Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://xxxjns2qi.z13.web.core.windows.net/

Overview

General Information

Sample URL:https://xxxjns2qi.z13.web.core.windows.net/
Analysis ID:1432304
Infos:

Detection

TechSupportScam
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected TechSupportScam

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2560,i,14915970087761976437,14686006363847418362,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 2016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=904 --field-trial-handle=1136,i,3019338326937331567,952841908332228127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://xxxjns2qi.z13.web.core.windows.net/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_90JoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.3.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
      0.0.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
        0.2.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
          0.1.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: https://xxxjns2qi.z13.web.core.windows.net/SlashNext: detection malicious, Label: Scareware type: Phishing & Social usering

            Phishing

            barindex
            Yara detected TechSupportScam
            Source: Yara matchFile source: 0.3.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: dropped/chromecache_90, type: DROPPED
            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49698 version: TLS 1.2
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGNrkr7EGIjAffliYVjUafnqEn1nf1WBUXylN-raRGQu5KRfTjJF73c9LLKbtvVEAwrSinls-2mkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-18; NID=513=TCTqhoTgNlVXjgZAyGl3pS4Qlsgwq1NYraMOVQJg5qChHvjRCtwoZ7Q6wr-CLt9r6QwrZMhPKiUM1gv4WjznWTwd7y6UpPOwmiKhwjlNM_hNgq5RQcDqpr2tf5TCsVn8cy0gsAkKymfdFY1EThFApk-kbM8aTOnsVr2OE_lVQyI
            Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGNrkr7EGIjD1Eo30sMgLPOkbAyebDizDqvqp4myoFV1GW2T6eQQm_B_smULw6b0vO5nJMTm-Q-IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-18; NID=513=cxjmX-MC-l-yIqB8gIlG2HwBpgtkU5SZc2cgTQa7UZyZaVNpRNxbhnGnuXtoxr3gTeA4R-PrF6bNE9dqwSGs9abQcuut83Skujxb6tyiVDU7jPLwPEjGFmDv1891jfeW4WP-y1yyXLEnMiFJSmZcvS8I-_iVoLv8XC2Ih__GzAE
            Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGNrkr7EGIjAN3Bft4uexmfUXiVtkomhAxRzLDtJaDUBuyO4ARTh8Rx52Df-r6F0ofl4GYLbZcEwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-18; NID=513=GTVuF9I7CBtuIdJsbLLj018FotKEso2DHerhiAkArfxVdA3zmmEmYDgNOK5-6YJovconNle0UuTEBPQFwKOq_BWTxcJ6SFdEsBmwxEdGSZz6aq30ywOYlvOU8vztEDU4wja8-1b_tb8_candCNWqntzCI04OEKnFv56vPwikO28
            Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://xxxjns2qi.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xxxjns2qi.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /get/script.js?referrer=https://xxxjns2qi.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xxxjns2qi.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: chromecache_72.3.drString found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
            Source: chromecache_72.3.drString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=iA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},lA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
            Source: chromecache_72.3.drString found in binary or memory: e||f||g.length||h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")||LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
            Source: chromecache_72.3.drString found in binary or memory: var NB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var h=Fz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: ipwho.is
            Source: global trafficDNS traffic detected: DNS query: userstatics.com
            Source: chromecache_75.3.drString found in binary or memory: http://jquery.com/
            Source: chromecache_75.3.drString found in binary or memory: http://jquery.org/license
            Source: chromecache_75.3.drString found in binary or memory: http://sizzlejs.com/
            Source: chromecache_72.3.drString found in binary or memory: https://adservice.google.com/pagead/regclk
            Source: chromecache_72.3.drString found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
            Source: chromecache_72.3.drString found in binary or memory: https://cct.google/taggy/agent.js
            Source: chromecache_61.3.drString found in binary or memory: https://ezgif.com/optimize
            Source: chromecache_90.3.drString found in binary or memory: https://ipwho.is/?lang=en
            Source: chromecache_72.3.drString found in binary or memory: https://pagead2.googlesyndication.com
            Source: chromecache_72.3.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
            Source: chromecache_72.3.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
            Source: chromecache_72.3.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
            Source: chromecache_72.3.drString found in binary or memory: https://td.doubleclick.net
            Source: chromecache_72.3.drString found in binary or memory: https://www.google.com
            Source: chromecache_72.3.drString found in binary or memory: https://www.googleadservices.com
            Source: chromecache_72.3.drString found in binary or memory: https://www.googletagmanager.com
            Source: chromecache_90.3.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
            Source: chromecache_72.3.drString found in binary or memory: https://www.merchant-center-analytics.goog
            Source: chromecache_72.3.drString found in binary or memory: https://www.youtube.com/iframe_api
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49698 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Yara detected TechSupportScam
            Source: Yara matchFile source: 0.3.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: dropped/chromecache_90, type: DROPPED
            Source: classification engineClassification label: mal56.phis.win@23/60@8/5
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2560,i,14915970087761976437,14686006363847418362,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=904 --field-trial-handle=1136,i,3019338326937331567,952841908332228127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://xxxjns2qi.z13.web.core.windows.net/"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2560,i,14915970087761976437,14686006363847418362,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=904 --field-trial-handle=1136,i,3019338326937331567,952841908332228127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
            Process Injection            		1
            Process Injection            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://xxxjns2qi.z13.web.core.windows.net/0%Avira URL Cloudsafe
            https://xxxjns2qi.z13.web.core.windows.net/100%SlashNextScareware type: Phishing & Social usering

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ipwho.is/?lang=en0%URL Reputationsafe
            https://ipwho.is/?lang=en0%URL Reputationsafe
            https://www.merchant-center-analytics.goog0%URL Reputationsafe
            https://www.merchant-center-analytics.goog0%URL Reputationsafe
            https://cct.google/taggy/agent.js0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            bg.microsoft.map.fastly.net
            		199.232.210.172
            		truefalse
              		unknown
              ipwho.is
              		15.204.213.5
              		truefalse
                		unknown
                userstatics.com
                		104.21.53.38
                		truefalse
                  		unknown
                  www.google.com
                  		142.250.217.196
                  		truefalse
                    		high
                    fp2e7a.wpc.phicdn.net
                    		192.229.211.108
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://www.google.com/async/ddljson?async=ntp:2false
                        		high
                        https://ipwho.is/?lang=enfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high
                          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGNrkr7EGIjAffliYVjUafnqEn1nf1WBUXylN-raRGQu5KRfTjJF73c9LLKbtvVEAwrSinls-2mkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                            		high
                            https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGNrkr7EGIjD1Eo30sMgLPOkbAyebDizDqvqp4myoFV1GW2T6eQQm_B_smULw6b0vO5nJMTm-Q-IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                              		high
                              https://www.google.com/async/newtab_promosfalse
                                		high
                                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                  		high
                                  https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGNrkr7EGIjAN3Bft4uexmfUXiVtkomhAxRzLDtJaDUBuyO4ARTh8Rx52Df-r6F0ofl4GYLbZcEwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://www.google.comchromecache_72.3.drfalse
                                      		high
                                      https://www.youtube.com/iframe_apichromecache_72.3.drfalse
                                        		high
                                        https://stats.g.doubleclick.net/g/collectchromecache_72.3.drfalse
                                          		high
                                          http://jquery.org/licensechromecache_75.3.drfalse
                                            		high
                                            https://td.doubleclick.netchromecache_72.3.drfalse
                                              		high
                                              http://sizzlejs.com/chromecache_75.3.drfalse
                                                		high
                                                https://www.merchant-center-analytics.googchromecache_72.3.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://stats.g.doubleclick.net/g/collect?v=2&chromecache_72.3.drfalse
                                                  		high
                                                  https://adservice.google.com/pagead/regclkchromecache_72.3.drfalse
                                                    		high
                                                    https://cct.google/taggy/agent.jschromecache_72.3.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://ezgif.com/optimizechromecache_61.3.drfalse
                                                      		high
                                                      http://jquery.com/chromecache_75.3.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        15.204.213.5
                                                        		ipwho.isUnited States
                                                        		71HP-INTERNET-ASUSfalse
                                                        142.250.217.196
                                                        		www.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        239.255.255.250
                                                        		unknownReserved
                                                        		unknownunknownfalse
                                                        104.21.53.38
                                                        		userstatics.comUnited States
                                                        		13335CLOUDFLARENETUSfalse

                                                        Private

                                                        IP
                                                        192.168.2.6

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1432304
                                                        Start date and time:2024-04-26 20:27:47 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 3m 29s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:browseurl.jbs
                                                        Sample URL:https://xxxjns2qi.z13.web.core.windows.net/
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:9
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Detection:MAL
                                                        Classification:mal56.phis.win@23/60@8/5
                                                        EGA Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 0
                                                        • Number of non-executed functions: 0

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 142.250.217.238, 108.177.11.84, 192.178.50.35, 34.104.35.123, 57.150.0.68, 23.204.76.112, 20.12.23.50, 142.250.217.200, 199.232.210.172, 192.229.211.108, 192.178.50.78, 20.242.39.171, 172.217.165.206
                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, xxxjns2qi.z13.web.core.windows.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, prod.fs.microsoft.com.akadns.net, web.iad02prdstr17c.store.core.windows.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        No context

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        Chrome Cache Entry: 58

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):321
                                                        Entropy (8bit):5.105831274811178
                                                        Encrypted:false
                                                        SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWO5pSN8AJR2p0BQ4RbUygE:hax0rKRHkhzRH/Un2i2GprK5YWO3SO+X
                                                        MD5:566FC65C463D9C011180767A490DB5C5
                                                        SHA1:5B7D285FF8E2092140785086FE17981B17386E5C
                                                        SHA-256:717B933EE2CAA6C68199C083A427BC2F0AB2856638F51E69E5DBFF26A7C550BD
                                                        SHA-512:481992199CC5C7B341B9583E688347F435852227A1250AEB7533788AAFE57FD18D34214F3290917F5401FE3FA59547E414994102634682EA1A09D2E4FDEAE1A7
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/w3.png
                                                        Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : d3aa01c5-201e-0078-7d07-9889c5000000</li><li>TimeStamp : 2024-04-26T18:28:59.6462176Z</li></ul></p></body></html>

                                                        Chrome Cache Entry: 59

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2083), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):2083
                                                        Entropy (8bit):5.0463133028709635
                                                        Encrypted:false
                                                        SSDEEP:48:W/iGbnd2lcCB2/GxUH3M1+Rh9FNGDzjUYx7u9rDTlRSg40:Y9d2ldWR017MDE0
                                                        MD5:33B3E05F86FE68782A71C3EB89C637DF
                                                        SHA1:B4271F567F27351847B2CA127DCB8D88A03300A3
                                                        SHA-256:B1A5978232E5BAD9D779EC449BBBB365E393A818D44DAE1A38C97BAD79ADA48F
                                                        SHA-512:E60CD591C34640B39CB95BA14F90CD0563A4B25E4F26212F5FC79203A09463CF2DD5C787230385270BD0A725379568F518C814D326ABDCDB347F8A955CAC78AA
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/js/nvidia.js
                                                        Preview:function toggleFullScreen(e){var n=document.body;e instanceof HTMLElement&&(n=e);var t=document.webkitIsFullScreen||document.mozFullScreen||!1;n.requestFullScreen=n.requestFullScreen||n.webkitRequestFullScreen||n.mozRequestFullScreen||function(){return!1},document.cancelFullScreen=document.cancelFullScreen||document.webkitCancelFullScreen||document.mozCancelFullScreen||function(){return!1},t?document.cancelFullScreen():n.requestFullScreen()}function addEvent(e,n,t){e.addEventListener?e.addEventListener(n,t,!1):e.attachEvent&&e.attachEvent("on"+n,t)}$(document).ready(function(){var e=document.createElement("audio");e.setAttribute("src","ai2.mp3"),e.addEventListener("ended",function(){this.play()},!1),$(".map").click(function(){e.play()}),$(".black").click(function(){e.play()}),$("#footer").click(function(){e.play()}),$("#qwrqwewrqwdqw").click(function(){e.play()})}),$(document).ready(function(){$("body").mouseover(function(){$("#footer").fadeIn("").css({bottom:-20,position:"fixed"}).ani

                                                        Chrome Cache Entry: 60

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (778)
                                                        Category:downloaded
                                                        Size (bytes):783
                                                        Entropy (8bit):5.1472510013114325
                                                        Encrypted:false
                                                        SSDEEP:24:AKmA1KplBjvRdBHslgT9lCuABuoB7HHHHHHHYqmffffffo:ArRplBjvRdKlgZ01BuSEqmffffffo
                                                        MD5:C17188E6ABAA494B1FCDB3AED197EAD8
                                                        SHA1:95DFC158292EE68B231FF5C17C2E9C867BED99E7
                                                        SHA-256:8FD5DDEDC45A670C54816A00DBE1E42622915BAE8184C40917B317F9DF8E851A
                                                        SHA-512:E421BE3610DB77E021221D8EF79BD77D1D7A6301E5C6CF9BE2A803DCEE6D256E747147B8B1FD081729BFC3C5466149CBEB3D0BCB456C40500D1C966DA7DEE331
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                        Preview:)]}'.["",["modern horizons 3 commander decks leaks","clear california airports","drake relays 2024 live results","lufthansa 747 rough landing lax","nintendo garry mod","reddit downtime","mlb power rankings","weather storms tornadoes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                        Chrome Cache Entry: 61

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:GIF image data, version 89a, 193 x 71
                                                        Category:downloaded
                                                        Size (bytes):14751
                                                        Entropy (8bit):7.927919850442063
                                                        Encrypted:false
                                                        SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                                        MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                                        SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                                        SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                                        SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/re.gif
                                                        Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                                        Chrome Cache Entry: 62

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:assembler source, ASCII text, with very long lines (324), with CRLF line terminators
                                                        Category:downloaded
                                                        Size (bytes):18178
                                                        Entropy (8bit):4.868191588228292
                                                        Encrypted:false
                                                        SSDEEP:192:m5pyua9kzmx5XO0CfsXLruzG61fMDl1tFpFab5rjloqSrXVrqODz7frYYkYYPlcr:6pyusXrJm4lICr
                                                        MD5:7EB9DB6D3E4C84E0E29BEE4CC963F3A0
                                                        SHA1:BEBA530C07ECB65C1C80BC73429BBB01B812EB0B
                                                        SHA-256:B93DABEBD37A3D0F9067554802BA410632C88E12DB36C17CB586719E4A3ABA71
                                                        SHA-512:E931634C19125A4D1EC41283DBB9A4AFCF287A2B80B924760D69FDB1E42F3740336FF4F0F8F4E66A65FF2CCBCDACBAFB7F61023C305653CDDD70A2BAD84B1B11
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/css/tapa.css
                                                        Preview:.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#qwrqwewrqwdqw,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {..

                                                        Chrome Cache Entry: 63

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 13 x 13, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):276
                                                        Entropy (8bit):5.44393413565082
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
                                                        MD5:7616D96C388301E391653647E1F5F057
                                                        SHA1:B1868C8F0F46309A8E26F584AC82000D54C06ECD
                                                        SHA-256:4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
                                                        SHA-512:C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

                                                        Chrome Cache Entry: 64

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):462770
                                                        Entropy (8bit):7.96289736720607
                                                        Encrypted:false
                                                        SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                                        MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                                        SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                                        SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                                        SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/bg.png
                                                        Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                                        Chrome Cache Entry: 65

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:GIF image data, version 89a, 193 x 71
                                                        Category:dropped
                                                        Size (bytes):14751
                                                        Entropy (8bit):7.927919850442063
                                                        Encrypted:false
                                                        SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                                        MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                                        SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                                        SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                                        SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                                        Chrome Cache Entry: 66

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 100 x 100, 1-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):332
                                                        Entropy (8bit):6.871743379185684
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
                                                        MD5:9D8A90A63D20F05D27E5D6ABB35E0CD0
                                                        SHA1:5873B4007E9D55B4D891A4C427B3735ED23DBFE8
                                                        SHA-256:7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
                                                        SHA-512:DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/dm.png
                                                        Preview:.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`..*..cu.oD...}.K.wP....e}*.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

                                                        Chrome Cache Entry: 67

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):99389
                                                        Entropy (8bit):7.948180012126474
                                                        Encrypted:false
                                                        SSDEEP:3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
                                                        MD5:6B11AD15DA74888BEA9095007A9F7DD6
                                                        SHA1:E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
                                                        SHA-256:93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
                                                        SHA-512:709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                        Chrome Cache Entry: 68

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):321
                                                        Entropy (8bit):5.120215345396994
                                                        Encrypted:false
                                                        SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOUKV+ZAlJR2p0BQ7+E:hax0rKRHkhzRH/Un2i2GprK5YWOUOrJo
                                                        MD5:3A61B711A979F1F1817D9AA0B0735E34
                                                        SHA1:2E6BCF38C48EA62904DFF330EA2930A4569E93C7
                                                        SHA-256:3C7BD5AD6DA38C9876440D6175D5CFBB6CBBDD4B3AF14E54600C5AD09FDC6253
                                                        SHA-512:CA37FE932BBF6835AC0B96E707E4BBABC5F182BED4FF7A391A5A0E6E1F8D9C93E519E93ECD6F8A4C467937DF042C149FDE9B6ECA752F558DDF388E9DC8C9734D
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/w1.png
                                                        Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 28b17cf4-a01e-0014-3507-986252000000</li><li>TimeStamp : 2024-04-26T18:28:58.8477392Z</li></ul></p></body></html>

                                                        Chrome Cache Entry: 69

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):99389
                                                        Entropy (8bit):7.948180012126474
                                                        Encrypted:false
                                                        SSDEEP:3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
                                                        MD5:6B11AD15DA74888BEA9095007A9F7DD6
                                                        SHA1:E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
                                                        SHA-256:93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
                                                        SHA-512:709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/bx1.png
                                                        Preview:.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                        Chrome Cache Entry: 70

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 140 x 30, 1-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):187
                                                        Entropy (8bit):6.13774750591943
                                                        Encrypted:false
                                                        SSDEEP:3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
                                                        MD5:271021CFA45940978184BE0489841FD3
                                                        SHA1:201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
                                                        SHA-256:C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
                                                        SHA-512:EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/mnc.png
                                                        Preview:.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

                                                        Chrome Cache Entry: 71

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 166 x 92, 4-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):6.670080953747829
                                                        Encrypted:false
                                                        SSDEEP:24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
                                                        MD5:05CDF1A2C2FC8F07BEA0A8F4F9356637
                                                        SHA1:B7BBD626D1D6C832509E820CAE1D971B34F625E6
                                                        SHA-256:AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
                                                        SHA-512:D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

                                                        Chrome Cache Entry: 72

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (5945)
                                                        Category:downloaded
                                                        Size (bytes):301564
                                                        Entropy (8bit):5.5682038999667185
                                                        Encrypted:false
                                                        SSDEEP:6144:X4nQX5NzJTYLceF+qKXjXP9RIMEQ85YDSY:on+xJyNy2Y
                                                        MD5:E179138512414372A8B388652B2AAE52
                                                        SHA1:F6668D341EF416DFB46A24C95B1554C200DB932D
                                                        SHA-256:38C94B3A44EB197C354DBA8691CC7CB00B3520483E666E40083FE58CD56B4B61
                                                        SHA-512:37230E3B8CE5977243B5211326BAA0EB39E015A4238726CA7227145613C769397E98255BA4A1A006697DB5C50F2F3B88C1573972E89BE245CAF61D9F8ACD8CFE
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

                                                        Chrome Cache Entry: 73

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):462770
                                                        Entropy (8bit):7.96289736720607
                                                        Encrypted:false
                                                        SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                                        MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                                        SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                                        SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                                        SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                                        Chrome Cache Entry: 74

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 128 x 128, 1-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):722
                                                        Entropy (8bit):7.434007974065295
                                                        Encrypted:false
                                                        SSDEEP:12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
                                                        MD5:42D8F2CC1AE5759C2369F255F36EBC03
                                                        SHA1:8E592162EEC14E72D0A751D714A641DBECE91F6B
                                                        SHA-256:31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
                                                        SHA-512:4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/vsc.png
                                                        Preview:.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,..*.a\ .*"."t*dmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W.........*.e......^^ .4..V..9.......v..>.....*.^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.*......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

                                                        Chrome Cache Entry: 75

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (820)
                                                        Category:downloaded
                                                        Size (bytes):79064
                                                        Entropy (8bit):5.3886285065472075
                                                        Encrypted:false
                                                        SSDEEP:1536:oqD4uWibfmaWWfiw7uOm9LofuENlx9TV6p+T3VopklvQDPj10XQjdA4+9T:opzYf/c9E5vQD6X2dA4+9T
                                                        MD5:2130B7ED48A1006F774734218D916DEE
                                                        SHA1:86D0AAF4ECB3EAD31C3C2739853C089D8D1DC619
                                                        SHA-256:D8AF41D20B1AF69B8C2A8E0776D181A8224F17D314FC2479C8A389A9E79D0542
                                                        SHA-512:6F86E053FD15052FB86228F94B06EDF586BBA0EA68C11D2F8B688A37C2379683DC7D83A6B77D81381703B5E12B28967DFD21A243AA41DBB313682D7ADBA22C93
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/js/jquery-1.4.4.min.js
                                                        Preview:/*!. * jQuery JavaScript Library v1.4.4. * http://jquery.com/. *. * Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. *. * Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. *. * Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.s

                                                        Chrome Cache Entry: 76

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:downloaded
                                                        Size (bytes):503
                                                        Entropy (8bit):4.806069034061486
                                                        Encrypted:false
                                                        SSDEEP:6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
                                                        MD5:CD6C33FBC221D0271C910AF910E6EBED
                                                        SHA1:9B52F24D6F10B885BB19DB1C4B531469F96D2914
                                                        SHA-256:318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
                                                        SHA-512:13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/js/jupiter.js
                                                        Preview: function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

                                                        Chrome Cache Entry: 77

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
                                                        Category:downloaded
                                                        Size (bytes):376425
                                                        Entropy (8bit):6.328939718669852
                                                        Encrypted:false
                                                        SSDEEP:6144:tw78qtWLT4gFpI7gfogcXWKdM1I519inwhdoZtFYSxDi7TSPg27C:SLtc3FEgggcmkM1IBoZ4miI7C
                                                        MD5:32D775D8AC22F1CD0CC29097DF12CCFA
                                                        SHA1:D6B5DBEF7BC81E1D86DB4254FE68BCB2AA5E21C4
                                                        SHA-256:BD132E75009AC7BDCBA4BF7C54F71FD9386A4FFBBFD4AD156721D5082194602B
                                                        SHA-512:08558205EA34634C274A8947E650CB2EC3BCF17BCB9239C6AC586D72BD07C4192049AF71A9186212B668D2F2273847C6FF5B739DB2D87EBA3E8A74B9A10A218C
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/media/Fm7-alert.wav:2f759a5bf904e9:0
                                                        Preview:RIFF....WAVEfmt ........"V..D.......LIST....INFOIART&...IVONA Reader - Microsoft Zira Desktop.ICMT....License: Unknown..IGNR....Speech..INAM....Important Security..IPRD....Warning.IPRT....1.ISFT....Lavf58.76.100.data...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Chrome Cache Entry: 78

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 100 x 100, 1-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):332
                                                        Entropy (8bit):6.871743379185684
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
                                                        MD5:9D8A90A63D20F05D27E5D6ABB35E0CD0
                                                        SHA1:5873B4007E9D55B4D891A4C427B3735ED23DBFE8
                                                        SHA-256:7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
                                                        SHA-512:DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`..*..cu.oD...}.K.wP....e}*.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

                                                        Chrome Cache Entry: 79

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 13 x 13, 8-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):276
                                                        Entropy (8bit):5.44393413565082
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
                                                        MD5:7616D96C388301E391653647E1F5F057
                                                        SHA1:B1868C8F0F46309A8E26F584AC82000D54C06ECD
                                                        SHA-256:4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
                                                        SHA-512:C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/bel.png
                                                        Preview:.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

                                                        Chrome Cache Entry: 80

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 166 x 92, 4-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):1270
                                                        Entropy (8bit):6.670080953747829
                                                        Encrypted:false
                                                        SSDEEP:24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
                                                        MD5:05CDF1A2C2FC8F07BEA0A8F4F9356637
                                                        SHA1:B7BBD626D1D6C832509E820CAE1D971B34F625E6
                                                        SHA-256:AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
                                                        SHA-512:D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/pcm.png
                                                        Preview:.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

                                                        Chrome Cache Entry: 81

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 520 x 520, 8-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):2681
                                                        Entropy (8bit):7.104642717027869
                                                        Encrypted:false
                                                        SSDEEP:48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
                                                        MD5:B01A30D354BFCF51EDF33E0B0EA07402
                                                        SHA1:C421359518D1AE258237BF501C563B7F059F8B9B
                                                        SHA-256:B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
                                                        SHA-512:D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/cs.png
                                                        Preview:.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

                                                        Chrome Cache Entry: 82

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 31 x 30, 4-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):168
                                                        Entropy (8bit):5.414614498746933
                                                        Encrypted:false
                                                        SSDEEP:3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
                                                        MD5:ACB05EBCD5F488FC99169CFF02B6DD04
                                                        SHA1:DCA893A7B514503E947A57AA072482A0E0CBA912
                                                        SHA-256:1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
                                                        SHA-512:13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

                                                        Chrome Cache Entry: 83

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 140 x 30, 1-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):187
                                                        Entropy (8bit):6.13774750591943
                                                        Encrypted:false
                                                        SSDEEP:3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
                                                        MD5:271021CFA45940978184BE0489841FD3
                                                        SHA1:201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
                                                        SHA-256:C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
                                                        SHA-512:EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

                                                        Chrome Cache Entry: 84

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 31 x 30, 4-bit colormap, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):168
                                                        Entropy (8bit):5.414614498746933
                                                        Encrypted:false
                                                        SSDEEP:3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
                                                        MD5:ACB05EBCD5F488FC99169CFF02B6DD04
                                                        SHA1:DCA893A7B514503E947A57AA072482A0E0CBA912
                                                        SHA-256:1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
                                                        SHA-512:13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/msmm.png
                                                        Preview:.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

                                                        Chrome Cache Entry: 85

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:downloaded
                                                        Size (bytes):5816
                                                        Entropy (8bit):4.707067894665527
                                                        Encrypted:false
                                                        SSDEEP:96:rSCU5PMZwzlNZiD07WJiOiq+mh5hoFzT6M:OCmPMZKT0gSJiOiYjuFzT6M
                                                        MD5:41D726BA8105809814789FD8B9D6015A
                                                        SHA1:A560687A3E1622DAA162E711CCCDACFC070E2278
                                                        SHA-256:86C48A03A2DD5D8848990B64B04FC70A9C7B7CC551AA5FA251B2B57292E37113
                                                        SHA-512:D3A858DEC6B8168FB2D0E5945A841DB55FC90C316FABFC07B754C84765980482FC9DD2EDCB579D42CF929352F38AF148FE26A437F3CF4494D6385EB9652145F4
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/js/jscode.js
                                                        Preview:$(function() {.. var a = 0,.. b = setInterval(function() {.. a += 10;.. $("#dynamic").css("width", a + "%").attr("aria-valuenow", a).text(a + "% Complete");.. 100 <= a && clearInterval(b).. }, 100).. });.... (function(a) {.. a.fn.countTo = function(b) {.. b = b || {};.. return a(this).each(function() {.. function d(a) {.. a = c.formatter.call(k, a, c);.. h.html(a).. }.. var c = a.extend({}, a.fn.countTo.defaults, {.. from: a(this).data("from"),.. to: a(this).data("to"),.. speed: a(this).data("speed"),.. refreshInterval: a(this).data("refresh-interval"),.. decimals: a(this).data("decimals").. }, b),.. l = Math.ceil(c.speed / c.refreshInterval),.. n = (c.to - c.from) / l,.. k = this,.. h = a(this),.. m = 0,.. f = c.from,.. g = h.data("countTo") || {};.. h.data("countTo"

                                                        Chrome Cache Entry: 86

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 128 x 128, 1-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):722
                                                        Entropy (8bit):7.434007974065295
                                                        Encrypted:false
                                                        SSDEEP:12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
                                                        MD5:42D8F2CC1AE5759C2369F255F36EBC03
                                                        SHA1:8E592162EEC14E72D0A751D714A641DBECE91F6B
                                                        SHA-256:31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
                                                        SHA-512:4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,..*.a\ .*"."t*dmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W.........*.e......^^ .4..V..9.......v..>.....*.^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.*......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

                                                        Chrome Cache Entry: 87

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):364
                                                        Entropy (8bit):7.161449027375991
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                                        MD5:E144C3378090087C8CE129A30CB6CB4E
                                                        SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                                        SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                                        SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                                        Chrome Cache Entry: 88

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:JSON data
                                                        Category:downloaded
                                                        Size (bytes):703
                                                        Entropy (8bit):5.06562286484441
                                                        Encrypted:false
                                                        SSDEEP:12:YZAYhZImV+xaNmd6wpHPKhmHpa23ewHD2ARQDosJD50BWPe5sj+VkoyFY:Yq0RNMhHEm823H211djaVsY
                                                        MD5:832E0C8DD20DA59C30438BF555FAE0D0
                                                        SHA1:E92D8E6A652AC287D9DFD739906D81739E3FE639
                                                        SHA-256:B8DAD6F5BB526F4B9D72675218B38F4EDFAEB17EBB4AF63112893A4F07230D51
                                                        SHA-512:996B6548A1CA634853B43BF3363D6C5D8A78B11D60844F8AFB8EE618C315B996C32DDF3FE48DAA79B41B3DB5E4CE002A6836A94F9B17B3CA32B34FAD4D295F86
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://ipwho.is/?lang=en
                                                        Preview:{"ip":"102.129.152.220","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Florida","region_code":"FL","city":"Miami","latitude":25.7616798,"longitude":-80.1917902,"is_eu":false,"postal":"33128","calling_code":"1","capital":"Washington D.C.","borders":"CA,MX","flag":{"img":"https:\/\/cdn.ipwhois.io\/flags\/us.svg","emoji":"\ud83c\uddfa\ud83c\uddf8","emoji_unicode":"U+1F1FA U+1F1F8"},"connection":{"asn":174,"org":"Det Africa pty LTD","isp":"Cogent Communications","domain":""},"timezone":{"id":"America\/New_York","abbr":"EDT","is_dst":true,"offset":-14400,"utc":"-04:00","current_time":"2024-04-26T14:28:51-04:00"}}

                                                        Chrome Cache Entry: 89

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):1009
                                                        Entropy (8bit):4.650881180319751
                                                        Encrypted:false
                                                        SSDEEP:24:78NLWAtaN84m6r2h2fvrQb31izYx6qwOBhA:78NW2aKVh2fvrkicMqwOc
                                                        MD5:A3CE21F002C8F0EE20079DA87C686824
                                                        SHA1:701227F2228E6B569330ABE863268713B037E616
                                                        SHA-256:A073C7326764093C4889A26E5C512E2D39C08B2804F264144007B230C061EC71
                                                        SHA-512:93FD3235877671B3B6CC0603840ED5751F44D1F823B3D47253AB710F11A61CAE5CAA3E8C514878D4E01059B77A4864377E089883EB5325B387FDACBED3FC5D51
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{. "About Us": "https:\/\/ipwhois.io",. "ip": "102.129.152.220",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Florida",. "region_code": "FL",. "city": "Miami",. "latitude": 25.7616798,. "longitude": -80.1917902,. "is_eu": false,. "postal": "33128",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 174,. "org": "Det Africa pty LTD",. "isp": "Cogent Communications",. "domain": "". },. "timezone": {. "id": "America\/New_York",. "abbr": "EDT",. "is_dst": true,. "offset": -14400,. "utc": "-04:00",. "current_time": "2024-04-26T14:28:54-04:00

                                                        Chrome Cache Entry: 90

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (522)
                                                        Category:downloaded
                                                        Size (bytes):19089
                                                        Entropy (8bit):4.554645161334557
                                                        Encrypted:false
                                                        SSDEEP:192:fNLW3lDcMPo6w6j1P4Ur4U+7sBUULdzmGmQABCBuRvRDxwU:FklDccz1PNrN2CUGdzmGwB/
                                                        MD5:D1B120D73B6EC9651680AA9BB4456DF7
                                                        SHA1:2C208ED97B3477B201CCCCD347D5172D8A8B42CB
                                                        SHA-256:89FD50D45876D0E0D012CEE8C3467C61D88D539A8FB6895ADB99FA927C5A7A5A
                                                        SHA-512:AD62CD05279CD8299154385C8F04274FB03793C36F114525851D8B7578BBBB974E78E30B7AA6C24AC4BDC0AF5D15952C265EB315F66BA06D1AEE0D0A5A431963
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/
                                                        Preview:<html lang="en"><head>. <meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>System Error Code Er0erydfd1</title>. <link href="images/msmm.png" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">.. <script type="text/javascript" src="js/jquery-1.4.4.min.js"></script>. <script type="text/javascript">//<![CDATA[. $(function(){. $('body').bind('contextmenu', function(e){. return false;. });. });// . </script>. Global site tag (gtag.js) - Google Analytics -->.<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4"></script>.<script>. window.dataLayer = window.dataLayer || [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-8SZJPQT3Z4');.</script>... <script>. var t = new XMLHttpRequest;. t.onreadystatechange = fu

                                                        Chrome Cache Entry: 91

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):133
                                                        Entropy (8bit):5.102751486482574
                                                        Encrypted:false
                                                        SSDEEP:3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
                                                        MD5:FEA7FBF2C619FD4B7716FCAA64070C6C
                                                        SHA1:F192732937981A26F526B7C1293A2AE13BC59A22
                                                        SHA-256:DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
                                                        SHA-512:145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://userstatics.com/get/script.js?referrer=https://xxxjns2qi.z13.web.core.windows.net/
                                                        Preview:document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

                                                        Chrome Cache Entry: 92

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                                        Category:downloaded
                                                        Size (bytes):364
                                                        Entropy (8bit):7.161449027375991
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                                        MD5:E144C3378090087C8CE129A30CB6CB4E
                                                        SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                                        SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                                        SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                                        Malicious:false
                                                        Reputation:low
                                                        URL:https://xxxjns2qi.z13.web.core.windows.net/images/set.png
                                                        Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                                        Chrome Cache Entry: 93

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 520 x 520, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2681
                                                        Entropy (8bit):7.104642717027869
                                                        Encrypted:false
                                                        SSDEEP:48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
                                                        MD5:B01A30D354BFCF51EDF33E0B0EA07402
                                                        SHA1:C421359518D1AE258237BF501C563B7F059F8B9B
                                                        SHA-256:B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
                                                        SHA-512:D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

                                                        Static File Info

                                                        No static file info

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Apr 26, 2024 20:28:31.030791998 CEST49673443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:31.030803919 CEST49674443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:31.327667952 CEST49672443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:37.669234037 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:37.669344902 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:40.638899088 CEST49674443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:40.685714960 CEST49673443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:41.045083046 CEST49672443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:41.444659948 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.444708109 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.444777966 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.446432114 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.446445942 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.685587883 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.685626984 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.685775042 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.686743021 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.686758041 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.814178944 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814270973 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.814373970 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814470053 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814512968 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.814567089 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814661980 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814683914 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.814892054 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.814905882 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.847279072 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.847584009 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.847618103 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.849095106 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.849170923 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.850287914 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.850378990 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:41.850450039 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:41.896116972 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.056119919 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.056184053 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.079574108 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.119523048 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.119539976 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.123831034 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.124023914 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.125775099 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.126009941 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.126753092 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.126761913 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.145770073 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.146430969 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.146450043 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.147336006 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.147406101 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.148047924 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.148118019 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.148359060 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.196116924 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.201241016 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.201591969 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.201653957 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.202544928 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.202625036 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.217166901 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.217264891 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.217305899 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.249752045 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.249802113 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.249819040 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.254386902 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.254456043 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.254524946 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.254556894 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.256309032 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.256377935 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.264117956 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.271089077 CEST49704443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.271115065 CEST44349704142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.349128008 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.380229950 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.380292892 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.486737967 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.814332962 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.814408064 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.814428091 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.815649033 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.816092014 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.818326950 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.818346977 CEST44349707142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.818358898 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.818397045 CEST49707443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.822161913 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.822196960 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.822264910 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.822537899 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.822550058 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.849627972 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.849715948 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.849750042 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.849781036 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.849845886 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.851587057 CEST49706443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.851605892 CEST44349706142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.912197113 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.912297964 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.912360907 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.912539959 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.912597895 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.913881063 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.913902998 CEST44349705142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:42.913943052 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:42.913976908 CEST49705443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:43.165317059 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:43.287744045 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.359293938 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.359323025 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.360299110 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.360322952 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.360372066 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.360378027 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.360847950 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.360899925 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.360949039 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.361181974 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.361193895 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.361763000 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.361928940 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.361944914 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.361952066 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.362231970 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.408118010 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.562598944 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.562726021 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.562781096 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.562802076 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.563102961 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.563158989 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.698956013 CEST49711443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.698982954 CEST44349711142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.749327898 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.758924961 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.888237953 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.903702021 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.903733015 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.903835058 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.903846979 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.904485941 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.905378103 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.905409098 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.905426979 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.905463934 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.905479908 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.906397104 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.906502008 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.906790972 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.906985044 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:44.907001972 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:44.948118925 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.034579992 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.138995886 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.139127016 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.139180899 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.139203072 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.139475107 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.139530897 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.147797108 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.147841930 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.147881031 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.147891998 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.147905111 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.147933006 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.147950888 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.147970915 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.148005962 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.152427912 CEST49712443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.152441978 CEST44349712142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:45.153136969 CEST49713443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:28:45.153156996 CEST44349713142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:28:49.978133917 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:49.978183985 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:49.978234053 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:49.978899956 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:49.978914022 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:50.467508078 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:50.516139030 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:50.516148090 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:50.522604942 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:50.522697926 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.087516069 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.087657928 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.087754011 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.128165960 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.141601086 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.141611099 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.247566938 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.247714043 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.294861078 CEST49722443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.294876099 CEST4434972215.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.789913893 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.789946079 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:51.790188074 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.790348053 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:51.790363073 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:52.105781078 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:52.251117945 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.413671970 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.413686037 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.417671919 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.417706013 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.417733908 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.459567070 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.459810019 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.459819078 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.500134945 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.542052984 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:54.598438025 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.598445892 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.616728067 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.616800070 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.617518902 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.617536068 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.617594957 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.617975950 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.617985010 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.618056059 CEST49734443192.168.2.615.204.213.5
                                                        Apr 26, 2024 20:28:54.618068933 CEST4434973415.204.213.5192.168.2.6
                                                        Apr 26, 2024 20:28:54.795057058 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:54.865555048 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:54.865608931 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:54.865803957 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:54.865845919 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:54.865931034 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:54.865978003 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:54.865994930 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:54.866029978 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:54.875669956 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.875993013 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.876000881 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.876895905 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.876967907 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.941324949 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.941392899 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:54.941508055 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:54.941517115 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:55.088136911 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:55.433022022 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:55.433131933 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:55.433176994 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:55.495346069 CEST49743443192.168.2.6104.21.53.38
                                                        Apr 26, 2024 20:28:55.495356083 CEST44349743104.21.53.38192.168.2.6
                                                        Apr 26, 2024 20:28:57.989443064 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:28:57.989506960 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:59.073697090 CEST49698443192.168.2.6173.222.162.64
                                                        Apr 26, 2024 20:28:59.332566977 CEST44349698173.222.162.64192.168.2.6
                                                        Apr 26, 2024 20:29:44.668967962 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:44.669018984 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:44.669095039 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:44.669486046 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:44.669503927 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:44.997951984 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:44.998733997 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:44.998749018 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:44.999214888 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:44.999871969 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:44.999962091 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:45.139559984 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:55.001682997 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:55.001842976 CEST44349765142.250.217.196192.168.2.6
                                                        Apr 26, 2024 20:29:55.001915932 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:55.011377096 CEST49765443192.168.2.6142.250.217.196
                                                        Apr 26, 2024 20:29:55.011411905 CEST44349765142.250.217.196192.168.2.6

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Apr 26, 2024 20:28:40.294759989 CEST53537511.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:40.338354111 CEST53585501.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:41.280757904 CEST5751053192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:41.281215906 CEST4944453192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:41.418606997 CEST53575101.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:41.418622971 CEST53494441.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:41.703520060 CEST53537051.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:49.845390081 CEST5504853192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:49.845788956 CEST5809753192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:49.971569061 CEST53550481.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:49.971632004 CEST53580971.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:51.647919893 CEST5505053192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:51.648344994 CEST5924953192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:51.774446011 CEST53592491.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:51.778584003 CEST53550501.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:51.853545904 CEST53592081.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:54.488451004 CEST5865153192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:54.488590002 CEST5788853192.168.2.61.1.1.1
                                                        Apr 26, 2024 20:28:54.616466999 CEST53578881.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:54.616980076 CEST53586511.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:28:56.144679070 CEST53646391.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:29:02.830713987 CEST53635811.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:29:27.308856010 CEST53575871.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:29:40.131891966 CEST53568621.1.1.1192.168.2.6
                                                        Apr 26, 2024 20:29:53.175685883 CEST53499291.1.1.1192.168.2.6

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Apr 26, 2024 20:28:41.280757904 CEST192.168.2.61.1.1.10x4a8dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:41.281215906 CEST192.168.2.61.1.1.10x9893Standard query (0)www.google.com65IN (0x0001)false
                                                        Apr 26, 2024 20:28:49.845390081 CEST192.168.2.61.1.1.10x51bfStandard query (0)ipwho.isA (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:49.845788956 CEST192.168.2.61.1.1.10x626bStandard query (0)ipwho.is65IN (0x0001)false
                                                        Apr 26, 2024 20:28:51.647919893 CEST192.168.2.61.1.1.10x6c11Standard query (0)ipwho.isA (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:51.648344994 CEST192.168.2.61.1.1.10x73eStandard query (0)ipwho.is65IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.488451004 CEST192.168.2.61.1.1.10xeab2Standard query (0)userstatics.comA (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.488590002 CEST192.168.2.61.1.1.10x9cd1Standard query (0)userstatics.com65IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Apr 26, 2024 20:28:41.418606997 CEST1.1.1.1192.168.2.60x4a8dNo error (0)www.google.com142.250.217.196A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:41.418622971 CEST1.1.1.1192.168.2.60x9893No error (0)www.google.com65IN (0x0001)false
                                                        Apr 26, 2024 20:28:49.971569061 CEST1.1.1.1192.168.2.60x51bfNo error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:51.778584003 CEST1.1.1.1192.168.2.60x6c11No error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.616466999 CEST1.1.1.1192.168.2.60x9cd1No error (0)userstatics.com65IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.616980076 CEST1.1.1.1192.168.2.60xeab2No error (0)userstatics.com104.21.53.38A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.616980076 CEST1.1.1.1192.168.2.60xeab2No error (0)userstatics.com172.67.208.186A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.646620035 CEST1.1.1.1192.168.2.60x8d16No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:54.646620035 CEST1.1.1.1192.168.2.60x8d16No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:28:55.456624985 CEST1.1.1.1192.168.2.60x4b8cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                        Apr 26, 2024 20:28:55.456624985 CEST1.1.1.1192.168.2.60x4b8cNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:29:13.213537931 CEST1.1.1.1192.168.2.60x9dc9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                        Apr 26, 2024 20:29:13.213537931 CEST1.1.1.1192.168.2.60x9dc9No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:29:44.807630062 CEST1.1.1.1192.168.2.60x7a33No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                        Apr 26, 2024 20:29:44.807630062 CEST1.1.1.1192.168.2.60x7a33No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                        Apr 26, 2024 20:30:09.863166094 CEST1.1.1.1192.168.2.60x85b4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                        Apr 26, 2024 20:30:09.863166094 CEST1.1.1.1192.168.2.60x85b4No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.google.com
                                                        • https:
                                                          • ipwho.is
                                                          • userstatics.com

                                                        HTTPS Connections

                                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                        Apr 26, 2024 20:28:54.865931034 CEST173.222.162.64443192.168.2.649698CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,028a2c9bd18a11de089ef85a160da29e4
                                                        CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.649704142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:41 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:42 UTC1703INHTTP/1.1 200 OK
                                                        Date: Fri, 26 Apr 2024 18:28:42 GMT
                                                        Pragma: no-cache
                                                        Expires: -1
                                                        Cache-Control: no-cache, must-revalidate
                                                        Content-Type: text/javascript; charset=UTF-8
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-38rnekrtVRZds3fXAmLXEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                        Accept-CH: Sec-CH-UA-Platform
                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                        Accept-CH: Sec-CH-UA-Arch
                                                        Accept-CH: Sec-CH-UA-Model
                                                        Accept-CH: Sec-CH-UA-Bitness
                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                        Accept-CH: Sec-CH-UA-WoW64
                                                        Permissions-Policy: unload=()
                                                        Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                        Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                        Content-Disposition: attachment; filename="f.txt"
                                                        Server: gws
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-04-26 18:28:42 UTC790INData Raw: 33 30 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6f 64 65 72 6e 20 68 6f 72 69 7a 6f 6e 73 20 33 20 63 6f 6d 6d 61 6e 64 65 72 20 64 65 63 6b 73 20 6c 65 61 6b 73 22 2c 22 63 6c 65 61 72 20 63 61 6c 69 66 6f 72 6e 69 61 20 61 69 72 70 6f 72 74 73 22 2c 22 64 72 61 6b 65 20 72 65 6c 61 79 73 20 32 30 32 34 20 6c 69 76 65 20 72 65 73 75 6c 74 73 22 2c 22 6c 75 66 74 68 61 6e 73 61 20 37 34 37 20 72 6f 75 67 68 20 6c 61 6e 64 69 6e 67 20 6c 61 78 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 67 61 72 72 79 20 6d 6f 64 22 2c 22 72 65 64 64 69 74 20 64 6f 77 6e 74 69 6d 65 22 2c 22 6d 6c 62 20 70 6f 77 65 72 20 72 61 6e 6b 69 6e 67 73 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 74 6f 72 6e 61 64 6f 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22
                                                        Data Ascii: 30f)]}'["",["modern horizons 3 commander decks leaks","clear california airports","drake relays 2024 live results","lufthansa 747 rough landing lax","nintendo garry mod","reddit downtime","mlb power rankings","weather storms tornadoes"],["","","","",""
                                                        2024-04-26 18:28:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.649705142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:42 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:42 UTC1816INHTTP/1.1 302 Found
                                                        Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGNrkr7EGIjAN3Bft4uexmfUXiVtkomhAxRzLDtJaDUBuyO4ARTh8Rx52Df-r6F0ofl4GYLbZcEwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                        x-hallmonitor-challenge: CgwI2uSvsQYQ2ev7-QISBGaBmNw
                                                        Content-Type: text/html; charset=UTF-8
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                        Permissions-Policy: unload=()
                                                        Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                        Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Date: Fri, 26 Apr 2024 18:28:42 GMT
                                                        Server: gws
                                                        Content-Length: 427
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Set-Cookie: 1P_JAR=2024-04-26-18; expires=Sun, 26-May-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                        Set-Cookie: NID=513=GTVuF9I7CBtuIdJsbLLj018FotKEso2DHerhiAkArfxVdA3zmmEmYDgNOK5-6YJovconNle0UuTEBPQFwKOq_BWTxcJ6SFdEsBmwxEdGSZz6aq30ywOYlvOU8vztEDU4wja8-1b_tb8_candCNWqntzCI04OEKnFv56vPwikO28; expires=Sat, 26-Oct-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:42 UTC427INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e
                                                        Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.649707142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:42 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:42 UTC1843INHTTP/1.1 302 Found
                                                        Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGNrkr7EGIjAffliYVjUafnqEn1nf1WBUXylN-raRGQu5KRfTjJF73c9LLKbtvVEAwrSinls-2mkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                        x-hallmonitor-challenge: CgwI2uSvsQYQsdyuzwISBGaBmNw
                                                        Content-Type: text/html; charset=UTF-8
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                        Permissions-Policy: unload=()
                                                        Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                        Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Date: Fri, 26 Apr 2024 18:28:42 GMT
                                                        Server: gws
                                                        Content-Length: 458
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Set-Cookie: 1P_JAR=2024-04-26-18; expires=Sun, 26-May-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                        Set-Cookie: NID=513=TCTqhoTgNlVXjgZAyGl3pS4Qlsgwq1NYraMOVQJg5qChHvjRCtwoZ7Q6wr-CLt9r6QwrZMhPKiUM1gv4WjznWTwd7y6UpPOwmiKhwjlNM_hNgq5RQcDqpr2tf5TCsVn8cy0gsAkKymfdFY1EThFApk-kbM8aTOnsVr2OE_lVQyI; expires=Sat, 26-Oct-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:42 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                                                        Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.649706142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:42 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:42 UTC1761INHTTP/1.1 302 Found
                                                        Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGNrkr7EGIjD1Eo30sMgLPOkbAyebDizDqvqp4myoFV1GW2T6eQQm_B_smULw6b0vO5nJMTm-Q-IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                        x-hallmonitor-challenge: CgwI2uSvsQYQk8z84AISBGaBmNw
                                                        Content-Type: text/html; charset=UTF-8
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                        Permissions-Policy: unload=()
                                                        Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                        Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Date: Fri, 26 Apr 2024 18:28:42 GMT
                                                        Server: gws
                                                        Content-Length: 417
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Set-Cookie: 1P_JAR=2024-04-26-18; expires=Sun, 26-May-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                        Set-Cookie: NID=513=cxjmX-MC-l-yIqB8gIlG2HwBpgtkU5SZc2cgTQa7UZyZaVNpRNxbhnGnuXtoxr3gTeA4R-PrF6bNE9dqwSGs9abQcuut83Skujxb6tyiVDU7jPLwPEjGFmDv1891jfeW4WP-y1yyXLEnMiFJSmZcvS8I-_iVoLv8XC2Ih__GzAE; expires=Sat, 26-Oct-2024 18:28:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:42 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                                                        Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.649711142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:44 UTC900OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGNrkr7EGIjAffliYVjUafnqEn1nf1WBUXylN-raRGQu5KRfTjJF73c9LLKbtvVEAwrSinls-2mkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: 1P_JAR=2024-04-26-18; NID=513=TCTqhoTgNlVXjgZAyGl3pS4Qlsgwq1NYraMOVQJg5qChHvjRCtwoZ7Q6wr-CLt9r6QwrZMhPKiUM1gv4WjznWTwd7y6UpPOwmiKhwjlNM_hNgq5RQcDqpr2tf5TCsVn8cy0gsAkKymfdFY1EThFApk-kbM8aTOnsVr2OE_lVQyI
                                                        2024-04-26 18:28:44 UTC356INHTTP/1.1 429 Too Many Requests
                                                        Date: Fri, 26 Apr 2024 18:28:44 GMT
                                                        Pragma: no-cache
                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                        Content-Type: text/html
                                                        Server: HTTP server (unknown)
                                                        Content-Length: 3186
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:44 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                                        2024-04-26 18:28:44 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 71 70 5a 59 5a 61 78 41 36
                                                        Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="qpZYZaxA6
                                                        2024-04-26 18:28:44 UTC1032INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                                                        Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.649712142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:44 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGNrkr7EGIjD1Eo30sMgLPOkbAyebDizDqvqp4myoFV1GW2T6eQQm_B_smULw6b0vO5nJMTm-Q-IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: 1P_JAR=2024-04-26-18; NID=513=cxjmX-MC-l-yIqB8gIlG2HwBpgtkU5SZc2cgTQa7UZyZaVNpRNxbhnGnuXtoxr3gTeA4R-PrF6bNE9dqwSGs9abQcuut83Skujxb6tyiVDU7jPLwPEjGFmDv1891jfeW4WP-y1yyXLEnMiFJSmZcvS8I-_iVoLv8XC2Ih__GzAE
                                                        2024-04-26 18:28:45 UTC356INHTTP/1.1 429 Too Many Requests
                                                        Date: Fri, 26 Apr 2024 18:28:45 GMT
                                                        Pragma: no-cache
                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                        Content-Type: text/html
                                                        Server: HTTP server (unknown)
                                                        Content-Length: 3114
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:45 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                                        2024-04-26 18:28:45 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 46 66 39 32 72 44 61 34 78 44 38 51 79 71 42 4e 37 4c 70 44 6b 44 32 49 33 30 47 54 4d 64 78 48 74
                                                        Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="Ff92rDa4xD8QyqBN7LpDkD2I30GTMdxHt
                                                        2024-04-26 18:28:45 UTC960INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                                                        Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.649713142.250.217.1964435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:44 UTC742OUTGET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGNrkr7EGIjAN3Bft4uexmfUXiVtkomhAxRzLDtJaDUBuyO4ARTh8Rx52Df-r6F0ofl4GYLbZcEwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: 1P_JAR=2024-04-26-18; NID=513=GTVuF9I7CBtuIdJsbLLj018FotKEso2DHerhiAkArfxVdA3zmmEmYDgNOK5-6YJovconNle0UuTEBPQFwKOq_BWTxcJ6SFdEsBmwxEdGSZz6aq30ywOYlvOU8vztEDU4wja8-1b_tb8_candCNWqntzCI04OEKnFv56vPwikO28
                                                        2024-04-26 18:28:45 UTC356INHTTP/1.1 429 Too Many Requests
                                                        Date: Fri, 26 Apr 2024 18:28:45 GMT
                                                        Pragma: no-cache
                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                        Content-Type: text/html
                                                        Server: HTTP server (unknown)
                                                        Content-Length: 3132
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-04-26 18:28:45 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
                                                        2024-04-26 18:28:45 UTC1255INData Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 75 44 41 5f 64 71 53 43 65 58 4f 78 36 33 64 32 62 73 44 42 38 72 73 6a 5f 64 30
                                                        Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="uDA_dqSCeXOx63d2bsDB8rsj_d0
                                                        2024-04-26 18:28:45 UTC978INData Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e
                                                        Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.64972215.204.213.54435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:51 UTC582OUTGET /?lang=en HTTP/1.1
                                                        Host: ipwho.is
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://xxxjns2qi.z13.web.core.windows.net
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://xxxjns2qi.z13.web.core.windows.net/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:51 UTC255INHTTP/1.1 200 OK
                                                        Date: Fri, 26 Apr 2024 18:28:51 GMT
                                                        Content-Type: application/json; charset=utf-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Server: ipwhois
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Headers: *
                                                        X-Robots-Tag: noindex
                                                        2024-04-26 18:28:51 UTC715INData Raw: 32 62 66 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 79 70 65 22 3a 22 49 50 76 34 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 46 6c 6f 72 69 64 61 22 2c 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 22 46 4c 22 2c 22 63 69 74 79 22 3a 22 4d 69 61 6d 69 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 32 35 2e 37 36 31 36 37 39 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 30 2e 31 39 31 37 39 30 32 2c 22 69
                                                        Data Ascii: 2bf{"ip":"102.129.152.220","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Florida","region_code":"FL","city":"Miami","latitude":25.7616798,"longitude":-80.1917902,"i


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.64973415.204.213.54435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:54 UTC340OUTGET /?lang=en HTTP/1.1
                                                        Host: ipwho.is
                                                        Connection: keep-alive
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: */*
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:54 UTC223INHTTP/1.1 200 OK
                                                        Date: Fri, 26 Apr 2024 18:28:54 GMT
                                                        Content-Type: application/json; charset=utf-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Server: ipwhois
                                                        Access-Control-Allow-Headers: *
                                                        X-Robots-Tag: noindex
                                                        2024-04-26 18:28:54 UTC1021INData Raw: 33 66 31 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 46 6c 6f
                                                        Data Ascii: 3f1{ "About Us": "https:\/\/ipwhois.io", "ip": "102.129.152.220", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Flo


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.649743104.21.53.384435668C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-04-26 18:28:54 UTC599OUTGET /get/script.js?referrer=https://xxxjns2qi.z13.web.core.windows.net/ HTTP/1.1
                                                        Host: userstatics.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: script
                                                        Referer: https://xxxjns2qi.z13.web.core.windows.net/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-04-26 18:28:55 UTC808INHTTP/1.1 200 OK
                                                        Date: Fri, 26 Apr 2024 18:28:55 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        X-Powered-By: PHP/8.2.1
                                                        Access-Control-Allow-Origin: https://xxxjns2qi.z13.web.core.windows.net
                                                        Access-Control-Allow-Methods: GET, POST
                                                        Access-Control-Allow-Headers: X-Requested-With,content-type
                                                        Access-Control-Allow-Credentials: true
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YUq9EknRIDJnWFuUGqJrlApeI3VCiFoHjA4eKgLfFvAK0gurnNEuvy7Ve4HsVEgim7jYJL9ZP5bOGQwS80gfY7CY9kGzYX34tEqCenRWHhgkucZFuOjBa9WdvQy5if91yr4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 87a8a2a459b6da1f-MIA
                                                        alt-svc: h3=":443"; ma=86400
                                                        2024-04-26 18:28:55 UTC139INData Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a
                                                        Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
                                                        2024-04-26 18:28:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:20:28:31
                                                        Start date:26/04/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                        Imagebase:0x7ff684c40000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:3
                                                        Start time:20:28:38
                                                        Start date:26/04/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2560,i,14915970087761976437,14686006363847418362,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                        Imagebase:0x7ff684c40000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:20:28:40
                                                        Start date:26/04/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                                                        Imagebase:0x7ff684c40000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:20:28:40
                                                        Start date:26/04/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=904 --field-trial-handle=1136,i,3019338326937331567,952841908332228127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                        Imagebase:0x7ff684c40000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:20:28:41
                                                        Start date:26/04/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://xxxjns2qi.z13.web.core.windows.net/"
                                                        Imagebase:0x7ff684c40000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        Disassembly

                                                        No disassembly