_field_labels":["For work"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Secure, smart, and easy to use email", "has_visible_qrcode":false}

URL: https://www.google.com/imghp?hl=en&ogbl Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign in", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Google Images", "has_visible_qrcode":false}

URL: https://smallbusiness.withgoogle.com/?subid=us-en-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google&utm_medium=ep&utm_campaign=google_hpbfooter&utm_content=google_hpbfooter&gmbsrc=us-en_US-et-gs-z-gmb-s-z-u~sb-g4sb_srvcs-u#!/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Get the essentials", "text_input_field_labels":["Free", "Google Workspace", "Google Sites"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Succeed online with help from Google Together, we'll find the products, tools, and resources you need to move your business forward and help reach your goals. Make the most of the web with these tools", "has_visible_qrcode":false}

URL: https://about.google/products/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Shop Google Store", "text_input_field_labels":["Get product support", "Get disability support"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Helpful products. Built with you in mind.", "has_visible_qrcode":false}

URL: https://store.google.com/US/?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-US Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Browse phones", "text_input_field_labels":["New"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Oh hi, Al. Meet the new Pixel 9 Pro XL, Pixel 9 Pro, Pixel 9, and Pixel 9 Pro Fold with Gemini. Popular on the Google Store.", "has_visible_qrcode":false}

URL: https://store.google.com/US/?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-US Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Browse phones", "text_input_field_labels":["Sign in and sign up", "or enter email address"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Oh hi, Al. Meet the new Pixel 9 Pro XL, Pixel 9 Pro, Pixel 9, and Pixel 9 Pro Fold with Gemini. Popular on the Google Store.", "has_visible_qrcode":false}

URL: https://store.google.com/US/?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-US Model: jbxai	{ "phishing_score":1, "brands":"Google", "legit_domain":"google.com", "classification":"wellknown", "reasons":["The brand 'Google' is a well-known brand with a strong online presence.", "The URL 'store.google.com' is a subdomain of 'google.com', which is the legitimate domain for Google.", "The presence of 'Sign in' and 'Sign up' fields is typical for a legitimate Google service page.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions."], "brand_matches":[false], "url_match":true, "brand_input":"Google", "input_fields":"Sign in and sign up"}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.84.155	http://pixelmeldit.ru/RMQf	Get hash	malicious	HTMLPhisher	Browse
239.255.255.250	https://pub-40cb77b4a6d84294bfa2db6a96f70ff7.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-2fd40031391d4470a8c3c1090493deca.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://gtm.you1.cn/app/381210	Get hash	malicious	Unknown	Browse
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse
	4qZ59IMp8b.exe	Get hash	malicious	Credential Flusher	Browse
	http://org0720.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4
13.107.253.67	172805100873dcf2097bda1ebce1dc29509a0d1c0ecef0168b8aa56fecb5a19c93ba543436853.dat-decoded.exe	Get hash	malicious	Unknown	Browse
	https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3B	Get hash	malicious	Unknown	Browse
	http://pub-3424228f58ac440c9523afb01100ed68.r2.dev/gold.html	Get hash	malicious	HTMLPhisher	Browse
	http://www.bing.com/search?q=%3Cscript%3Ealert+1+%3C/script%3E&form=WMSRPA&ao=1&qs=UT&cvid=200cb80e1a3a4f86a7cea0b49e1f972a&pq=%3C&cc=ES&setlang=es-ES&wsso=Moderate&qfig=8721b1b5480542f594a6cfbbb1ea53e6&darkschemeovr=1	Get hash	malicious	Unknown	Browse
	http://www.laborfinders.com	Get hash	malicious	Unknown	Browse
	https://jenskullenius-my.sharepoint.com/:f:/g/personal/ulf_kullenius_gaiabiomaterials_com/EmQl89SiCOBCpbtr01o20eIB9z4rZpQ3dKKrBHn2QJKTxw?e=afHuwm	Get hash	malicious	Unknown	Browse
	http://url2253.supportasecurity.com/ls/click?upn=u001.8PZYqznGDJ9-2FKUHHWNUI3Edxs36Tp2dyG-2Ba7x1-2FPzVdu3bKXNWn2LvlF5iXWtGEfIsJd795-2F6B3b8l-2FhC2f2zw-3D-3D2w7E_lb-2Bnb9KO-2BNO6xtys7-2FSgJ37Cm7-2FqCsJQuSPzRnbo9rKVbI2R8gs14rAUveIpHhIOrHXcf6q6pmPYVBrx-2F-2FgmjhscUNPFCso8gA9rpmEpgMPU1tcukTovCaYGJYvgHvVJZb2xcZFijRQrxXUqMf-2FDb1lgQXZ51YtzZvTAweZNDb5-2BmntOyGie5zyANnlrWIS-2B-2BsgFV4hER50aWpOErGN-2FpJwQITPvdi69D7CK7usgeKJrAUWK0NG8q4Skck2mCy-2F8CjQ5dmXggB2H7tLJidvPvM9khambrWj8FuwMJCzrK4LNStfQWZUtBYMpMG-2F47lnH0S-2FlyoKmWTn5XlHDdgZK6jAFBZXQVQD9cVti9OL-2BGKGmoU9N9PVXbsielqDx6aAOl8reEdBu-2FhZJovH6Cya7sU67oLz9WOmApinrNrgKyLj9-2FnZke-2FrNXntDN-2BmI9gYOp60vp-2BmyMr1b7X-2Bv-2FDGM6pqmBn9a9cF2wTYfTwH1F2O3hMuhPkvWp9ywQI3RWINRAUEkR395xhdWa3Xy4F0DYcfVrqhhW020n6qgsU6x3XOiTP5FWmNCSSr56o2HqOAE6MqQw8fCBbvm3FUVLvCfZ-2FLn4udwAmpHiaqLRuwXpVdB2abW3LmmCPMufkS0qGEGCEDPfGoZHZTkUmpRbDgXHgfWe7exJBnf-2F5hdOTYiw0mN7YOdfSuhE7vEmDV5XXoZMguGuhnIUi1S5IFDf-2BI6-2BU4PVdd42vN-2BNAzkqjdRwjd1G7lG0QQwrLQSoII9g7PyjntBfNVT9z1w1QZMIcgxRPG-2Fd0G6qwnQ6d2XTx-2BxeQOXeERokCIMuNhXscGUUDnFO-2BODGABIjUJmx99N4zNVrq6NLtNHrav1IahnhJfxQ-2BY-3D&c=E,1,E0lAJItgIyUxbXGpxJtGCBhqXoYkpM6eN57cP_YKhu3ZsbCoe3Y2FTZgOx4X7oPpj_5FBx6MpnelyXgRzl52pHKItnj6fhEACRn26PWJEhywZbLRUfbk&typo=1	Get hash	malicious	HTMLPhisher	Browse
	FirstfedwebInv27-1486.html	Get hash	malicious	BlackHacker JS Obfuscator	Browse
	Caller left VM MSG 000130 DURATION- 5a745523ed1e971a2d7f1ced4aecad012918bdba.msg	Get hash	malicious	HTMLPhisher	Browse
	https://sesh-gangrene.shop/	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0039.t-0009.fb-t-msedge.net	https://claim-give-away2024.oklick.xyz/	Get hash	malicious	Unknown	Browse	13.107.253.67
	https://mfacebookk.click/G1La1iS4R2BxZPGht8aruwFinR13RcrESOGuNi6nwETvnRM8NpUZu53I1U011Q0HUyXQimVwnl.html	Get hash	malicious	Unknown	Browse	13.107.253.67
	172805100873dcf2097bda1ebce1dc29509a0d1c0ecef0168b8aa56fecb5a19c93ba543436853.dat-decoded.exe	Get hash	malicious	Unknown	Browse	13.107.253.67
	https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3B	Get hash	malicious	Unknown	Browse	13.107.253.67
	http://pub-3424228f58ac440c9523afb01100ed68.r2.dev/gold.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.67
	http://www.bing.com/search?q=%3Cscript%3Ealert+1+%3C/script%3E&form=WMSRPA&ao=1&qs=UT&cvid=200cb80e1a3a4f86a7cea0b49e1f972a&pq=%3C&cc=ES&setlang=es-ES&wsso=Moderate&qfig=8721b1b5480542f594a6cfbbb1ea53e6&darkschemeovr=1	Get hash	malicious	Unknown	Browse	13.107.253.67
	http://www.laborfinders.com	Get hash	malicious	Unknown	Browse	13.107.253.67
	https://jenskullenius-my.sharepoint.com/:f:/g/personal/ulf_kullenius_gaiabiomaterials_com/EmQl89SiCOBCpbtr01o20eIB9z4rZpQ3dKKrBHn2QJKTxw?e=afHuwm	Get hash	malicious	Unknown	Browse	13.107.253.67
	https://www.phoenixartstudio.net/?keyvalue=93749&page=https%3A%2F%2Fshdeiw.com%2Fsewirsd	Get hash	malicious	Unknown	Browse	13.107.253.67
	http://url2253.supportasecurity.com/ls/click?upn=u001.8PZYqznGDJ9-2FKUHHWNUI3Edxs36Tp2dyG-2Ba7x1-2FPzVdu3bKXNWn2LvlF5iXWtGEfIsJd795-2F6B3b8l-2FhC2f2zw-3D-3D2w7E_lb-2Bnb9KO-2BNO6xtys7-2FSgJ37Cm7-2FqCsJQuSPzRnbo9rKVbI2R8gs14rAUveIpHhIOrHXcf6q6pmPYVBrx-2F-2FgmjhscUNPFCso8gA9rpmEpgMPU1tcukTovCaYGJYvgHvVJZb2xcZFijRQrxXUqMf-2FDb1lgQXZ51YtzZvTAweZNDb5-2BmntOyGie5zyANnlrWIS-2B-2BsgFV4hER50aWpOErGN-2FpJwQITPvdi69D7CK7usgeKJrAUWK0NG8q4Skck2mCy-2F8CjQ5dmXggB2H7tLJidvPvM9khambrWj8FuwMJCzrK4LNStfQWZUtBYMpMG-2F47lnH0S-2FlyoKmWTn5XlHDdgZK6jAFBZXQVQD9cVti9OL-2BGKGmoU9N9PVXbsielqDx6aAOl8reEdBu-2FhZJovH6Cya7sU67oLz9WOmApinrNrgKyLj9-2FnZke-2FrNXntDN-2BmI9gYOp60vp-2BmyMr1b7X-2Bv-2FDGM6pqmBn9a9cF2wTYfTwH1F2O3hMuhPkvWp9ywQI3RWINRAUEkR395xhdWa3Xy4F0DYcfVrqhhW020n6qgsU6x3XOiTP5FWmNCSSr56o2HqOAE6MqQw8fCBbvm3FUVLvCfZ-2FLn4udwAmpHiaqLRuwXpVdB2abW3LmmCPMufkS0qGEGCEDPfGoZHZTkUmpRbDgXHgfWe7exJBnf-2F5hdOTYiw0mN7YOdfSuhE7vEmDV5XXoZMguGuhnIUi1S5IFDf-2BI6-2BU4PVdd42vN-2BNAzkqjdRwjd1G7lG0QQwrLQSoII9g7PyjntBfNVT9z1w1QZMIcgxRPG-2Fd0G6qwnQ6d2XTx-2BxeQOXeERokCIMuNhXscGUUDnFO-2BODGABIjUJmx99N4zNVrq6NLtNHrav1IahnhJfxQ-2BY-3D&c=E,1,E0lAJItgIyUxbXGpxJtGCBhqXoYkpM6eN57cP_YKhu3ZsbCoe3Y2FTZgOx4X7oPpj_5FBx6MpnelyXgRzl52pHKItnj6fhEACRn26PWJEhywZbLRUfbk&typo=1	Get hash	malicious	HTMLPhisher	Browse	13.107.253.67
s-part-0017.t-0009.t-msedge.net	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://uppholldbcloginn.gitbook.io/us/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://pub-04836febb1fc46fca4a8c225ef7d2a38.r2.dev/tantindex.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://pub-17d7828daac64fc3a83940a40d8b01d8.r2.dev/qwertyuiopBowa.html	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	13.107.246.45
	http://webmailserv3038z.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://pub-3e7a5cfb45bf4e96837e2976d2a1ca5a.r2.dev/be141.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://orange234.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://pub-722720be67154192a1102b2cf085d306.r2.dev/askm.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://sites.google.com/coinswallett.com/walletconnectt/home/	Get hash	malicious	Unknown	Browse	13.107.246.45
sni1gl.wpc.omegacdn.net	https://ad2856b9b0e7b744c59c43afe9662cee9ce9abdecb1bb7ab61ba226eb7.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://rolledalloys12-dot-wind-blade-416540.uk.r.appspot.com/	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	http://foth.federal-docs.com/uAfwC	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Payment receipt 50%Invoicelp612117_CQDM.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiN2NmYmYzYzYtZGJhZS00MDU2LWFmNjEtZTE1OTY4NGUxZTc4IiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyOTI1NTE2OCwibmJmIjoxNzI4MDQ1NTY4LCJpYXQiOjE3MjgwNDU1NjgsImp0aSI6IjdjZmJmM2M2LWRiYWUtNDA1Ni1hZjYxLWUxNTk2ODRlMWU3OCIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiIyNDYxNDE2ZC1iYWJmLTQzMDktOTRhYy1hZWJkYzRjMmZmY2MiLCJzaWduX3JlcXVlc3RfaWQiOiI3Y2ZiZjNjNi1kYmFlLTQwNTYtYWY2MS1lMTU5Njg0ZTFlNzgiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiZnJhbmNlcy53b29kQHVrcmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyJ9fQ.OqxYiO2DP6wYmX2t6u3X4Qa-FIZ5J__ELTV29qKimLo&eid=2461416d-babf-4309-94ac-aebdc4c2ffcc&esrt=7cfbf3c6-dbae-4056-af61-e159684e1e78	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Payout Receipt.pptx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.thefirsthbcu.com/	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4u	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	voicemaiVOIP_1002202474911222280000000082autoresponse.htm	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
cdnjs.cloudflare.com	https://pub-40cb77b4a6d84294bfa2db6a96f70ff7.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-2fd40031391d4470a8c3c1090493deca.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://ikergalindez.github.io/gofish/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	Farahexperiences.com_Report_87018.pdf	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://pub-51f896deb233450089fc1a520e6ed957.r2.dev/kanehods.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://pub-04836febb1fc46fca4a8c225ef7d2a38.r2.dev/tantindex.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	http://stonemartin1001.wixsite.com/sky-result/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://ashleyproberts.wixsite.com/my-site/	Get hash	malicious	HTMLPhisher	Browse	150.171.29.10
	http://webmailserv3038z.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://clivenicoll44.wixsite.com/btinternet/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://liendemail01.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.28.10
	http://cp-wc32.syd02.ds.network/~melbou28/cgi.bin/fr/bca13/	Get hash	malicious	Unknown	Browse	150.171.30.10
	http://frogsrus.wixsite.com/my-site-1/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://orange234.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.27.10
CLOUDFLARENETUS	Pla#U0107anje,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	https://pub-40cb77b4a6d84294bfa2db6a96f70ff7.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-2fd40031391d4470a8c3c1090493deca.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	172.66.0.235
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse	162.159.140.229
	http://ikergalindez.github.io/gofish/	Get hash	malicious	HTMLPhisher	Browse	104.21.235.213
CLOUDFLARENETUS	Pla#U0107anje,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	https://pub-40cb77b4a6d84294bfa2db6a96f70ff7.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-2fd40031391d4470a8c3c1090493deca.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	172.66.0.235
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse	162.159.140.229
	http://ikergalindez.github.io/gofish/	Get hash	malicious	HTMLPhisher	Browse	104.21.235.213
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	http://stonemartin1001.wixsite.com/sky-result/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://ashleyproberts.wixsite.com/my-site/	Get hash	malicious	HTMLPhisher	Browse	150.171.29.10
	http://webmailserv3038z.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://clivenicoll44.wixsite.com/btinternet/	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	http://liendemail01.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.28.10
	http://cp-wc32.syd02.ds.network/~melbou28/cgi.bin/fr/bca13/	Get hash	malicious	Unknown	Browse	150.171.30.10
	http://frogsrus.wixsite.com/my-site-1/	Get hash	malicious	Unknown	Browse	150.171.27.10
	http://orange234.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	150.171.27.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
	http://org0720.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	173.222.162.60
	http://ikergalindez.github.io/gofish/	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
	http://pub-17d7828daac64fc3a83940a40d8b01d8.r2.dev/qwertyuiopBowa.html	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	173.222.162.60
	http://webmailserv3038z.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	173.222.162.60
	http://tcaconnect.ac-page.com/toronto-construction-association-inc/	Get hash	malicious	Unknown	Browse	173.222.162.60
	http://maine619.github.io/office/	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
	http://pub-3e7a5cfb45bf4e96837e2976d2a1ca5a.r2.dev/be141.html	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
	http://pub-f3922f20d4c74ba1869fd3db906e3295.r2.dev/gsecondcheck.html	Get hash	malicious	HTMLPhisher	Browse	173.222.162.60
28a2c9bd18a11de089ef85a160da29e4	https://pub-40cb77b4a6d84294bfa2db6a96f70ff7.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://pub-21e2ca3bca8444aab694f2d286d3f97f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://pub-2fd40031391d4470a8c3c1090493deca.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://pub-0b1b4754e32d4359b9a318e8133d30bc.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://gtm.you1.cn/app/381210	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	http://patjimmy323.wixsite.com/my-site-1/	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	4qZ59IMp8b.exe	Get hash	malicious	Credential Flusher	Browse	4.245.163.56 184.28.90.27 13.107.246.44
	http://org0720.wixsite.com/my-site/	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.246.44

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.186969707955441
Encrypted:	false
SSDEEP:	6:c+3cM+q2Pv2nKuAl9OmbnIFUt8lYUCJZmw+lYUCcMVkwOv2nKuAl9OmbjLJ:XMM+v2HAahFUt87c/+7XMV5bHAaSJ
MD5:	EF37456B9CC4AE0E1165D83CC9C5AC49
SHA1:	1B6A36E629263BF876E4B5C222FA688CEC2D172D
SHA-256:	582DA2613E37F5A47DAB26CCDF30C31C91811C39D2E05091B230E155408F3D1E
SHA-512:	6C19D35BC3F196F2FE0D419C8F26D265E3DE2FAA2B0343E3F248DADA6DE1873913AA9CC7CC913A660E3D8288128C2EB9576CAEB18438D14BA35EAA75AEA615BC
Malicious:	false
Reputation:	low
Preview:	2024/10/07-04:17:08.784 18fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-04:17:08.786 18fc Recovering log #3.2024/10/07-04:17:08.786 18fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/imghp?hl=en&ogbl	HTTP Parser: No favicon
Source: https://www.google.com/imghp?hl=en&ogbl	HTTP Parser: No favicon
Source: https://store.google.com/US/?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-US	HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 13.107.253.67 13.107.253.67
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.60
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.60
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.60
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.60
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172

Source: chromecache_995.12.dr	String found in binary or memory: L.getElementsByTagName("iframe"),ka=P.length,na=0;na<ka;na++)if(!v&&c(P[na],H.He)){oJ("https://www.youtube.com/iframe_api");v=!0;break}})}}else F(u.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,v=!1;Z.__ytl=n;Z.__ytl.o="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0;Z.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_755.12.dr, chromecache_1328.12.dr, chromecache_974.12.dr, chromecache_807.12.dr, chromecache_995.12.dr, chromecache_940.12.dr	String found in binary or memory: Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},bk:function(){e=zb()},nd:function(){d()}}};var gc=la(["data-gtm-yt-inspected-"]),LC=["www.youtube.com","www.youtube-nocookie.com"],MC,NC=!1; equals www.youtube.com (Youtube)
Source: chromecache_807.12.dr, chromecache_940.12.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={hh:e,fh:f,gh:g,Rh:k,Sh:m,He:n,Cb:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};F(function(){for(var t=E.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(WC(w,"iframe_api")\|\|WC(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!NC&&UC(x[A],p.He))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_867.12.dr, chromecache_799.12.dr, chromecache_759.12.dr, chromecache_731.12.dr	String found in binary or memory: return b}JC.F="internal.enableAutoEventOnTimer";var gc=la(["data-gtm-yt-inspected-"]),LC=["www.youtube.com","www.youtube-nocookie.com"],MC,NC=!1; equals www.youtube.com (Youtube)
Source: chromecache_1333.12.dr	String found in binary or memory: this.Ka=[_.rT("https://storage.googleapis.com/"),_.rT("https://storage.googleapis.com/%path"),_.rT("https://www.youtube.com/")];this.wa=this.ha=this.Ga=this.Ja=this.Ea=null;this.Ra=[_.rT("mannequin/"),_.rT("modules/"),_.rT("lottie.min.js"),_.rT("view-in-ar/"),_.rT("model-viewer.min.js"),_.rT("iframe_api")];this.Mb=()=>_.ne(this,{service:{dialog:_.QC}}).then(b=>b.service.dialog);this.Sb=()=>_.ne(this,{service:{yfa:_.zUa}}).then(b=>b.service.yfa);this.Pa=()=>_.ne(this,{service:{view:_.Lk}}).then(b=> equals www.youtube.com (Youtube)
Source: chromecache_861.12.dr	String found in binary or memory: var Ci=".story-carousel__text-inner",Di="story-carousel__text-inner--active",Fi=".glue-pagination-page-list",Bi="StoriesCarouselCtrl.model.currentPage",Ei="gluepaginationtotalpages",Ki="(min-width: 1024px)",Gi="(min-width: 0) and (max-width: 599px)",Hi="(min-width: 600px) and (max-width: 1023px)",Ji=15,Li=35;var Mi=angular.module("glueYtVideoService",[A.module.name]),Ni=Ka("https://www.youtube.com/iframe_api");function V(a,b){this.EventType={lc:"glue.ng.ytVideo.service.IframeApiInitalized"};this.i=a;this.j=b;this.Events={Sb:"glue.ng.ytVideo.service.IframeApiInitalized"};this.scriptLoaded=this.apiInitialized=!1;this.f={};this.apiInitialized\|\|Oi(this)}function Oi(a){a.j.onYouTubeIframeAPIReady=angular.bind(a,function(){this.apiInitialized=!0;this.i.$broadcast(this.EventType.lc,this)})} equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: banderolaver.pro
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: sustainability.google
Source: global traffic	DNS traffic detected: DNS query: www.blog.google
Source: global traffic	DNS traffic detected: DNS query: blog.google
Source: global traffic	DNS traffic detected: DNS query: googletagmanager.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: csp.withgoogle.com
Source: global traffic	DNS traffic detected: DNS query: mail.google.com
Source: global traffic	DNS traffic detected: DNS query: smallbusiness.withgoogle.com
Source: global traffic	DNS traffic detected: DNS query: survey.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: about.google
Source: global traffic	DNS traffic detected: DNS query: store.google.com
Source: global traffic	DNS traffic detected: DNS query: 2542116.fls.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: adservice.google.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	10651
Entropy (8bit):	7.961321901660215
Encrypted:	false
SSDEEP:	192:cKJybYYxDcxwgJvE13KppZ++idd9Y7EbzjdyBmhh9PVg6QKgLX1:2TxDcXJvlppizpyBgvPF1gLl
MD5:	04405CB5BEF43037606087703C4A4DC0
SHA1:	5E3FDA97A72802F51CD726542CBBCF5D840242B2
SHA-256:	00343494C05D69E1E0D85A889C016DE56447E263260DAED0474F66D6FB09AB3E
SHA-512:	4ACC2B10EEF92A0AF8445885806E6AE4BA3EC7F36A137E6675720D04FC45CFBA5E79DBDECB476261C2C4268F5B83C903EF3CB7DFCB26E93B777AAF326C7DA54D
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............u....].Q..=..c...{i..'!\.D....H=..1N.I...F.!.,........j\....8..C......V_]-.G.Q.SA..f....E.4t...~...u..F.vY.9..j..}Ib......W.v!b.C.+...d..O............Q......x}VA.$.8......<..t.m.7.V'.%I..r.A....[.L...m....G@$.%.o.t.^...._.i.+.3.\|(.... .LHz$l..Q..su.t..}.W..gC.j.q.u..7..?.)].f.3...}....&......==r.....4.....RY.pt5...8i$...<...I.....;.U_....Z.:J...-.<B. .z.\|.7!....Ito..;....t...>.5...ek..I3@~.%M

File type:	PDF document, version 1.7
Entropy (8bit):	7.9725629381882746
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Fact-2024-10.pdf
File size:	137'550 bytes
MD5:	be0f0c241442901014ee5b364e911b7e
SHA1:	e41a6b08f9af0e18afc3acaa51fca1b83109f9ab
SHA256:	5c05d426782d494decfcb5ca6cda4765090a03d05a3ab2d70c66826c21740cff
SHA512:	2f5f2905106d2de8351ef33822fbd18ee8f87b5fcce78e38a6feb34a154ba2dd57bf8578aa2c4d36de43b5b751f9696caeaa9431183fd05b391dfb9cadacaf0e
SSDEEP:	3072:yW2JJc6ra7wl4w0dLprdAzpRnjeGOqdnaW+B7:yJJi6ryUzpRnyyat7
TLSH:	28D312645F8AB538CC80742168C50A238A56D482AA5C19FF7C8DDBC77F1EDBAB91487C
File Content Preview:	%PDF-1.7.%.....2 0 obj.<<./AcroForm 4 0 R./Metadata 5 0 R./Pages 6 0 R./Type /Catalog.>>.endobj.5 0 obj.<<./Length 3266./Subtype /XML./Type /Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmp

General
Header:	%PDF-1.7
Total Entropy:	7.972563
Total Bytes:	137550
Stream Entropy:	7.975670
Stream Bytes:	135792
Entropy outside Streams:	5.055216
Bytes outside Streams:	1758
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	18
endobj	18
stream	17
endstream	17
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 10:17:22.406615019 CEST	192.168.2.12	1.1.1.1	0xfdf4	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:35.305860996 CEST	192.168.2.12	1.1.1.1	0x7e7f	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:35.931610107 CEST	192.168.2.12	1.1.1.1	0x572c	Standard query (0)	banderolaver.pro	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:35.931977987 CEST	192.168.2.12	1.1.1.1	0xec80	Standard query (0)	banderolaver.pro	65	IN (0x0001)	false
Oct 7, 2024 10:17:37.923379898 CEST	192.168.2.12	1.1.1.1	0x8c70	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.923523903 CEST	192.168.2.12	1.1.1.1	0xdb9	Standard query (0)	google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:37.924593925 CEST	192.168.2.12	1.1.1.1	0xfc82	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.924711943 CEST	192.168.2.12	1.1.1.1	0x102b	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:37.925122023 CEST	192.168.2.12	1.1.1.1	0xed47	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.925504923 CEST	192.168.2.12	1.1.1.1	0x4735	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:37.929198980 CEST	192.168.2.12	1.1.1.1	0xe293	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.929368973 CEST	192.168.2.12	1.1.1.1	0xaeed	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Oct 7, 2024 10:17:38.524550915 CEST	192.168.2.12	1.1.1.1	0x86eb	Standard query (0)	banderolaver.pro	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.524765968 CEST	192.168.2.12	1.1.1.1	0xa00f	Standard query (0)	banderolaver.pro	65	IN (0x0001)	false
Oct 7, 2024 10:17:38.620433092 CEST	192.168.2.12	1.1.1.1	0xf57b	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.620635986 CEST	192.168.2.12	1.1.1.1	0x32f9	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:38.891663074 CEST	192.168.2.12	1.1.1.1	0x99df	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.891911983 CEST	192.168.2.12	1.1.1.1	0xcdf9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:39.165534973 CEST	192.168.2.12	1.1.1.1	0x75fe	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:39.165699959 CEST	192.168.2.12	1.1.1.1	0x5733	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:40.672458887 CEST	192.168.2.12	1.1.1.1	0xde2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:40.672460079 CEST	192.168.2.12	1.1.1.1	0x1adf	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:46.349807978 CEST	192.168.2.12	1.1.1.1	0x97e6	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:46.349807978 CEST	192.168.2.12	1.1.1.1	0x228e	Standard query (0)	google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:49.254072905 CEST	192.168.2.12	1.1.1.1	0x4f5d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:49.255028963 CEST	192.168.2.12	1.1.1.1	0xa134	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:50.173954010 CEST	192.168.2.12	1.1.1.1	0x738f	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:50.174256086 CEST	192.168.2.12	1.1.1.1	0xb25d	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:50.182344913 CEST	192.168.2.12	1.1.1.1	0x9541	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:50.182672024 CEST	192.168.2.12	1.1.1.1	0xabfb	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:51.163680077 CEST	192.168.2.12	1.1.1.1	0x4991	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:51.163835049 CEST	192.168.2.12	1.1.1.1	0x9bd6	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:52.637906075 CEST	192.168.2.12	1.1.1.1	0x3364	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:52.638096094 CEST	192.168.2.12	1.1.1.1	0xe016	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:52.744479895 CEST	192.168.2.12	1.1.1.1	0xef15	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:52.744821072 CEST	192.168.2.12	1.1.1.1	0x5ac1	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:17:53.228298903 CEST	192.168.2.12	1.1.1.1	0xdcc5	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:06.317123890 CEST	192.168.2.12	1.1.1.1	0x7482	Standard query (0)	sustainability.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:06.317323923 CEST	192.168.2.12	1.1.1.1	0x24a6	Standard query (0)	sustainability.google	65	IN (0x0001)	false
Oct 7, 2024 10:18:09.881302118 CEST	192.168.2.12	1.1.1.1	0x6cc	Standard query (0)	sustainability.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:09.881453037 CEST	192.168.2.12	1.1.1.1	0x4bae	Standard query (0)	sustainability.google	65	IN (0x0001)	false
Oct 7, 2024 10:18:10.139136076 CEST	192.168.2.12	1.1.1.1	0x4a56	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:12.378113985 CEST	192.168.2.12	1.1.1.1	0xe050	Standard query (0)	www.blog.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:12.378253937 CEST	192.168.2.12	1.1.1.1	0x3ad3	Standard query (0)	www.blog.google	65	IN (0x0001)	false
Oct 7, 2024 10:18:13.546272039 CEST	192.168.2.12	1.1.1.1	0xe8f9	Standard query (0)	blog.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:13.546488047 CEST	192.168.2.12	1.1.1.1	0xf90f	Standard query (0)	blog.google	65	IN (0x0001)	false
Oct 7, 2024 10:18:14.894588947 CEST	192.168.2.12	1.1.1.1	0xec08	Standard query (0)	blog.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:14.895004988 CEST	192.168.2.12	1.1.1.1	0x8fed	Standard query (0)	blog.google	65	IN (0x0001)	false
Oct 7, 2024 10:18:21.577419043 CEST	192.168.2.12	1.1.1.1	0x67e3	Standard query (0)	googletagmanager.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:21.577573061 CEST	192.168.2.12	1.1.1.1	0x5a7c	Standard query (0)	googletagmanager.com	65	IN (0x0001)	false
Oct 7, 2024 10:18:21.735295057 CEST	192.168.2.12	1.1.1.1	0x9ef7	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:21.735474110 CEST	192.168.2.12	1.1.1.1	0x11f5	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:18:22.940131903 CEST	192.168.2.12	1.1.1.1	0x9488	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:22.940280914 CEST	192.168.2.12	1.1.1.1	0x1d9a	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:18:29.045200109 CEST	192.168.2.12	1.1.1.1	0x524d	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:29.370791912 CEST	192.168.2.12	1.1.1.1	0xe589	Standard query (0)	csp.withgoogle.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:29.370994091 CEST	192.168.2.12	1.1.1.1	0x38a4	Standard query (0)	csp.withgoogle.com	65	IN (0x0001)	false
Oct 7, 2024 10:18:32.317106009 CEST	192.168.2.12	1.1.1.1	0xcb48	Standard query (0)	mail.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:32.317342043 CEST	192.168.2.12	1.1.1.1	0x8d8	Standard query (0)	mail.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:18:48.874435902 CEST	192.168.2.12	1.1.1.1	0x192d	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:03.285917997 CEST	192.168.2.12	1.1.1.1	0xd0b4	Standard query (0)	smallbusiness.withgoogle.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:03.286314011 CEST	192.168.2.12	1.1.1.1	0x136e	Standard query (0)	smallbusiness.withgoogle.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:04.400335073 CEST	192.168.2.12	1.1.1.1	0x1f3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:04.400335073 CEST	192.168.2.12	1.1.1.1	0x5d36	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:04.408847094 CEST	192.168.2.12	1.1.1.1	0x5292	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:04.408847094 CEST	192.168.2.12	1.1.1.1	0xf6b8	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:05.468457937 CEST	192.168.2.12	1.1.1.1	0x8297	Standard query (0)	smallbusiness.withgoogle.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:05.468657970 CEST	192.168.2.12	1.1.1.1	0x43ca	Standard query (0)	smallbusiness.withgoogle.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:10.221913099 CEST	192.168.2.12	1.1.1.1	0x3232	Standard query (0)	survey.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:10.222048998 CEST	192.168.2.12	1.1.1.1	0x6122	Standard query (0)	survey.g.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:11.629698038 CEST	192.168.2.12	1.1.1.1	0xa909	Standard query (0)	about.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:11.629889965 CEST	192.168.2.12	1.1.1.1	0x9fe3	Standard query (0)	about.google	65	IN (0x0001)	false
Oct 7, 2024 10:19:14.904586077 CEST	192.168.2.12	1.1.1.1	0xbaad	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:14.904732943 CEST	192.168.2.12	1.1.1.1	0xb92e	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:15.085689068 CEST	192.168.2.12	1.1.1.1	0x51b5	Standard query (0)	about.google	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:15.085854053 CEST	192.168.2.12	1.1.1.1	0x4532	Standard query (0)	about.google	65	IN (0x0001)	false
Oct 7, 2024 10:19:23.168395042 CEST	192.168.2.12	1.1.1.1	0xf438	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:23.168838978 CEST	192.168.2.12	1.1.1.1	0x9a06	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:42.319583893 CEST	192.168.2.12	1.1.1.1	0x21f3	Standard query (0)	store.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:42.319796085 CEST	192.168.2.12	1.1.1.1	0x9975	Standard query (0)	store.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:43.846777916 CEST	192.168.2.12	1.1.1.1	0x5b45	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:43.846924067 CEST	192.168.2.12	1.1.1.1	0xd76d	Standard query (0)	lh3.googleusercontent.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:47.222059011 CEST	192.168.2.12	1.1.1.1	0x9ffb	Standard query (0)	store.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:47.222202063 CEST	192.168.2.12	1.1.1.1	0x929	Standard query (0)	store.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:49.477338076 CEST	192.168.2.12	1.1.1.1	0xc73b	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:49.477900028 CEST	192.168.2.12	1.1.1.1	0x9ed	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:50.446454048 CEST	192.168.2.12	1.1.1.1	0xf3e3	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:50.446619987 CEST	192.168.2.12	1.1.1.1	0x7e54	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:51.362837076 CEST	192.168.2.12	1.1.1.1	0x9f43	Standard query (0)	2542116.fls.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.363240957 CEST	192.168.2.12	1.1.1.1	0xbfdb	Standard query (0)	2542116.fls.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:51.372551918 CEST	192.168.2.12	1.1.1.1	0x144e	Standard query (0)	td.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.373498917 CEST	192.168.2.12	1.1.1.1	0x2607	Standard query (0)	td.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:51.374056101 CEST	192.168.2.12	1.1.1.1	0xff24	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.374396086 CEST	192.168.2.12	1.1.1.1	0x4c8b	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:51.483313084 CEST	192.168.2.12	1.1.1.1	0x4679	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.483479023 CEST	192.168.2.12	1.1.1.1	0xe664	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:52.269510031 CEST	192.168.2.12	1.1.1.1	0xa054	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:52.269696951 CEST	192.168.2.12	1.1.1.1	0xcef6	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:53.006856918 CEST	192.168.2.12	1.1.1.1	0x1d8a	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:53.007126093 CEST	192.168.2.12	1.1.1.1	0x4ae2	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 7, 2024 10:19:53.147599936 CEST	192.168.2.12	1.1.1.1	0xb046	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:53.147857904 CEST	192.168.2.12	1.1.1.1	0xf0d9	Standard query (0)	adservice.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:19:54.130631924 CEST	192.168.2.12	1.1.1.1	0x6bf1	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:54.130949020 CEST	192.168.2.12	1.1.1.1	0xfe8c	Standard query (0)	adservice.google.com	65	IN (0x0001)	false
Oct 7, 2024 10:20:21.036252975 CEST	192.168.2.12	1.1.1.1	0xf22f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:20:21.036402941 CEST	192.168.2.12	1.1.1.1	0xe4c1	Standard query (0)	www.google.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 10:17:21.082374096 CEST	1.1.1.1	192.168.2.12	0xb7e	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:21.082374096 CEST	1.1.1.1	192.168.2.12	0xb7e	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:22.415507078 CEST	1.1.1.1	192.168.2.12	0xfdf4	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:35.313010931 CEST	1.1.1.1	192.168.2.12	0x7e7f	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:35.955904961 CEST	1.1.1.1	192.168.2.12	0x572c	No error (0)	banderolaver.pro		104.21.84.155	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:35.955904961 CEST	1.1.1.1	192.168.2.12	0x572c	No error (0)	banderolaver.pro		172.67.194.144	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.064790964 CEST	1.1.1.1	192.168.2.12	0xec80	No error (0)	banderolaver.pro			65	IN (0x0001)	false
Oct 7, 2024 10:17:37.924400091 CEST	1.1.1.1	192.168.2.12	0x11f0	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.924400091 CEST	1.1.1.1	192.168.2.12	0x11f0	No error (0)	dual.s-part-0039.t-0009.fb-t-msedge.net	s-part-0039.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.924400091 CEST	1.1.1.1	192.168.2.12	0x11f0	No error (0)	s-part-0039.t-0009.fb-t-msedge.net		13.107.253.67	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.930634975 CEST	1.1.1.1	192.168.2.12	0x8c70	No error (0)	google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.930744886 CEST	1.1.1.1	192.168.2.12	0xdb9	No error (0)	google.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:37.931657076 CEST	1.1.1.1	192.168.2.12	0xfc82	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.932159901 CEST	1.1.1.1	192.168.2.12	0xed47	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.932159901 CEST	1.1.1.1	192.168.2.12	0xed47	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.932449102 CEST	1.1.1.1	192.168.2.12	0x4735	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:37.933238029 CEST	1.1.1.1	192.168.2.12	0x102b	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.935997009 CEST	1.1.1.1	192.168.2.12	0xe293	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.935997009 CEST	1.1.1.1	192.168.2.12	0xe293	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.935997009 CEST	1.1.1.1	192.168.2.12	0xe293	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:37.936772108 CEST	1.1.1.1	192.168.2.12	0xaeed	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:37.936772108 CEST	1.1.1.1	192.168.2.12	0xaeed	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:38.544665098 CEST	1.1.1.1	192.168.2.12	0x86eb	No error (0)	banderolaver.pro		104.21.84.155	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.544665098 CEST	1.1.1.1	192.168.2.12	0x86eb	No error (0)	banderolaver.pro		172.67.194.144	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.545573950 CEST	1.1.1.1	192.168.2.12	0xa00f	No error (0)	banderolaver.pro			65	IN (0x0001)	false
Oct 7, 2024 10:17:38.628235102 CEST	1.1.1.1	192.168.2.12	0xf57b	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.628235102 CEST	1.1.1.1	192.168.2.12	0xf57b	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.629967928 CEST	1.1.1.1	192.168.2.12	0x32f9	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:38.714616060 CEST	1.1.1.1	192.168.2.12	0x84d	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:38.714616060 CEST	1.1.1.1	192.168.2.12	0x84d	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.898530960 CEST	1.1.1.1	192.168.2.12	0x99df	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:38.898686886 CEST	1.1.1.1	192.168.2.12	0xcdf9	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:39.172410011 CEST	1.1.1.1	192.168.2.12	0x75fe	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:39.172524929 CEST	1.1.1.1	192.168.2.12	0x5733	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:40.679285049 CEST	1.1.1.1	192.168.2.12	0x1adf	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:40.679332018 CEST	1.1.1.1	192.168.2.12	0xde2	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:46.358680964 CEST	1.1.1.1	192.168.2.12	0x228e	No error (0)	google.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:46.358696938 CEST	1.1.1.1	192.168.2.12	0x97e6	No error (0)	google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:49.260974884 CEST	1.1.1.1	192.168.2.12	0x4f5d	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:49.261723042 CEST	1.1.1.1	192.168.2.12	0xa134	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:17:50.180804968 CEST	1.1.1.1	192.168.2.12	0x738f	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:50.180804968 CEST	1.1.1.1	192.168.2.12	0x738f	No error (0)	www3.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:50.181339025 CEST	1.1.1.1	192.168.2.12	0xb25d	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:50.189049959 CEST	1.1.1.1	192.168.2.12	0x9541	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:50.189049959 CEST	1.1.1.1	192.168.2.12	0x9541	No error (0)	plus.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:50.190133095 CEST	1.1.1.1	192.168.2.12	0xabfb	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:51.800074100 CEST	1.1.1.1	192.168.2.12	0x4991	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:52.644547939 CEST	1.1.1.1	192.168.2.12	0x3364	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:52.644547939 CEST	1.1.1.1	192.168.2.12	0x3364	No error (0)	plus.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:52.645298004 CEST	1.1.1.1	192.168.2.12	0xe016	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:17:52.751470089 CEST	1.1.1.1	192.168.2.12	0xef15	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:17:53.237175941 CEST	1.1.1.1	192.168.2.12	0xdcc5	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:06.369551897 CEST	1.1.1.1	192.168.2.12	0x7482	No error (0)	sustainability.google		216.239.36.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:06.369551897 CEST	1.1.1.1	192.168.2.12	0x7482	No error (0)	sustainability.google		216.239.38.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:06.369551897 CEST	1.1.1.1	192.168.2.12	0x7482	No error (0)	sustainability.google		216.239.32.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:06.369551897 CEST	1.1.1.1	192.168.2.12	0x7482	No error (0)	sustainability.google		216.239.34.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:09.888183117 CEST	1.1.1.1	192.168.2.12	0x6cc	No error (0)	sustainability.google		216.239.36.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:09.888183117 CEST	1.1.1.1	192.168.2.12	0x6cc	No error (0)	sustainability.google		216.239.34.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:09.888183117 CEST	1.1.1.1	192.168.2.12	0x6cc	No error (0)	sustainability.google		216.239.32.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:09.888183117 CEST	1.1.1.1	192.168.2.12	0x6cc	No error (0)	sustainability.google		216.239.38.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:10.146334887 CEST	1.1.1.1	192.168.2.12	0x4a56	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:12.414506912 CEST	1.1.1.1	192.168.2.12	0x3ad3	No error (0)	www.blog.google	ghs-svc-https-sni.ghs-ssl.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:12.419326067 CEST	1.1.1.1	192.168.2.12	0xe050	No error (0)	www.blog.google	ghs-svc-https-sni.ghs-ssl.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:12.419326067 CEST	1.1.1.1	192.168.2.12	0xe050	No error (0)	ghs-svc-https-sni.ghs-ssl.googlehosted.com		142.250.185.147	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:13.553014040 CEST	1.1.1.1	192.168.2.12	0xe8f9	No error (0)	blog.google		216.239.36.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:13.553014040 CEST	1.1.1.1	192.168.2.12	0xe8f9	No error (0)	blog.google		216.239.34.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:13.553014040 CEST	1.1.1.1	192.168.2.12	0xe8f9	No error (0)	blog.google		216.239.38.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:13.553014040 CEST	1.1.1.1	192.168.2.12	0xe8f9	No error (0)	blog.google		216.239.32.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:14.901611090 CEST	1.1.1.1	192.168.2.12	0xec08	No error (0)	blog.google		216.239.36.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:14.901611090 CEST	1.1.1.1	192.168.2.12	0xec08	No error (0)	blog.google		216.239.34.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:14.901611090 CEST	1.1.1.1	192.168.2.12	0xec08	No error (0)	blog.google		216.239.38.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:14.901611090 CEST	1.1.1.1	192.168.2.12	0xec08	No error (0)	blog.google		216.239.32.21	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:21.584280968 CEST	1.1.1.1	192.168.2.12	0x67e3	No error (0)	googletagmanager.com		142.250.186.104	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:21.742924929 CEST	1.1.1.1	192.168.2.12	0x9ef7	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:21.742924929 CEST	1.1.1.1	192.168.2.12	0x9ef7	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.129	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:21.742989063 CEST	1.1.1.1	192.168.2.12	0x11f5	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:22.948494911 CEST	1.1.1.1	192.168.2.12	0x1d9a	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:22.948510885 CEST	1.1.1.1	192.168.2.12	0x9488	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:22.948510885 CEST	1.1.1.1	192.168.2.12	0x9488	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.193	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:29.052393913 CEST	1.1.1.1	192.168.2.12	0x524d	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:18:29.377310038 CEST	1.1.1.1	192.168.2.12	0xe589	No error (0)	csp.withgoogle.com		142.250.186.113	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:32.323858976 CEST	1.1.1.1	192.168.2.12	0xcb48	No error (0)	mail.google.com		142.250.185.69	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:18:48.881853104 CEST	1.1.1.1	192.168.2.12	0x192d	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:03.332109928 CEST	1.1.1.1	192.168.2.12	0xd0b4	No error (0)	smallbusiness.withgoogle.com		142.250.186.113	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:04.407156944 CEST	1.1.1.1	192.168.2.12	0x5d36	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:19:04.407296896 CEST	1.1.1.1	192.168.2.12	0x1f3	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:04.415502071 CEST	1.1.1.1	192.168.2.12	0x5292	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:04.415502071 CEST	1.1.1.1	192.168.2.12	0x5292	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.225	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:04.415910959 CEST	1.1.1.1	192.168.2.12	0xf6b8	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:05.477149010 CEST	1.1.1.1	192.168.2.12	0x8297	No error (0)	smallbusiness.withgoogle.com		142.250.184.209	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:10.229094982 CEST	1.1.1.1	192.168.2.12	0x3232	No error (0)	survey.g.doubleclick.net	appspot.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:10.229094982 CEST	1.1.1.1	192.168.2.12	0x3232	No error (0)	appspot.l.google.com		142.250.185.177	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:10.253845930 CEST	1.1.1.1	192.168.2.12	0x6122	No error (0)	survey.g.doubleclick.net	appspot.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:11.639911890 CEST	1.1.1.1	192.168.2.12	0xa909	No error (0)	about.google		216.239.32.29	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:14.911263943 CEST	1.1.1.1	192.168.2.12	0xbaad	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:14.911263943 CEST	1.1.1.1	192.168.2.12	0xbaad	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.129	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:14.911695004 CEST	1.1.1.1	192.168.2.12	0xb92e	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:15.092664003 CEST	1.1.1.1	192.168.2.12	0x51b5	No error (0)	about.google		216.239.32.29	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:23.179816008 CEST	1.1.1.1	192.168.2.12	0xf438	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:23.179816008 CEST	1.1.1.1	192.168.2.12	0xf438	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.129	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:23.179828882 CEST	1.1.1.1	192.168.2.12	0x9a06	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:42.327330112 CEST	1.1.1.1	192.168.2.12	0x21f3	No error (0)	store.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:43.853471994 CEST	1.1.1.1	192.168.2.12	0x5b45	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:43.853471994 CEST	1.1.1.1	192.168.2.12	0x5b45	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:43.854048967 CEST	1.1.1.1	192.168.2.12	0xd76d	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:47.231287003 CEST	1.1.1.1	192.168.2.12	0x9ffb	No error (0)	store.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:49.484303951 CEST	1.1.1.1	192.168.2.12	0xc73b	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:50.453562975 CEST	1.1.1.1	192.168.2.12	0xf3e3	No error (0)	play.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.369879961 CEST	1.1.1.1	192.168.2.12	0x9f43	No error (0)	2542116.fls.doubleclick.net	dart.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:51.369879961 CEST	1.1.1.1	192.168.2.12	0x9f43	No error (0)	dart.l.doubleclick.net		172.217.23.102	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.376653910 CEST	1.1.1.1	192.168.2.12	0xbfdb	No error (0)	2542116.fls.doubleclick.net	dart.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 10:19:51.379374027 CEST	1.1.1.1	192.168.2.12	0x144e	No error (0)	td.doubleclick.net		142.250.186.98	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.381146908 CEST	1.1.1.1	192.168.2.12	0x4c8b	No error (0)	ad.doubleclick.net			65	IN (0x0001)	false
Oct 7, 2024 10:19:51.381352901 CEST	1.1.1.1	192.168.2.12	0xff24	No error (0)	ad.doubleclick.net		142.250.186.70	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.491095066 CEST	1.1.1.1	192.168.2.12	0x4679	No error (0)	googleads.g.doubleclick.net		172.217.18.2	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:51.491111040 CEST	1.1.1.1	192.168.2.12	0xe664	No error (0)	googleads.g.doubleclick.net			65	IN (0x0001)	false
Oct 7, 2024 10:19:52.276247025 CEST	1.1.1.1	192.168.2.12	0xa054	No error (0)	ad.doubleclick.net		172.217.18.6	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:52.278067112 CEST	1.1.1.1	192.168.2.12	0xcef6	No error (0)	ad.doubleclick.net			65	IN (0x0001)	false
Oct 7, 2024 10:19:53.013556957 CEST	1.1.1.1	192.168.2.12	0x1d8a	No error (0)	googleads.g.doubleclick.net		172.217.18.2	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:53.014508009 CEST	1.1.1.1	192.168.2.12	0x4ae2	No error (0)	googleads.g.doubleclick.net			65	IN (0x0001)	false
Oct 7, 2024 10:19:53.154470921 CEST	1.1.1.1	192.168.2.12	0xb046	No error (0)	adservice.google.com		142.250.184.194	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:53.154694080 CEST	1.1.1.1	192.168.2.12	0xf0d9	No error (0)	adservice.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:19:54.137562990 CEST	1.1.1.1	192.168.2.12	0x6bf1	No error (0)	adservice.google.com		142.250.184.194	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:19:54.137583017 CEST	1.1.1.1	192.168.2.12	0xfe8c	No error (0)	adservice.google.com			65	IN (0x0001)	false
Oct 7, 2024 10:20:21.043009043 CEST	1.1.1.1	192.168.2.12	0xf22f	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Oct 7, 2024 10:20:21.043204069 CEST	1.1.1.1	192.168.2.12	0xe4c1	No error (0)	www.google.com			65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:17 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 08:17:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=203304 Date: Mon, 07 Oct 2024 08:17:18 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 08:17:19 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=203239 Date: Mon, 07 Oct 2024 08:17:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 08:17:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Ta1oe7122HramXy&MD=XHgarPH4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 08:17:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 129cf576-6877-47c0-8c29-e4c0361f2d06 MS-RequestId: 365265fb-51f5-499c-8078-77f671cf78cb MS-CV: ExuG/ogMvEKswhyG.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 08:17:21 GMT Connection: close Content-Length: 24490
2024-10-07 08:17:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 08:17:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:23 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-10-07 08:17:23 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Mon, 07 Oct 2024 08:17:23 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:37 UTC	717	OUT	GET /microsoft-verify.php?user_email=cristina.marinello@smeg.es HTTP/1.1 Host: banderolaver.pro Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:37 UTC	636	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAtiFdgTA6s30h5aF67ZnGuYyK%2BQ0RPt2GXJlVRSWh5Q40e1lCNvyAYydhwUYwwYB0QJYT4bbhjXsAv8yUo5Y65UEnRM%2FUL7Tb2kHtEd4rZeYW7U1W9Imqq8zd5UDswOkq40"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cec74b2387a8c60-EWR alt-svc: h3=":443"; ma=86400
2024-10-07 08:17:37 UTC	733	IN	Data Raw: 37 64 33 34 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 Data Ascii: 7d34<html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport"
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 6e 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 53 69 74 65 49 44 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 65 71 4c 43 22 20 63 6f 6e 74 65 6e 74 3d 22 31 30 33 33 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4c 6f 63 4c 43 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 2d 55 53 22 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 0d 0a 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 3e 0d 0a 0d 0a 0d 0a 20 20 Data Ascii: n"> <meta name="SiteID" content=""> <meta name="ReqLC" content="1033"> <meta name="LocLC" content="en-US"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="none">
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 3a 20 73 76 72 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 68 6f 77 42 75 74 74 6f 6e 73 3a 20 73 76 72 2e 66 53 68 6f 77 42 75 74 74 6f 6e 73 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 68 6f 77 46 6f 6f 74 65 72 4c 69 6e 6b 73 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 57 69 7a 61 72 64 42 65 68 61 76 69 6f 72 3a 20 73 76 72 2e 66 55 73 65 57 69 7a 61 72 64 42 65 68 61 76 69 6f 72 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 61 6e 64 6c 65 57 69 7a 61 72 64 42 75 74 74 6f 6e 73 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 73 73 77 6f 72 64 3a 20 70 61 73 73 77 6f 72 64 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 69 64 65 46 72 6f 6d 41 72 69 61 3a 20 61 72 69 61 48 69 64 64 65 6e 20 Data Ascii: : svr, showButtons: svr.fShowButtons, showFooterLinks: true, useWizardBehavior: svr.fUseWizardBehavior, handleWizardButtons: false, password: password, hideFromAria: ariaHidden
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 20 20 3c 64 69 76 20 69 64 3d 22 62 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 62 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 3a 20 62 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 55 72 6c 28 29 2c 20 65 78 74 65 72 6e 61 6c 43 73 73 3a 20 7b 20 27 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 27 3a 20 74 72 75 65 20 7d 2c 20 61 72 69 61 4c 61 62 65 6c 3a 20 73 74 72 5b 27 53 54 52 5f 42 61 63 6b 67 72 6f 75 6e 64 5f 49 6d 61 67 65 5f 41 6c 74 54 65 78 74 27 5d 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 26 71 75 6f 74 3b 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e Data Ascii: <div id="backgroundImage" role="img" data-bind="backgroundImage: backgroundImageUrl(), externalCss: { 'background-image': true }, ariaLabel: str['STR_Background_Image_AltText']" style="background-image: url("https://aadcdn.msauth.net/shared/1.0/con
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 6c 54 69 74 6c 65 43 6f 6e 74 72 6f 6c 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 69 6e 2d 73 63 72 6f 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 69 67 68 74 62 6f 78 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 45 6e 64 3a 20 24 70 61 67 65 2e 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 48 65 6c 70 65 72 2e 61 6e 69 6d 61 74 69 6f 6e 45 6e 64 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 65 72 6e 61 6c 43 73 73 3a 20 7b 20 27 73 69 67 6e 2d 69 6e 2d 62 6f 78 27 3a 20 74 72 75 65 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 73 73 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: lTitleControl -->... /ko --> <div class="win-scroll"> <div id="lightbox" data-bind=" animationEnd: $page.paginationControlHelper.animationEnd, externalCss: { 'sign-in-box': true }, css: {
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 6f 6d 70 6f 6e 65 6e 74 3a 20 7b 20 6e 61 6d 65 3a 20 27 6c 6f 67 6f 2d 63 6f 6e 74 72 6f 6c 27 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 72 61 6d 73 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 73 43 68 69 6e 61 44 63 3a 20 73 76 72 2e 66 49 73 43 68 69 6e 61 44 63 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 6e 6e 65 72 4c 6f 67 6f 55 72 6c 3a 20 62 61 6e 6e 65 72 4c 6f 67 6f 55 72 6c 28 29 20 7d 20 7d 22 3e 3c 21 2d 2d 20 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 62 61 6e 6e 65 72 4c 6f 67 6f 55 72 6c 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 73 76 72 2e 66 Data Ascii: <div data-bind="component: { name: 'logo-control', params: { isChinaDc: svr.fIsChinaDc, bannerLogoUrl: bannerLogoUrl() } }">... -->... ko if: bannerLogoUrl -->... /ko -->... ko if: svr.f
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 6e 4d 69 63 72 6f 73 6f 66 74 44 65 66 61 75 6c 74 42 72 61 6e 64 69 6e 67 46 6f 72 43 69 61 6d 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 73 76 72 2e 73 74 72 4c 57 41 44 69 73 63 6c 61 69 6d 65 72 4d 73 67 20 26 26 20 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 48 65 6c 70 65 72 2e 73 68 6f 77 4c 77 61 44 69 73 63 6c 61 69 6d 65 72 28 29 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 61 73 79 6e 63 49 6e 69 74 52 65 61 64 79 20 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 20 Data Ascii: nMicrosoftDefaultBrandingForCiam -->... /ko --></div> ... /ko --> ... ko if: svr.strLWADisclaimerMsg && paginationControlHelper.showLwaDisclaimer() -->... /ko --> ... ko if: asyncInitReady --> <div role="main"
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 69 76 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 73 73 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 27 61 6e 69 6d 61 74 65 27 3a 20 61 6e 69 6d 61 74 65 28 29 20 26 61 6d 70 3b 26 61 6d 70 3b 20 61 6e 69 6d 61 74 65 2e 61 6e 69 6d 61 74 65 42 61 6e 6e 65 72 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 6f 75 74 2d 6e 65 78 74 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 4f 75 74 4e 65 78 74 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 69 6e 2d 6e 65 78 74 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 49 6e 4e 65 78 74 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 6f 75 74 2d 62 61 63 6b 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 4f 75 74 42 61 63 6b 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 Data Ascii: iv data-bind="css: { 'animate': animate() && animate.animateBanner(), 'slide-out-next': animate.isSlideOutNext(), 'slide-in-next': animate.isSlideInNext(), 'slide-out-back': animate.isSlideOutBack(), 's
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 72 61 73 74 42 6c 61 63 6b 54 68 65 6d 65 20 7c 7c 20 68 61 73 44 61 72 6b 42 61 63 6b 67 72 6f 75 6e 64 20 7c 7c 20 73 76 72 2e 66 48 61 73 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 29 20 26 26 20 21 69 73 48 69 67 68 43 6f 6e 74 72 61 73 74 57 68 69 74 65 54 68 65 6d 65 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 28 69 73 48 69 67 68 43 6f 6e 74 72 61 73 74 57 68 69 74 65 54 68 65 6d 65 20 7c 7c 20 28 21 68 61 73 44 61 72 6b 42 61 63 6b 67 72 6f 75 6e 64 20 26 26 20 21 73 76 72 2e 66 48 61 73 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 29 29 20 26 26 20 21 69 73 48 69 67 68 43 6f 6e 74 72 61 73 74 42 6c 61 63 6b 54 68 65 6d 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 6b 6f 20 74 65 6d 70 6c 61 74 65 3a 20 7b 20 Data Ascii: rastBlackTheme \|\| hasDarkBackground \|\| svr.fHasBackgroundColor) && !isHighContrastWhiteTheme -->... /ko -->... ko if: (isHighContrastWhiteTheme \|\| (!hasDarkBackground && !svr.fHasBackgroundColor)) && !isHighContrastBlackTheme -->... ko template: {
2024-10-07 08:17:37 UTC	1369	IN	Data Raw: 72 2e 73 50 4f 53 54 5f 55 73 65 72 6e 61 6d 65 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 7a 65 72 6f 2d 6f 70 61 63 69 74 79 27 3a 20 68 69 64 65 50 61 67 69 6e 61 74 65 64 56 69 65 77 2e 68 69 64 65 53 75 62 56 69 65 77 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 61 6e 69 6d 61 74 65 27 3a 20 61 6e 69 6d 61 74 65 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 6f 75 74 2d 6e 65 78 74 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 4f 75 74 4e 65 78 74 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 69 6e 2d 6e 65 78 74 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 49 6e 4e 65 78 74 28 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 73 6c 69 64 65 2d 6f 75 74 2d 62 61 63 6b 27 3a 20 61 6e 69 6d 61 74 65 2e 69 73 53 6c 69 64 65 4f Data Ascii: r.sPOST_Username), 'zero-opacity': hidePaginatedView.hideSubView(), 'animate': animate(), 'slide-out-next': animate.isSlideOutNext(), 'slide-in-next': animate.isSlideInNext(), 'slide-out-back': animate.isSlideO

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	637	OUT	GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1 Host: banderolaver.pro Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://banderolaver.pro/microsoft-verify.php?user_email=cristina.marinello@smeg.es Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	750	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:38 GMT Content-Type: application/javascript Content-Length: 1239 Connection: close Last-Modified: Tue, 01 Oct 2024 14:50:16 GMT ETag: "66fc0c28-4d7" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fWWkij7to3HZgHKy%2BBIITI1NLzh6os3vGrB87ZOnDt2jN42y46oy2giVv0FKL4GbXmG3zjTIO%2BbusL7XeK6EORNX%2BVjOFlo1B3uBQLEqFGz6egiPvq624BwA%2BIb9c2sq1R7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cec74b77a71de9a-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 09 Oct 2024 08:17:38 GMT Cache-Control: max-age=172800 Cache-Control: public Accept-Ranges: bytes
2024-10-07 08:17:38 UTC	619	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66 Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href
2024-10-07 08:17:38 UTC	620	IN	Data Raw: 61 2b 6c 2e 6c 65 6e 67 74 68 29 29 7d 63 61 74 63 68 28 69 29 7b 65 28 69 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 75 29 2c 63 3d 30 3b 63 3c 72 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 72 79 7b 76 61 72 20 6f 3d 72 5b 63 5d 2c 61 3d 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 69 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 66 29 3b 69 66 28 69 29 7b 76 61 72 20 6c 3d 6e 28 69 2c 30 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6c 29 3b 61 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 64 2c 6f 29 7d 7d 63 61 74 63 68 28 68 29 7b 65 28 68 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 Data Ascii: a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.qu

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	564	OUT	GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	928	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:38 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03ec3-4e98" Last-Modified: Mon, 04 May 2020 16:11:47 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 252781 Expires: Sat, 27 Sep 2025 08:17:38 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XezsmkIO7uO0fTOCuvfpREpLfsp0Z7aGiY%2Frw9ZVpoHD0yOKgzTyO6oGuRW3qTApt1nX7RN7ojBcIDw%2FBJsqjr3CHjyulhsQapsE5B7T2chzy20GynJ0db9bWx5jvD%2BC9GqvitXK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8cec74b77f970cbc-EWR
2024-10-07 08:17:38 UTC	441	IN	Data Raw: 34 65 39 38 0d 0a 2f 2a 2a 0a 20 2a 20 6a 71 75 65 72 79 2e 6d 61 73 6b 2e 6a 73 0a 20 2a 20 40 76 65 72 73 69 6f 6e 3a 20 76 31 2e 31 34 2e 31 30 0a 20 2a 20 40 61 75 74 68 6f 72 3a 20 49 67 6f 72 20 45 73 63 6f 62 61 72 0a 20 2a 0a 20 2a 20 43 72 65 61 74 65 64 20 62 79 20 49 67 6f 72 20 45 73 63 6f 62 61 72 20 6f 6e 20 32 30 31 32 2d 30 33 2d 31 30 2e 20 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 61 6e 79 20 62 75 67 20 61 74 20 68 74 74 70 3a 2f 2f 62 6c 6f 67 2e 69 67 6f 72 65 73 63 6f 62 61 72 2e 63 6f 6d 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 32 20 49 67 6f 72 20 45 73 63 6f 62 61 72 20 68 74 74 70 3a 2f 2f 62 6c 6f 67 2e 69 67 6f 72 65 73 63 6f 62 61 72 2e 63 6f 6d 0a 20 2a 0a 20 2a 20 54 68 65 20 4d 49 54 20 4c 69 Data Ascii: 4e98/** * jquery.mask.js * @version: v1.14.10 * @author: Igor Escobar * * Created by Igor Escobar on 2012-03-10. Please report any bug at http://blog.igorescobar.com * * Copyright (c) 2012 Igor Escobar http://blog.igorescobar.com * * The MIT Li
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 74 69 6f 6e 0a 20 2a 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 20 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 0a 20 2a 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 69 74 68 6f 75 74 20 6c 69 6d 69 74 61 74 69 6f 6e 20 74 68 65 20 72 69 67 68 74 73 20 74 6f 20 75 73 65 2c 0a 20 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 6d 65 72 67 65 2c 20 70 75 62 6c 69 73 68 2c 20 64 69 73 74 72 69 62 75 74 65 2c 20 73 75 62 6c 69 63 65 6e 73 65 2c 20 61 6e 64 2f 6f 72 20 73 65 6c 6c 0a 20 2a 20 63 6f 70 69 65 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2c 20 61 6e 64 20 74 6f 20 70 65 72 6d 69 74 20 70 65 72 73 6f 6e 73 20 74 6f 20 77 68 6f 6d 20 74 Data Ascii: tion * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, * copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom t
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 6f 72 74 73 20 3d 3d 3d 20 27 6f 62 6a 65 63 74 27 29 20 7b 0a 20 20 20 20 20 20 20 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 20 3d 20 66 61 63 74 6f 72 79 28 72 65 71 75 69 72 65 28 27 6a 71 75 65 72 79 27 29 29 3b 0a 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 66 61 63 74 6f 72 79 28 6a 51 75 65 72 79 20 7c 7c 20 5a 65 70 74 6f 29 3b 0a 20 20 20 20 7d 0a 0a 7d 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 0a 20 20 20 20 76 61 72 20 4d 61 73 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 65 6c 2c 20 6d 61 73 6b 2c 20 6f 70 74 69 6f 6e 73 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 76 61 6c 69 64 3a 20 5b 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 43 61 72 65 Data Ascii: orts === 'object') { module.exports = factory(require('jquery')); } else { factory(jQuery \|\| Zepto); }}(function ($) { var Mask = function (el, mask, options) { var p = { invalid: [], getCare
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 73 2c 20 70 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 20 2f 2f 20 49 45 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 20 3d 20 63 74 72 6c 2e 63 72 65 61 74 65 54 65 78 74 52 61 6e 67 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 63 6f 6c 6c 61 70 73 65 28 74 72 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 6d 6f 76 65 45 6e 64 28 27 63 68 61 72 61 63 74 65 72 27 2c 20 70 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 6d 6f Data Ascii: s, pos); } else { // IE range = ctrl.createTextRange(); range.collapse(true); range.moveEnd('character', pos); range.mo
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 63 6b 20 72 65 6d 61 69 6e 73 20 69 6e 20 74 68 69 73 20 70 6f 73 69 74 69 6f 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6f 74 68 65 72 77 68 69 73 65 20 6f 6c 64 56 61 6c 75 65 20 69 74 27 73 20 67 6f 69 6e 67 20 74 6f 20 77 6f 72 6b 20 62 75 67 67 79 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 6e 28 27 62 6c 75 72 2e 6d 61 73 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 6c 64 56 61 6c 75 65 20 3d 20 70 2e 76 61 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 73 65 6c 65 63 74 20 61 6c 6c 20 74 65 78 74 20 6f 6e 20 66 6f 63 75 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ck remains in this position // otherwhise oldValue it's going to work buggy .on('blur.mask', function() { oldValue = p.val(); }) // select all text on focus
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 20 3d 20 7b 64 69 67 69 74 3a 20 6d 61 73 6b 2e 63 68 61 72 41 74 28 69 29 2c 20 70 61 74 74 65 72 6e 3a 20 70 61 74 74 65 72 6e 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 73 6b 43 68 75 6e 6b 73 2e 70 75 73 68 28 21 6f 70 74 69 6f 6e 61 6c 20 26 26 20 21 72 65 63 75 72 73 69 76 65 20 3f 20 70 61 74 74 65 72 6e 20 3a 20 28 70 61 74 74 65 72 6e 20 2b 20 27 3f 27 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: = {digit: mask.charAt(i), pattern: pattern}; } else { maskChunks.push(!optional && !recursive ? pattern : (pattern + '?')); } } else {
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 65 43 61 72 65 74 50 6f 73 69 74 69 6f 6e 3a 20 66 75 6e 63 74 69 6f 6e 28 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6e 65 77 56 61 6c 4c 20 3d 20 6e 65 77 56 61 6c 2e 6c 65 6e 67 74 68 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 56 61 6c 75 65 20 20 3d 20 65 6c 2e 64 61 74 61 28 27 6d 61 73 6b 2d 70 72 65 76 69 75 73 2d 76 61 6c 75 65 27 29 20 7c 7c 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 56 61 6c 75 65 4c 20 3d 20 6f 56 61 6c 75 65 2e 6c 65 6e 67 74 68 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 65 64 67 65 20 63 61 73 65 73 20 77 68 65 6e 20 65 72 61 73 69 6e 67 20 64 69 67 69 74 73 0a 20 20 Data Ascii: eCaretPosition: function(caretPos, newVal) { var newValL = newVal.length, oValue = el.data('mask-previus-value') \|\| '', oValueL = oValue.length; // edge cases when erasing digits
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 43 61 72 65 74 50 6f 73 69 74 69 6f 6e 28 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 31 30 2c 20 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 76 61 6c 28 6e 65 77 56 61 6c 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 73 65 74 43 61 72 65 74 28 63 61 72 65 74 50 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 70 2e 63 61 6c 6c 62 61 63 6b 73 28 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 4d 61 73 6b 65 64 Data Ascii: CaretPosition(caretPos, newVal)); }, 10, caretPos, newVal); p.val(newVal); p.setCaret(caretPos); return p.callbacks(e); } }, getMasked
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 28 76 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 6a 4d 61 73 6b 2e 74 72 61 6e 73 6c 61 74 69 6f 6e 5b 6d 61 73 6b 44 69 67 69 74 5d 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 72 61 6e 73 6c 61 74 69 6f 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 76 61 6c 44 69 67 69 74 2e 6d 61 74 63 68 28 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 70 61 74 74 65 72 6e 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 75 66 5b 61 64 64 4d 65 74 68 6f 64 5d 28 76 61 6c 44 69 67 69 74 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: (v), translation = jMask.translation[maskDigit]; if (translation) { if (valDigit.match(translation.pattern)) { buf[addMethod](valDigit);
2024-10-07 08:17:38 UTC	1369	IN	Data Raw: 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 75 66 5b 61 64 64 4d 65 74 68 6f 64 5d 28 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 66 61 6c 6c 62 61 63 6b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 20 2b 3d 20 6f 66 66 73 65 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 20 2d 3d 20 6f 66 66 73 65 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 69 6e 76 61 6c 69 64 2e 70 75 73 68 28 7b 70 3a 20 76 2c 20 76 3a 20 76 61 6c 44 69 67 69 74 2c 20 65 3a 20 Data Ascii: llback) { buf[addMethod](translation.fallback); m += offset; v -= offset; } else { p.invalid.push({p: v, v: valDigit, e:

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	745	OUT	GET / HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch X-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlaHLAQic/swBCPqYzQEIhaDNAQi5ys0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	854	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.com/ Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-M7O9dxfvqoa_p9lnpcUbKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Mon, 07 Oct 2024 08:17:38 GMT Expires: Wed, 06 Nov 2024 08:17:38 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 220 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 08:17:38 UTC	220	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Fact-2024-10.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e0b5b6a6-9180-4925-bac0-3c116d936b06.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007081713Z-170.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\0d9027f0-b53f-46cd-8204-7390327ddad5 (copy)

C:\Users\user\AppData\Local\Temp\MSI29924.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 04-17-11-067.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Windows Analysis Report
Fact-2024-10.pdf

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	654	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	807	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:38 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT ETag: 0x8D79B8373CB2849 x-ms-request-id: 4f41dc00-c01e-0021-4487-189092000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081738Z-1767f7688dcmkqgxsuwcub9gd000000000vg00000000bga6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-10-07 08:17:38 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	650	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	799	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:38 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:34 GMT ETag: 0x8D79B8371B97A82 x-ms-request-id: 828ae78b-401e-007a-023b-17de16000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081738Z-1767f7688dc88qkvtwr7dy4vdn0000000a40000000006bcv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 08:17:38 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:38 UTC	640	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ri9kuwotliet3wfbgspsga2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://banderolaver.pro sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:38 UTC	802	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:38 GMT Content-Type: text/css Content-Length: 20004 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 07 Mar 2023 21:22:34 GMT ETag: 0x8DB1F52117A5E28 x-ms-request-id: e8aa836f-101e-0067-1e95-15d3aa000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081738Z-r154656d9bczc24jcy1csnb0es0000000270000000001car x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 08:17:38 UTC	15582	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-10-07 08:17:38 UTC	4422	IN	Data Raw: a4 d5 66 a0 4a b0 d8 50 2b 04 d0 d6 ad 06 75 6b 41 43 ba e8 55 c3 c1 60 bc 4c 26 6e 9f b4 c6 19 64 a0 f6 21 80 d6 3e f9 b5 b2 05 0d eb 93 4f 5b 79 9f 1e a6 8c 7d 1e cf dc 03 77 34 cb c1 26 7e a1 a3 0d 81 a9 e1 86 c0 e4 78 03 95 19 dc f7 94 9b 0d c2 20 ad 02 68 68 68 1b 1e 26 02 71 8b b5 e1 a4 a0 a7 c9 e6 8d ae 15 59 38 a4 4f c3 8b d9 39 72 1f 2c 00 62 85 44 4c bc fb 3a 7b 16 3f 1c 07 13 01 dc ca 1e c9 74 34 f9 87 b1 cb e0 be 5e ee 39 cb fc d4 07 3b 59 ee 83 0f c8 11 be 9d 73 86 bf 59 e7 79 64 90 5d 48 2d 5e 8e 9c 6f 92 6d b6 db e7 8c bd ee 6d aa e2 de 0d e3 b5 3b 11 3b 66 bb a2 46 86 e9 6f 31 17 43 de bb 4f a9 9b 51 6d 70 3f cd 56 81 47 98 66 6d 8a bf c1 5c 68 37 e1 b7 1c 5d 72 6e 74 de fb eb 38 4d b6 0b af f3 d4 64 a2 3f be d5 37 e9 ff 26 4c 47 83 3c c1 Data Ascii: fJP+ukACU`L&nd!>O[y}w4&~x hhh&qY8O9r,bDL:{?t4^9;YsYyd]H-^omm;;fFo1COQmp?VGfm\h7]rnt8Md?7&LG<

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:39 UTC	388	OUT	GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:39 UTC	926	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:39 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03ec3-4e98" Last-Modified: Mon, 04 May 2020 16:11:47 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 252782 Expires: Sat, 27 Sep 2025 08:17:39 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s3vpfbyvBpppE0AmF8GxMQLeuMwz%2BoBJ59fCSNgCn47X8ec0PQ5g7t5borDm9v8hNlvy3otLyll1eSgaygDAazp5KIFR%2Fs8FMhDDAkbr5fU4jLWzhDEzb5XmmFccsDzfvSWh94te"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8cec74bbf9d9c34e-EWR
2024-10-07 08:17:39 UTC	443	IN	Data Raw: 34 65 39 38 0d 0a 2f 2a 2a 0a 20 2a 20 6a 71 75 65 72 79 2e 6d 61 73 6b 2e 6a 73 0a 20 2a 20 40 76 65 72 73 69 6f 6e 3a 20 76 31 2e 31 34 2e 31 30 0a 20 2a 20 40 61 75 74 68 6f 72 3a 20 49 67 6f 72 20 45 73 63 6f 62 61 72 0a 20 2a 0a 20 2a 20 43 72 65 61 74 65 64 20 62 79 20 49 67 6f 72 20 45 73 63 6f 62 61 72 20 6f 6e 20 32 30 31 32 2d 30 33 2d 31 30 2e 20 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 61 6e 79 20 62 75 67 20 61 74 20 68 74 74 70 3a 2f 2f 62 6c 6f 67 2e 69 67 6f 72 65 73 63 6f 62 61 72 2e 63 6f 6d 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 32 20 49 67 6f 72 20 45 73 63 6f 62 61 72 20 68 74 74 70 3a 2f 2f 62 6c 6f 67 2e 69 67 6f 72 65 73 63 6f 62 61 72 2e 63 6f 6d 0a 20 2a 0a 20 2a 20 54 68 65 20 4d 49 54 20 4c 69 Data Ascii: 4e98/** * jquery.mask.js * @version: v1.14.10 * @author: Igor Escobar * * Created by Igor Escobar on 2012-03-10. Please report any bug at http://blog.igorescobar.com * * Copyright (c) 2012 Igor Escobar http://blog.igorescobar.com * * The MIT Li
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 6f 6e 0a 20 2a 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 20 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 0a 20 2a 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 69 74 68 6f 75 74 20 6c 69 6d 69 74 61 74 69 6f 6e 20 74 68 65 20 72 69 67 68 74 73 20 74 6f 20 75 73 65 2c 0a 20 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 6d 65 72 67 65 2c 20 70 75 62 6c 69 73 68 2c 20 64 69 73 74 72 69 62 75 74 65 2c 20 73 75 62 6c 69 63 65 6e 73 65 2c 20 61 6e 64 2f 6f 72 20 73 65 6c 6c 0a 20 2a 20 63 6f 70 69 65 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2c 20 61 6e 64 20 74 6f 20 70 65 72 6d 69 74 20 70 65 72 73 6f 6e 73 20 74 6f 20 77 68 6f 6d 20 74 68 65 Data Ascii: on * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, * copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 74 73 20 3d 3d 3d 20 27 6f 62 6a 65 63 74 27 29 20 7b 0a 20 20 20 20 20 20 20 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 20 3d 20 66 61 63 74 6f 72 79 28 72 65 71 75 69 72 65 28 27 6a 71 75 65 72 79 27 29 29 3b 0a 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 66 61 63 74 6f 72 79 28 6a 51 75 65 72 79 20 7c 7c 20 5a 65 70 74 6f 29 3b 0a 20 20 20 20 7d 0a 0a 7d 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 0a 20 20 20 20 76 61 72 20 4d 61 73 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 65 6c 2c 20 6d 61 73 6b 2c 20 6f 70 74 69 6f 6e 73 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 76 61 6c 69 64 3a 20 5b 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 43 61 72 65 74 3a Data Ascii: ts === 'object') { module.exports = factory(require('jquery')); } else { factory(jQuery \|\| Zepto); }}(function ($) { var Mask = function (el, mask, options) { var p = { invalid: [], getCaret:
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 20 70 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 20 2f 2f 20 49 45 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 20 3d 20 63 74 72 6c 2e 63 72 65 61 74 65 54 65 78 74 52 61 6e 67 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 63 6f 6c 6c 61 70 73 65 28 74 72 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 6d 6f 76 65 45 6e 64 28 27 63 68 61 72 61 63 74 65 72 27 2c 20 70 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 61 6e 67 65 2e 6d 6f 76 65 Data Ascii: pos); } else { // IE range = ctrl.createTextRange(); range.collapse(true); range.moveEnd('character', pos); range.move
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 20 72 65 6d 61 69 6e 73 20 69 6e 20 74 68 69 73 20 70 6f 73 69 74 69 6f 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6f 74 68 65 72 77 68 69 73 65 20 6f 6c 64 56 61 6c 75 65 20 69 74 27 73 20 67 6f 69 6e 67 20 74 6f 20 77 6f 72 6b 20 62 75 67 67 79 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 6e 28 27 62 6c 75 72 2e 6d 61 73 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 6c 64 56 61 6c 75 65 20 3d 20 70 2e 76 61 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 73 65 6c 65 63 74 20 61 6c 6c 20 74 65 78 74 20 6f 6e 20 66 6f 63 75 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: remains in this position // otherwhise oldValue it's going to work buggy .on('blur.mask', function() { oldValue = p.val(); }) // select all text on focus
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 20 7b 64 69 67 69 74 3a 20 6d 61 73 6b 2e 63 68 61 72 41 74 28 69 29 2c 20 70 61 74 74 65 72 6e 3a 20 70 61 74 74 65 72 6e 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 73 6b 43 68 75 6e 6b 73 2e 70 75 73 68 28 21 6f 70 74 69 6f 6e 61 6c 20 26 26 20 21 72 65 63 75 72 73 69 76 65 20 3f 20 70 61 74 74 65 72 6e 20 3a 20 28 70 61 74 74 65 72 6e 20 2b 20 27 3f 27 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: {digit: mask.charAt(i), pattern: pattern}; } else { maskChunks.push(!optional && !recursive ? pattern : (pattern + '?')); } } else {
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 61 72 65 74 50 6f 73 69 74 69 6f 6e 3a 20 66 75 6e 63 74 69 6f 6e 28 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6e 65 77 56 61 6c 4c 20 3d 20 6e 65 77 56 61 6c 2e 6c 65 6e 67 74 68 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 56 61 6c 75 65 20 20 3d 20 65 6c 2e 64 61 74 61 28 27 6d 61 73 6b 2d 70 72 65 76 69 75 73 2d 76 61 6c 75 65 27 29 20 7c 7c 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 56 61 6c 75 65 4c 20 3d 20 6f 56 61 6c 75 65 2e 6c 65 6e 67 74 68 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 65 64 67 65 20 63 61 73 65 73 20 77 68 65 6e 20 65 72 61 73 69 6e 67 20 64 69 67 69 74 73 0a 20 20 20 20 Data Ascii: aretPosition: function(caretPos, newVal) { var newValL = newVal.length, oValue = el.data('mask-previus-value') \|\| '', oValueL = oValue.length; // edge cases when erasing digits
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 72 65 74 50 6f 73 69 74 69 6f 6e 28 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 31 30 2c 20 63 61 72 65 74 50 6f 73 2c 20 6e 65 77 56 61 6c 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 76 61 6c 28 6e 65 77 56 61 6c 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 73 65 74 43 61 72 65 74 28 63 61 72 65 74 50 6f 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 70 2e 63 61 6c 6c 62 61 63 6b 73 28 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 4d 61 73 6b 65 64 3a 20 Data Ascii: retPosition(caretPos, newVal)); }, 10, caretPos, newVal); p.val(newVal); p.setCaret(caretPos); return p.callbacks(e); } }, getMasked:
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 6a 4d 61 73 6b 2e 74 72 61 6e 73 6c 61 74 69 6f 6e 5b 6d 61 73 6b 44 69 67 69 74 5d 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 72 61 6e 73 6c 61 74 69 6f 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 76 61 6c 44 69 67 69 74 2e 6d 61 74 63 68 28 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 70 61 74 74 65 72 6e 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 75 66 5b 61 64 64 4d 65 74 68 6f 64 5d 28 76 61 6c 44 69 67 69 74 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ), translation = jMask.translation[maskDigit]; if (translation) { if (valDigit.match(translation.pattern)) { buf[addMethod](valDigit);
2024-10-07 08:17:39 UTC	1369	IN	Data Raw: 62 61 63 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 75 66 5b 61 64 64 4d 65 74 68 6f 64 5d 28 74 72 61 6e 73 6c 61 74 69 6f 6e 2e 66 61 6c 6c 62 61 63 6b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 20 2b 3d 20 6f 66 66 73 65 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 20 2d 3d 20 6f 66 66 73 65 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 69 6e 76 61 6c 69 64 2e 70 75 73 68 28 7b 70 3a 20 76 2c 20 76 3a 20 76 61 6c 44 69 67 69 74 2c 20 65 3a 20 74 72 Data Ascii: back) { buf[addMethod](translation.fallback); m += offset; v -= offset; } else { p.invalid.push({p: v, v: valDigit, e: tr

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:39 UTC	653	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:39 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:39 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: 0cc5302b-e01e-005c-6387-18960e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081739Z-r154656d9bcp2td5zh846myygg0000000rs00000000097m2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-10-07 08:17:39 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:39 UTC	749	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch X-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlaHLAQic/swBCPqYzQEIhaDNAQi5ys0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:39 UTC	1762	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:39 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-OI-IuDc1ffluAzM3xJdQGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AVYB7crzbriUz5L7sB3S7kkgzqQh4B5UfwVbWxdATrYt9jGvU7P3hbybYA; expires=Sat, 05-Apr-2025 08:17:39 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=518=2IPV99F8I4K9bZ_VqhXjTcQUBqqeHEk_hgeNJ-_BobpZoYS82tkp9frtlyNNytujocldaiTf0gyORfTNKdDQ8LgNgNCDg17y7JuNpeSLw0dpLY2lDbIJh9j-ucQXosc_EOtkI64AjjoJU4Xn4oWCDfrMSKX1bOE-G7Gt78yiZi1EqpN_CjTFmLQus1D4e4aR8NE; expires=Tue, 08-Apr-2025 08:17:39 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 08:17:39 UTC	1762	IN	Data Raw: 32 30 36 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e Data Ascii: 2064<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>
2024-10-07 08:17:39 UTC	1762	IN	Data Raw: 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e 5b 67 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6e 5b 67 5d 7d 3b 61 2e 73 72 63 3d 63 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 62 3b 72 65 74 75 72 6e 20 74 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67 6f 6f 67 6c 65 29 2e 78 7c 7c 28 64 2e 78 Data Ascii: ,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=b===void 0?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x\|\|(d.x
2024-10-07 08:17:39 UTC	1762	IN	Data Raw: 6e 67 26 26 22 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 22 69 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2c 61 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 6e 73 2c 74 3d 72 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e Data Ascii: ng&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,t=r?aa\|\|window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=google.stvsc&&google.stvsc.
2024-10-07 08:17:39 UTC	1762	IN	Data Raw: 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 64 7c 7c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 3b 76 61 72 20 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 6a 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 65 66 65 72 72 65 64 22 29 3b 76 61 72 20 64 3b 69 66 28 64 3d 21 74 68 69 73 2e 6a 29 61 3a 7b 66 6f 72 28 64 3d 30 3b 64 3c 44 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 69 66 28 61 2e 67 65 74 Data Ascii: a.removeEventListener(b,c,d\|\|!1):a.attachEvent&&a.detachEvent("on"+b,c)};var pa=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");this.j=!!this.g.getAttribute("data-deferred");var d;if(d=!this.j)a:{for(d=0;d<D.length;++d)if(a.get
2024-10-07 08:17:39 UTC	1252	IN	Data Raw: 22 69 6d 67 22 29 2c 63 3d 30 2c 64 3d 62 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b Data Ascii: "img"),c=0,d=b.length;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{
2024-10-07 08:17:39 UTC	342	IN	Data Raw: 31 34 66 0d 0a 26 26 76 3e 74 26 26 76 3c 3d 4d 2e 73 74 61 72 74 3f 28 4d 2e 73 74 61 72 74 3d 76 2c 4c 2e 77 73 72 74 3d 76 2d 74 29 3a 4e 2e 6e 6f 77 26 26 28 4c 2e 77 73 72 74 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 75 28 29 29 29 29 7d 67 6f 6f 67 6c 65 2e 63 2e 62 28 22 78 65 22 2c 22 6c 6f 61 64 22 29 3b 21 77 69 6e 64 6f 77 2e 5f 68 73 74 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 76 61 72 20 4f 3b 69 66 28 28 4f 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 3d 3d 6e 75 6c 6c 3f 30 3a 4f 2e 73 74 61 72 74 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2e 74 2e 73 74 61 72 74 3d 67 6f Data Ascii: 14f&&v>t&&v<=M.start?(M.start=v,L.wsrt=v-t):N.now&&(L.wsrt=Math.floor(u())))}google.c.b("xe","load");!window._hst&&performance&&performance.mark&&performance.mark("SearchHeadStart");var O;if((O=google.stvsc)==null?0:O.start)google.timers.load.t.start=go
2024-10-07 08:17:39 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 76 61 72 20 62 3b 74 26 26 28 62 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 2b 61 29 29 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 66 68 74 22 2c 62 29 3b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 50 28 61 2e 74 69 6d 65 53 74 61 6d 70 29 26 26 43 28 64 6f 63 75 6d 65 6e 74 2c 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 51 2c 21 30 29 7d 67 6f 6f 67 6c 65 2e 63 2e 66 68 3d 49 6e 66 69 6e 69 74 79 3b 42 28 64 6f 63 75 6d 65 6e 74 2c 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 51 2c 21 30 29 3b 50 28 30 29 3b 78 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 72 61 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 Data Ascii: 8000var b;t&&(b=Math.floor(t+a));google.tick("load","fht",b);return!0}return!1}function Q(a){P(a.timeStamp)&&C(document,"visibilitychange",Q,!0)}google.c.fh=Infinity;B(document,"visibilitychange",Q,!0);P(0);x&&(google.c.oil=ra,B(document.documentElement
2024-10-07 08:17:39 UTC	1390	IN	Data Raw: 3e 30 26 26 28 63 2e 67 73 61 73 72 74 3d 62 2e 74 2e 73 74 61 72 74 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 26 74 3d 22 2b 61 2b 22 26 61 74 79 70 3d 63 73 69 26 65 69 3d 22 2b 67 6f 6f 67 6c 65 2e 6b 45 49 2b 22 26 72 74 3d 22 3b 64 3d 22 22 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 63 29 61 2b 3d 22 22 2b 64 2b 66 2b 22 2e 22 2b 63 5b 66 5d 2c 64 3d 22 2c 22 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 62 29 61 2b 3d 22 26 22 2b 67 2b 22 3d 22 2b 62 5b 67 5d 3b 66 3d 61 3b 67 3d 22 22 3b 61 3d 5b 5d 3b 70 2e 5f 63 73 68 69 64 26 26 0a 61 2e 70 75 73 68 28 5b 22 63 73 68 69 64 22 2c 70 2e 5f 63 73 68 69 64 5d 29 3b 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 21 3d 3d 76 6f 69 64 20 30 Data Ascii: >0&&(c.gsasrt=b.t.start-d);b=b.e;a="/gen_204?s="+google.sn+"&t="+a+"&atyp=csi&ei="+google.kEI+"&rt=";d="";for(var f in c)a+=""+d+f+"."+c[f],d=",";for(var g in b)a+="&"+g+"="+b[g];f=a;g="";a=[];p._cshid&&a.push(["cshid",p._cshid]);b=window.google!==void 0
2024-10-07 08:17:39 UTC	1390	IN	Data Raw: 69 6d 69 6e 67 29 7b 76 61 72 20 61 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2c 62 3d 61 2e 77 73 72 74 3b 61 3d 61 2e 74 2e 61 66 74 3b 62 26 26 62 3e 30 26 26 61 26 26 61 3e 30 26 26 28 61 2d 3d 57 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 2c 61 3e 30 26 26 28 57 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 41 46 54 53 74 61 72 74 22 2c 7b 73 74 61 72 74 54 69 6d 65 3a 62 7d 29 2c 57 2e 6d 61 72 6b 28 22 74 72 69 67 67 65 72 3a 53 65 61 72 63 68 41 46 54 45 6e 64 22 2c 7b 73 74 61 72 74 54 69 6d 65 3a 61 7d 29 29 29 7d 7d 3b 76 61 72 20 7a 61 3d 21 31 2c 58 3d 30 2c 59 3d 30 2c 5a 3b 66 75 6e 63 74 69 6f 6e 20 41 61 28 61 2c 62 29 7b 6e 61 26 26 21 67 6f 6f 67 6c 65 2e 63 2e 77 68 26 26 28 67 6f 6f 67 6c 65 2e 63 2e Data Ascii: iming){var a=google.timers.load,b=a.wsrt;a=a.t.aft;b&&b>0&&a&&a>0&&(a-=W.timing.navigationStart,a>0&&(W.mark("SearchAFTStart",{startTime:b}),W.mark("trigger:SearchAFTEnd",{startTime:a})))}};var za=!1,X=0,Y=0,Z;function Aa(a,b){na&&!google.c.wh&&(google.c.
2024-10-07 08:17:39 UTC	1390	IN	Data Raw: 61 6b 20 61 7d 56 28 29 7d 5a 3d 76 6f 69 64 20 30 7d 67 6f 6f 67 6c 65 2e 63 2e 6d 61 66 74 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 78 7c 7c 4a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 3b 7a 61 7c 7c 28 67 6f 6f 67 6c 65 2e 63 2e 62 28 22 61 66 74 22 29 2c 7a 61 3d 21 30 29 3b 59 7c 7c 41 61 28 61 2c 62 29 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 6d 69 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 64 29 7b 76 61 72 20 65 3d 46 28 64 29 3b 64 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 61 74 66 22 2c 53 74 72 69 6e 67 28 65 29 29 3b 72 65 74 75 72 6e 20 79 26 26 21 64 2e 42 26 26 28 21 64 2e 6c 7c 7c 64 2e 46 7c 7c 21 21 28 46 28 64 29 26 31 29 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 64 29 7b 79 26 26 7a Data Ascii: ak a}V()}Z=void 0}google.c.maft=function(a,b){x\|\|J(function(){});za\|\|(google.c.b("aft"),za=!0);Y\|\|Aa(a,b)};google.c.miml=function(a){function b(d){var e=F(d);d.g.setAttribute("data-atf",String(e));return y&&!d.B&&(!d.l\|\|d.F\|\|!!(F(d)&1))}function c(d){y&&z

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:40 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:40 UTC	799	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:40 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: 0cc5302b-e01e-005c-6387-18960e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081740Z-1657d5bbd482krtfgrg72dfbtn000000031g0000000022rf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 08:17:40 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:40 UTC	640	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://banderolaver.pro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:40 UTC	738	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:40 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: a8262e34-401e-001b-5a5e-0bc2f8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081740Z-1767f7688dck2l7961u6s0hrtn0000000ru000000000dc2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 08:17:40 UTC	15646	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-10-07 08:17:40 UTC	1528	IN	Data Raw: 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:41 UTC	404	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 08:17:41 UTC	738	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:41 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: ad567bd4-201e-0022-48bf-1639e4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241007T081741Z-1657d5bbd48vlsxxpe15ac3q7n000000038g000000001tp5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 08:17:41 UTC	15646	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-10-07 08:17:41 UTC	1528	IN	Data Raw: 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""

Timestamp	Bytes transferred	Direction	Data
2024-10-07 08:17:47 UTC	995	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlaHLAQic/swBCPqYzQEIhaDNAQjcvc0BCNrDzQEIucrNAQif0c0BCNzTzQEI0dbNAQj01s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=2IPV99F8I4K9bZ_VqhXjTcQUBqqeHEk_hgeNJ-_BobpZoYS82tkp9frtlyNNytujocldaiTf0gyORfTNKdDQ8LgNgNCDg17y7JuNpeSLw0dpLY2lDbIJh9j-ucQXosc_EOtkI64AjjoJU4Xn4oWCDfrMSKX1bOE-G7Gt78yiZi1EqpN_CjTFmLQus1D4e4aR8NE
2024-10-07 08:17:47 UTC	1377	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 08:17:47 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-LoPuT5RYzhujS_Mjr_gSyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AVYB7crB1F1G-zgAOZEEzXr5bq2_oqxspub171EE_8WdjjIXjJ82j73Fghc; expires=Sat, 05-Apr-2025 08:17:47 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 08:17:47 UTC	13	IN	Data Raw: 32 35 34 66 0d 0a 3c 21 64 6f 63 74 79 Data Ascii: 254f<!docty
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 3c 2f 74 69 74 6c 65 Data Ascii: pe html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 29 3b 68 2e 5f 63 73 68 69 64 26 26 67 26 26 66 2e 70 75 73 68 28 5b 22 63 73 68 69 64 22 2c 68 2e 5f 63 73 68 69 64 5d 29 3b 63 3d 63 28 29 3b 63 21 3d 6e 75 6c 6c 26 26 66 2e 70 75 73 68 28 5b 22 6f 70 69 22 2c 63 2e 74 6f 53 74 72 69 6e 67 28 29 5d 29 3b 66 6f 72 28 63 3d 30 3b 63 3c 66 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 69 66 28 63 3d 3d 3d 30 7c 7c 63 3e 30 29 64 2b 3d 22 26 22 3b 64 2b 3d 66 5b 63 5d 5b 30 5d 2b 22 3d 22 2b 66 5b 63 5d 5b 31 5d 7d 72 65 74 75 72 6e 22 2f 22 2b 28 6b 7c 7c 22 67 65 6e 5f 32 30 34 22 29 2b 22 3f 61 74 79 70 3d 69 26 63 74 3d 22 2b 53 74 72 69 6e 67 28 61 29 2b 22 26 63 61 64 3d 22 2b 28 62 2b 65 2b 64 29 7d 3b 6d 3d 67 6f 6f 67 6c 65 2e 6b 45 49 3b 67 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e Data Ascii: );h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();c!=null&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(c===0\|\|c>0)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k\|\|"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 2c 21 30 29 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 61 3a 7b 66 6f 72 28 61 3d 62 2e 74 61 72 67 65 74 3b 61 26 26 61 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 41 22 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 68 72 65 66 22 29 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 Data Ascii: &(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 61 79 3d 3d 3d 22 6e 6f 6e 65 22 3f 21 30 3a 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 29 2c 21 21 61 26 26 28 61 2e 76 69 73 69 62 69 6c 69 74 79 3d 3d 3d 22 68 69 64 64 65 6e 22 7c 7c 61 2e 68 65 69 67 68 74 3d 3d 3d 22 30 70 78 22 26 26 61 2e 77 69 64 74 68 3d 3d 3d 22 30 70 78 22 29 29 3a 21 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 68 3d 65 28 61 29 2c 6b 3d 68 2e 6c 65 66 74 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 58 4f 66 66 73 65 Data Ascii: ay==="none"?!0:document.defaultView&&document.defaultView.getComputedStyle?(a=document.defaultView.getComputedStyle(a),!!a&&(a.visibility==="hidden"\|\|a.height==="0px"&&a.width==="0px")):!1}function ea(a,b,c,d,e){var h=e(a),k=h.left+(c?0:window.pageXOffse
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 65 61 6b 20 61 7d 64 3d 21 31 7d 74 68 69 73 2e 6c 3d 64 3b 74 68 69 73 2e 46 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 62 73 72 63 22 29 3b 28 61 3d 74 68 69 73 2e 67 2e 73 72 63 29 26 26 74 68 69 73 2e 6c 26 26 28 74 68 69 73 2e 44 3d 61 29 3b 21 74 68 69 73 2e 6c 26 26 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 26 26 61 7c 7c 74 68 69 73 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6c 7a 79 5f 22 2c 22 31 22 29 3b 74 68 69 73 2e 42 3f 62 3d 21 30 3a 62 7c 7c 78 26 26 74 68 69 73 2e 69 7c 7c 74 68 69 73 2e 6a 7c 7c 74 68 69 73 2e 6c 3f 62 3d 21 31 3a 28 62 3d 74 68 69 73 2e 67 2e 73 72 63 2c 62 3d 74 79 70 65 6f 66 20 62 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 21 62 2c 61 3d 74 68 Data Ascii: eak a}d=!1}this.l=d;this.F=this.g.hasAttribute("data-bsrc");(a=this.g.src)&&this.l&&(this.D=a);!this.l&&typeof a==="string"&&a\|\|this.g.setAttribute("data-lzy_","1");this.B?b=!0:b\|\|x&&this.i\|\|this.j\|\|this.l?b=!1:(b=this.g.src,b=typeof b!=="string"\|\|!b,a=th
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 28 61 29 3a 6e 65 77 20 70 61 28 61 2c 63 2c 64 29 29 3b 72 65 74 75 72 6e 20 48 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 69 6d 67 22 29 2c 63 3d 30 2c 64 3d 62 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f Data Ascii: (a):new pa(a,c,d));return H[e]}function J(a){for(var b=document.getElementsByTagName("img"),c=0,d=b.length;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};goo
2024-10-07 08:17:47 UTC	1206	IN	Data Raw: 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 75 28 29 29 29 29 7d 67 6f 6f 67 6c 65 2e 63 2e 62 28 22 78 65 22 2c 22 6c 6f 61 64 22 29 3b 21 77 69 6e 64 6f 77 2e 5f 68 73 74 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 76 61 72 20 4f 3b 69 66 28 28 4f 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 3d 3d 6e 75 6c 6c 3f 30 3a 4f 2e 73 74 61 72 74 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2e 74 2e 73 74 61 72 74 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 73 74 61 72 74 3b 66 75 6e 63 74 69 6f 6e 20 50 28 61 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3d 3d Data Ascii: =Math.floor(u())))}google.c.b("xe","load");!window._hst&&performance&&performance.mark&&performance.mark("SearchHeadStart");var O;if((O=google.stvsc)==null?0:O.start)google.timers.load.t.start=google.stvsc.start;function P(a){if(document.visibilityState==
2024-10-07 08:17:47 UTC	212	IN	Data Raw: 63 65 0d 0a 61 66 74 69 20 61 66 74 72 20 61 66 74 73 20 63 62 73 20 63 62 74 20 66 68 74 20 66 72 74 73 20 66 72 76 74 20 68 63 74 20 68 73 74 20 70 72 74 20 70 72 73 20 73 63 74 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 66 75 6e 63 74 69 6f 6e 20 54 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 74 61 2e 73 65 61 72 63 68 2e 6d 61 74 63 68 28 6e 65 77 20 52 65 67 45 78 70 28 22 5b 3f 26 5d 22 2b 61 2b 22 3d 28 5c 5c 64 2b 29 22 29 29 29 3f 4e 75 6d 62 65 72 28 61 5b 31 5d 29 3a 2d 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 55 28 61 29 7b 76 61 72 20 62 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2c 63 3d 62 2e 6d 3b 69 66 28 0d 0a Data Ascii: ceafti aftr afts cbs cbt fht frts frvt hct hst prt prs sct".split(" ");function T(a){return(a=ta.search.match(new RegExp("[?&]"+a+"=(\\d+)")))?Number(a[1]):-1}function U(a){var b=google.timers.load,c=b.m;if(
2024-10-07 08:17:47 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 21 63 7c 7c 21 63 2e 70 72 73 29 7b 63 3d 77 69 6e 64 6f 77 2e 5f 63 73 63 3d 3d 3d 22 61 67 73 61 22 26 26 77 69 6e 64 6f 77 2e 5f 63 73 68 69 64 3b 76 61 72 20 64 3d 53 28 29 7c 7c 63 3f 30 3a 54 28 22 71 73 75 62 74 73 22 29 3b 64 3e 30 26 26 28 63 3d 54 28 22 66 62 74 73 22 29 2c 63 3e 30 26 26 28 62 2e 74 2e 73 74 61 72 74 3d 4d 61 74 68 2e 6d 61 78 28 64 2c 63 29 29 29 3b 76 61 72 20 65 3d 62 2e 74 2c 68 3d 65 2e 73 74 61 72 74 3b 63 3d 7b 7d 3b 62 2e 77 73 72 74 21 3d 3d 76 6f 69 64 20 30 26 26 28 63 2e 77 73 72 74 3d 62 2e 77 73 72 74 29 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 3d 30 2c 6d 3b 6d 3d 75 61 5b 6b 2b 2b 5d 3b 29 7b 76 61 72 20 6e 3d 65 5b 6d 5d 3b 6e 26 26 28 63 5b 6d 5d 3d 4d 61 74 68 2e 6d 61 78 28 6e 2d 68 2c Data Ascii: 8000!c\|\|!c.prs){c=window._csc==="agsa"&&window._cshid;var d=S()\|\|c?0:T("qsubts");d>0&&(c=T("fbts"),c>0&&(b.t.start=Math.max(d,c)));var e=b.t,h=e.start;c={};b.wsrt!==void 0&&(c.wsrt=b.wsrt);if(h)for(var k=0,m;m=ua[k++];){var n=e[m];n&&(c[m]=Math.max(n-h,