Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://apidevst.com

Overview

General Information

Sample URL:http://apidevst.com
Analysis ID:1436593
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,17449975914517360887,1340231660079692741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=964,i,7821398057109531615,15787434121257409365,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 1928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apidevst.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:05/06/24-05:32:50.239397
SID:2052291
Source Port:49756
Destination Port:443
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:05/06/24-05:32:50.096279
SID:2052290
Source Port:61108
Destination Port:53
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:05/06/24-05:32:49.320966
SID:2052290
Source Port:55609
Destination Port:53
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:05/06/24-05:32:50.095795
SID:2052290
Source Port:50662
Destination Port:53
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:05/06/24-05:32:49.322227
SID:2052290
Source Port:51545
Destination Port:53
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:05/06/24-05:32:53.145405
SID:2052291
Source Port:49757
Destination Port:443
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: apidevst.comVirustotal: Detection: 17%Perma Link
Source: http://apidevst.com/Virustotal: Detection: 17%Perma Link
Multi AV Scanner detection for submitted file
Source: http://apidevst.comVirustotal: Detection: 17%Perma Link
Source: https://apidevst.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.4:49746 version: TLS 1.2

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2052290 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) 192.168.2.4:55609 -> 1.1.1.1:53
Source: TrafficSnort IDS: 2052290 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) 192.168.2.4:51545 -> 1.1.1.1:53
Source: TrafficSnort IDS: 2052290 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) 192.168.2.4:50662 -> 1.1.1.1:53
Source: TrafficSnort IDS: 2052290 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) 192.168.2.4:61108 -> 1.1.1.1:53
Source: TrafficSnort IDS: 2052291 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) 192.168.2.4:49756 -> 193.124.22.107:443
Source: TrafficSnort IDS: 2052291 ET CURRENT_EVENTS TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) 192.168.2.4:49757 -> 193.124.22.107:443
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknownTCP traffic detected without corresponding DNS query: 162.222.107.20
Source: unknownTCP traffic detected without corresponding DNS query: 162.222.107.20
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.93
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: apidevst.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: apidevst.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apidevst.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: apidevst.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: apidevst.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 06 May 2024 03:32:52 GMTContent-Type: text/html; charset=utf-8Content-Length: 147Connection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 06 May 2024 03:32:52 GMTVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 06 May 2024 03:32:54 GMTContent-Type: text/htmlContent-Length: 548Connection: close
Source: chromecache_61.3.drString found in binary or memory: http://www.broofa.com
Source: chromecache_68.3.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_68.3.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_68.3.dr, chromecache_61.3.drString found in binary or memory: https://apis.google.com
Source: chromecache_68.3.drString found in binary or memory: https://clients6.google.com
Source: chromecache_68.3.drString found in binary or memory: https://content.googleapis.com
Source: chromecache_68.3.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_68.3.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_61.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_61.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_61.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_61.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_61.3.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_68.3.drString found in binary or memory: https://plus.google.com
Source: chromecache_68.3.drString found in binary or memory: https://plus.googleapis.com
Source: chromecache_68.3.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_68.3.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_68.3.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_61.3.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_61.3.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_61.3.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: classification engineClassification label: mal64.win@26/16@8/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,17449975914517360887,1340231660079692741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=964,i,7821398057109531615,15787434121257409365,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apidevst.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,17449975914517360887,1340231660079692741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=964,i,7821398057109531615,15787434121257409365,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://apidevst.com0%Avira URL Cloudsafe
http://apidevst.com17%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
apidevst.com17%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.broofa.com0%URL Reputationsafe
https://csp.withgoogle.com/csp/lcreport/0%URL Reputationsafe
https://apidevst.com/favicon.ico0%Avira URL Cloudsafe
http://apidevst.com/0%Avira URL Cloudsafe
http://apidevst.com/17%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
142.250.64.206
truefalse
    		high
    www.google.com
    		172.217.165.196
    		truefalse
      		high
      apidevst.com
      		193.124.22.107
      		truetrueunknown
      apis.google.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://apidevst.com/favicon.icotrue
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
          		high
          https://apidevst.com/false
            		unknown
            http://apidevst.com/true
            • 17%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0false
              		high
              https://www.google.com/async/newtab_promosfalse
                		high
                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://play.google.com/log?format=json&hasfast=truechromecache_61.3.drfalse
                    		high
                    http://www.broofa.comchromecache_61.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://csp.withgoogle.com/csp/lcreport/chromecache_68.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://apis.google.comchromecache_68.3.dr, chromecache_61.3.drfalse
                      		high
                      https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_68.3.drfalse
                        		high
                        https://domains.google.com/suggest/flowchromecache_68.3.drfalse
                          		high
                          https://clients6.google.comchromecache_68.3.drfalse
                            		high
                            https://plus.google.comchromecache_68.3.drfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              193.124.22.107
                              		apidevst.comRussian Federation
                              		20853ETOP-ASPLtrue
                              142.250.64.206
                              		plus.l.google.comUnited States
                              		15169GOOGLEUSfalse
                              172.217.165.196
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse

                              Private

                              IP
                              192.168.2.4

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1436593
                              Start date and time:2024-05-06 05:31:31 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 30s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:http://apidevst.com
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal64.win@26/16@8/5
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 142.250.64.131, 142.250.64.174, 173.194.213.84, 34.104.35.123, 13.85.23.86, 72.21.81.240, 192.229.211.108, 52.165.164.15, 172.217.2.206
                              • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtSetInformationFile calls found.

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              Chrome Cache Entry: 61

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (2294)
                              Category:downloaded
                              Size (bytes):163286
                              Entropy (8bit):5.544045381504343
                              Encrypted:false
                              SSDEEP:3072:CMiFOP4roKgkk/EFZMQbxjZW1BKo6JMI6l0nt8Uv1ziwtXOmDsY+WwYLF/HrY7+A:CMiroKfbMQbxjZW1BKo6JMI6l0nt8Uvq
                              MD5:9D9987F6E83F101A097A0BD64A14C71B
                              SHA1:E71E10897E0E874DE4D12125D5DF2F7FCE08F585
                              SHA-256:D0975FC00A61201A54714BE8DF5E50F02B277E133BA08ABD9DEEA33934FA28A9
                              SHA-512:5AE557145F0E0FF3E768AFC63B3E4855F53DCA49D46A22ACB169CC6DC58FF2B11C776B419141EB12C8B0CF7BBD16E928F9EE5AF5014DD976130B00A1995B325E
                              Malicious:false
                              Reputation:low
                              URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ics7SFQVxbg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTtpRznzVJk75Y4TcT-zpGGUjebtAg"
                              Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.cj=function(a,b,c){return c?a|b:a&~b};_.dj=function(a,b,c,d){a=_.jb(a,b,c,d);return Array.isArray(a)?a:_.kc};_.ej=function(a,b){a=_.cj(a,2,!!(2&b));a=_.cj(a,32,!0);return a=_.cj(a,2048,!1)};_.fj=function(a,b){0===a&&(a=_.ej(a,b));return a=_.cj(a,1,!0)};_.gj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.hj=function(a,b,c){32&b&&c||(a=_.cj(a,32,!1));return a};._.ij=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.dj(a,b,d);var l=g[_.v]|0;const n=!!(4&l);if(!n){l=_.fj(l,b);var p=g,t=b,r;(r=!!(2&l))&&(t=_.cj(t,2,!0));let B=!r,aa=!0,K=0,F=0;for(;K<p.length;K++){const ba=_.Ua(p[K],c,t);if(ba instanceof c){if(!r){const Ca=!!((ba.ka[_.v]|0)&2);B&&(B=!Ca);aa&&(aa=Ca)}p[F++]=ba}}F<K&&(p.length=F);l=_.cj(l,4,!0);l=_.cj(l,16,aa);l=_.cj(l,8,B);_.ya(p,l);r&&Object.freeze(p)}c=!!(8&l)||k&&!g.length;if(f&&!c){_.gj(l)&&(g=_.xa(g),.l=_.ej(l,b),b=_.ib(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],t=_

                              Chrome Cache Entry: 62

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (6841)
                              Category:downloaded
                              Size (bytes):6846
                              Entropy (8bit):5.798051837404007
                              Encrypted:false
                              SSDEEP:192:R6H6666Y2bVtYU+U1kSmdN6666V73S322oC/9E:R6H6666NtYUf5o6666p3SmM2
                              MD5:805444D359D023A49DA3646801B294CF
                              SHA1:55770C09C92E0AC66990512A5058AC683E5D8E63
                              SHA-256:1F5DECA3D83FD3B4583294476ABF0649FF1B6F723A80E933A3D5CB8C598CA661
                              SHA-512:91FDE13B54DFA4EC1DA1EDB08C6006B4A454B245565BDD6C1B01E1179A0658DB650E9859138918E14A0800517C4DAE818C0C255093C2A91E60C95BE5B29B7872
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["",["monopoly go fiesta loca rewards","nick chubb","houston texas flooding","nyc five boro bike tour road closures","lando norris miami grand prix","costco may 2024 coupon book","left behind gray zone warfare","caitlin clark wnba indiana fever"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgsvbS8wMTI2OTVjcBIVRm9vdGJhbGwgcnVubmluZyBiYWNrMrMQZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYUFBQURBUUVCQVFBQUFBQUFBQUFBQUFBRUJRY0dBd0lCLzhRQU9CQUFBUU1EQXdFRUJ3UUxBQUFBQUFBQUFRSURCQUFGRVFZU0lURVRVV0Z4RkNJeVFZR1JzUlVqb2ZBSEZpUXpRbEppY3FMQjRmL0VBQ

                              Chrome Cache Entry: 63

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):29
                              Entropy (8bit):3.9353986674667634
                              Encrypted:false
                              SSDEEP:3:VQAOx/1n:VQAOd1n
                              MD5:6FED308183D5DFC421602548615204AF
                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/async/newtab_promos
                              Preview:)]}'.{"update":{"promos":{}}}

                              Chrome Cache Entry: 64

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (3572), with no line terminators
                              Category:downloaded
                              Size (bytes):3572
                              Entropy (8bit):5.140651484312947
                              Encrypted:false
                              SSDEEP:48:vZUJVKLICJEconBdpZUvGCUvGULHg7OTehn5hsbrc7g8IO8u0Y8D2n:yJYI/coXqCg7OSfg8IO8uB8D2n
                              MD5:122C0858F7D38991F14E5ADC6BDB3C3B
                              SHA1:FFC64755EB42990A73C4878426A641CFB94B57EE
                              SHA-256:06D1296A6F6611AC795B27882FE88823EE857D0F49F7018CF00C6A199976DC0D
                              SHA-512:149A1FB533C8C7D5EA363B80982DC1EC4C39E5EF9BB37E45BC80E105B18C3FA4DC610449BBD70DE9B9AC7339FEBBBD4FF76C2A9D1FD104D1943A386539AC4D44
                              Malicious:false
                              Reputation:low
                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.RS0dNtaZmo0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuhe2hCYlalU7rKCW-qT_-zMhVRaw"
                              Preview:.gb_2e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Fc{text-align:left}.gb_Fc>*{color:#bdc1c6;line-height:16px}.gb_Fc div:first-child{color:white}.gb_pa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_pa:hover{background-color:rgba(68,71,70,.08)}.gb_pa:focus,.gb_pa:active{background-color:rgba(68,71,70,.12)}.gb_pa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_pa:hover,.gb_i .gb_pa:focus,.gb_i .gb_pa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_pa:focus-visible{border-color:#a8c7fa}.gb_qa{-webkit-box

                              Chrome Cache Entry: 65

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (65531)
                              Category:downloaded
                              Size (bytes):137078
                              Entropy (8bit):5.4411107500040945
                              Encrypted:false
                              SSDEEP:1536:jdGuEyWn2zuFRDP6nWysx3DMqPKnrzNSpGiV1p+RHPGb4gujNP8jZRLM9rZxMkPr:Dsnoap3DTKnrQpG4nQUduO6ZxMkmwXd
                              MD5:0D3A4A228D9FD31ADA3AD0D8D5C48E44
                              SHA1:4902D20B8F6CD7163C6055EDA9B9C0A6F59AF9BD
                              SHA-256:2F88BB5DB44C645506DBA49F77B7A807C551E862742A79F8C965895F25C43ACB
                              SHA-512:4B9B9E34BBA9CF86BD889CACA2E8A9B60DDB46AE80D105016ECB8855C8FE79913F7840C7B7190866ABFB6FE2E6AE16FEA926245DB008902000DAAD5FD8C06D8D
                              Malicious:false
                              Reputation:low
                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Hd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Oc gb_Rc gb_q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                              Chrome Cache Entry: 66

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:downloaded
                              Size (bytes):548
                              Entropy (8bit):4.688532577858027
                              Encrypted:false
                              SSDEEP:12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
                              MD5:370E16C3B7DBA286CFF055F93B9A94D8
                              SHA1:65F3537C3C798F7DA146C55AEF536F7B5D0CB943
                              SHA-256:D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
                              SHA-512:75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
                              Malicious:false
                              Reputation:low
                              URL:https://apidevst.com/favicon.ico
                              Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                              Chrome Cache Entry: 67

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:downloaded
                              Size (bytes):1660
                              Entropy (8bit):4.301517070642596
                              Encrypted:false
                              SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                              Malicious:false
                              Reputation:low
                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                              Chrome Cache Entry: 68

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (2124)
                              Category:downloaded
                              Size (bytes):121628
                              Entropy (8bit):5.506662476672723
                              Encrypted:false
                              SSDEEP:3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
                              MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                              SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                              SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                              SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                              Malicious:false
                              Reputation:low
                              URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                              Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

                              Static File Info

                              No static file info

                              Network Behavior

                              Snort IDS Alerts

                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              05/06/24-05:32:50.239397TCP2052291ET CURRENT_EVENTS TA569 Keitaro TDS Domain in TLS SNI (apidevst .com)49756443192.168.2.4193.124.22.107
                              05/06/24-05:32:50.096279UDP2052290ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com)6110853192.168.2.41.1.1.1
                              05/06/24-05:32:49.320966UDP2052290ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com)5560953192.168.2.41.1.1.1
                              05/06/24-05:32:50.095795UDP2052290ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com)5066253192.168.2.41.1.1.1
                              05/06/24-05:32:49.322227UDP2052290ET CURRENT_EVENTS TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com)5154553192.168.2.41.1.1.1
                              05/06/24-05:32:53.145405TCP2052291ET CURRENT_EVENTS TA569 Keitaro TDS Domain in TLS SNI (apidevst .com)49757443192.168.2.4193.124.22.107

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              May 6, 2024 05:32:11.486376047 CEST49675443192.168.2.4173.222.162.32
                              May 6, 2024 05:32:13.689533949 CEST49678443192.168.2.4104.46.162.224
                              May 6, 2024 05:32:21.111381054 CEST49675443192.168.2.4173.222.162.32
                              May 6, 2024 05:32:22.389455080 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.389493942 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.389554024 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.391377926 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.391393900 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.624387980 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.624414921 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.624488115 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.625111103 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.625133038 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.625188112 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.625428915 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.625439882 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.627005100 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.627017021 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.628925085 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.670028925 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.670058012 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.671101093 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.671159029 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.689519882 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.689589977 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.694523096 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.694542885 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.788960934 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.858956099 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.861191034 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.871299028 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.871308088 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.871653080 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.871666908 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.872374058 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.872484922 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.872710943 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.872765064 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.872944117 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.873018026 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.873222113 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.873279095 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.873575926 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.873586893 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.873732090 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.873737097 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.881654024 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.881705999 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.881757021 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.881773949 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.885322094 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.885457039 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.885464907 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.889107943 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.889164925 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.889173031 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.896811962 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.896876097 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.897042036 CEST49733443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.897058010 CEST44349733172.217.165.196192.168.2.4
                              May 6, 2024 05:32:22.919558048 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:22.919559002 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.117510080 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.117677927 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.117753983 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.119390011 CEST49734443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.119400978 CEST44349734172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130709887 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130760908 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130816936 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.130841970 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130884886 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130918026 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.130960941 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.130970001 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.131010056 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.138215065 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.145926952 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.146003962 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.146075010 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.146085978 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.146123886 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.151493073 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.159168959 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.161338091 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.161350012 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.217175961 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.240206957 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.244034052 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.244066954 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.244079113 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.244091034 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.244155884 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.251669884 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.259311914 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.259346962 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.259357929 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.259368896 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.259409904 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.267045021 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.274662971 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.274693966 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.274722099 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.274732113 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.274770975 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.282325983 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.289359093 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.289390087 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.289412975 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.289423943 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.289522886 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.296379089 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.303385019 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.303417921 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.303438902 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.303448915 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.303495884 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.310429096 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.317637920 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.319884062 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.319899082 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.328005075 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.328042984 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.328105927 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.328114986 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.328159094 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.349792004 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.352636099 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.352668047 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.352718115 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.352726936 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.352762938 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.358119965 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.363461018 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.363497019 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.363557100 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.363569021 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.363612890 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.368459940 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.373347044 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.373379946 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.373436928 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.373447895 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.373502016 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.378307104 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.383270025 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.383302927 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.383357048 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.383368969 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.383411884 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.388230085 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.393227100 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.393260956 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.393311977 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.393328905 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.393376112 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.398149014 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.403100014 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.405308962 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.405318975 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.405571938 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.409377098 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.409385920 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.410564899 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.413403034 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.413412094 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.415568113 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.417433977 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.417443037 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.420531034 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.421319008 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.421327114 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.425477982 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.429366112 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.429373980 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.430412054 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.433398962 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.433408022 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.435235023 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.437357903 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.437366009 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.440129995 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.441313028 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.441320896 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.444751024 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.445584059 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.445593119 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.449413061 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.453438044 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.453448057 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.453851938 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.454674959 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.454684973 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.458139896 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.461332083 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.461343050 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.464690924 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.464730024 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.464773893 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.464783907 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.464823961 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.469033003 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.473418951 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.473449945 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.473468065 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.473476887 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.473520041 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.476207018 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.478823900 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.478874922 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.478924990 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.478948116 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.478997946 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.481501102 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.484113932 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.484146118 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.484164000 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.484181881 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.485502005 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.486689091 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.489233017 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.489267111 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.489304066 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.489315033 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.489353895 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.491792917 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.491866112 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.491919041 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.491928101 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.494362116 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.496819019 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.496875048 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.496884108 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.496925116 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.496932030 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.496947050 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:23.497324944 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:23.583350897 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:24.684743881 CEST49735443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:24.684756994 CEST44349735172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.241714954 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.241748095 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.241849899 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.242316008 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.242327929 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.274899006 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.274928093 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.275019884 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.275418043 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.275433064 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.479789972 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.480186939 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.480201006 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.481112957 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.481189013 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.509721041 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.509963036 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.509980917 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.510261059 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.510704041 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.510762930 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:26.625885010 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:26.753379107 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.753485918 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.753638983 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.800120115 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.813365936 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.813378096 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864527941 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864583015 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864603996 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.864617109 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864643097 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864662886 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.864707947 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.864707947 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.864717960 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.872026920 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.872126102 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.872133970 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.879703045 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.879803896 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.879817009 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.887396097 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.887465000 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.887471914 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.973848104 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.973890066 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.973910093 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.973920107 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.974081039 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.977689028 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.985274076 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.985428095 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.985440016 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.992952108 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.992975950 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.993046045 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:26.993056059 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:26.993129015 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.000560999 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.008229971 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.008249998 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.008373022 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.008387089 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.008446932 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.015898943 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.022984982 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.023015022 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.023097038 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.023107052 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.023197889 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.030075073 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.037233114 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.037256956 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.037286997 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.037297010 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.037381887 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.044343948 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.051441908 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.051467896 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.051522017 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.051531076 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.051729918 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.058558941 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.065660000 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.065705061 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.065726995 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.065737009 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.065783978 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.083462954 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.086641073 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.086673975 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.086728096 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.086736917 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.086792946 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.092524052 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.098191977 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.098216057 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.098256111 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.098264933 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.098396063 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.103481054 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.108728886 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.108752966 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.108794928 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.108809948 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.108854055 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.113714933 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.118674040 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.118697882 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.118769884 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.118783951 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.118833065 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.123652935 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.128674984 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.128700018 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.128722906 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.128731012 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.128766060 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.133660078 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.136133909 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.136517048 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.136523962 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.141139030 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.141218901 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.141233921 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.146078110 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.146132946 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.146141052 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.151101112 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.151166916 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.151175976 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.156061888 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.156106949 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.156114101 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.160979986 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.161039114 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.161047935 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.165986061 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.166083097 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.166090012 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.170814991 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.170883894 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.170892954 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.180124998 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.180171967 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.180229902 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.180239916 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.180294991 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.184576035 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.189023972 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.189050913 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.189100027 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.189110041 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.189219952 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.193244934 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.195444107 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.197402954 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.197412014 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.199697971 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.203435898 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.203447104 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.203952074 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.203999996 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.204008102 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.206640005 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.206728935 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.206737995 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.209256887 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.211096048 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.211102962 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.211838961 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.211888075 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:27.211992025 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.242532969 CEST49743443192.168.2.4142.250.64.206
                              May 6, 2024 05:32:27.242558002 CEST44349743142.250.64.206192.168.2.4
                              May 6, 2024 05:32:31.466517925 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.466552019 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.466615915 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.469208002 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.469223976 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.696773052 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.696844101 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.699637890 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.699646950 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.699851990 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.743690968 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.784120083 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.911758900 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.960010052 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.960036039 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.960045099 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:31.960134983 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.960165977 CEST4434974523.196.177.159192.168.2.4
                              May 6, 2024 05:32:31.960206985 CEST49745443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.030911922 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.030944109 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.031008005 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.032084942 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.032105923 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.255467892 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.255533934 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.265528917 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.265547991 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.265738964 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.269360065 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.316108942 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.475235939 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.516310930 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.516370058 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.517119884 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.517139912 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:32.517172098 CEST49746443192.168.2.423.196.177.159
                              May 6, 2024 05:32:32.517179012 CEST4434974623.196.177.159192.168.2.4
                              May 6, 2024 05:32:36.495903015 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:36.495956898 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:36.496002913 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:37.053150892 CEST49744443192.168.2.4172.217.165.196
                              May 6, 2024 05:32:37.053177118 CEST44349744172.217.165.196192.168.2.4
                              May 6, 2024 05:32:43.085520983 CEST8049723162.222.107.20192.168.2.4
                              May 6, 2024 05:32:43.085733891 CEST4972380192.168.2.4162.222.107.20
                              May 6, 2024 05:32:43.085733891 CEST4972380192.168.2.4162.222.107.20
                              May 6, 2024 05:32:43.194896936 CEST8049723162.222.107.20192.168.2.4
                              May 6, 2024 05:32:49.459983110 CEST4975380192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.460998058 CEST4975480192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.614658117 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.710731983 CEST8049753193.124.22.107192.168.2.4
                              May 6, 2024 05:32:49.710807085 CEST4975380192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.711574078 CEST4975380192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.713565111 CEST8049754193.124.22.107192.168.2.4
                              May 6, 2024 05:32:49.713624954 CEST4975480192.168.2.4193.124.22.107
                              May 6, 2024 05:32:49.862952948 CEST8049755193.124.22.107192.168.2.4
                              May 6, 2024 05:32:49.863035917 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.003235102 CEST8049753193.124.22.107192.168.2.4
                              May 6, 2024 05:32:50.091866970 CEST8049753193.124.22.107192.168.2.4
                              May 6, 2024 05:32:50.091938972 CEST4975380192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.093883991 CEST4975380192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.239094019 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.239110947 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:50.239201069 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.239397049 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:50.239408016 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:50.344188929 CEST8049753193.124.22.107192.168.2.4
                              May 6, 2024 05:32:51.193591118 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:51.243681908 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:51.261007071 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:51.261013985 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:51.261923075 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:51.262017012 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.572206974 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.572387934 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:52.575028896 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.575043917 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:52.629266977 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.902131081 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:52.902190924 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:52.902234077 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.997786045 CEST49756443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:52.997797012 CEST44349756193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.144773006 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.144814014 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.144879103 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.145405054 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.145421982 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.776742935 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.783327103 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.783348083 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.783662081 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.791934013 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.791994095 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:53.792171955 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:53.836119890 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:54.345052004 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:54.345113993 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:32:54.345267057 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:54.377959967 CEST49757443192.168.2.4193.124.22.107
                              May 6, 2024 05:32:54.377978086 CEST44349757193.124.22.107192.168.2.4
                              May 6, 2024 05:33:19.967526913 CEST8049754193.124.22.107192.168.2.4
                              May 6, 2024 05:33:19.967753887 CEST4975480192.168.2.4193.124.22.107
                              May 6, 2024 05:33:20.112632990 CEST8049755193.124.22.107192.168.2.4
                              May 6, 2024 05:33:20.112803936 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:33:26.316627026 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:26.316649914 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.316869020 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:26.317243099 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:26.317257881 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.551884890 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.552522898 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:26.552541018 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.552879095 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.553956985 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:26.554023981 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:26.594675064 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:32.641819954 CEST4972480192.168.2.423.45.182.93
                              May 6, 2024 05:33:32.751357079 CEST804972423.45.182.93192.168.2.4
                              May 6, 2024 05:33:32.751571894 CEST4972480192.168.2.423.45.182.93
                              May 6, 2024 05:33:36.542825937 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:36.542890072 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:36.542949915 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:37.054678917 CEST49760443192.168.2.4172.217.165.196
                              May 6, 2024 05:33:37.054701090 CEST44349760172.217.165.196192.168.2.4
                              May 6, 2024 05:33:51.118165016 CEST4975480192.168.2.4193.124.22.107
                              May 6, 2024 05:33:51.118194103 CEST4975480192.168.2.4193.124.22.107
                              May 6, 2024 05:33:51.118407011 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:33:51.118407011 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:33:51.366835117 CEST8049755193.124.22.107192.168.2.4
                              May 6, 2024 05:33:51.366908073 CEST4975580192.168.2.4193.124.22.107
                              May 6, 2024 05:33:51.370841026 CEST8049754193.124.22.107192.168.2.4
                              May 6, 2024 05:33:51.370892048 CEST4975480192.168.2.4193.124.22.107

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              May 6, 2024 05:32:21.725905895 CEST53599341.1.1.1192.168.2.4
                              May 6, 2024 05:32:21.821670055 CEST53536821.1.1.1192.168.2.4
                              May 6, 2024 05:32:22.275304079 CEST6549653192.168.2.41.1.1.1
                              May 6, 2024 05:32:22.275465012 CEST5469853192.168.2.41.1.1.1
                              May 6, 2024 05:32:22.385341883 CEST53546981.1.1.1192.168.2.4
                              May 6, 2024 05:32:22.385684013 CEST53654961.1.1.1192.168.2.4
                              May 6, 2024 05:32:22.798139095 CEST53511151.1.1.1192.168.2.4
                              May 6, 2024 05:32:25.219573975 CEST53530871.1.1.1192.168.2.4
                              May 6, 2024 05:32:26.128842115 CEST6448753192.168.2.41.1.1.1
                              May 6, 2024 05:32:26.129365921 CEST6198753192.168.2.41.1.1.1
                              May 6, 2024 05:32:26.238409996 CEST53644871.1.1.1192.168.2.4
                              May 6, 2024 05:32:26.240560055 CEST53619871.1.1.1192.168.2.4
                              May 6, 2024 05:32:42.925030947 CEST53593251.1.1.1192.168.2.4
                              May 6, 2024 05:32:44.864274979 CEST138138192.168.2.4192.168.2.255
                              May 6, 2024 05:32:49.320966005 CEST5560953192.168.2.41.1.1.1
                              May 6, 2024 05:32:49.322227001 CEST5154553192.168.2.41.1.1.1
                              May 6, 2024 05:32:49.431621075 CEST53556091.1.1.1192.168.2.4
                              May 6, 2024 05:32:49.461280107 CEST53515451.1.1.1192.168.2.4
                              May 6, 2024 05:32:50.095794916 CEST5066253192.168.2.41.1.1.1
                              May 6, 2024 05:32:50.096278906 CEST6110853192.168.2.41.1.1.1
                              May 6, 2024 05:32:50.206051111 CEST53506621.1.1.1192.168.2.4
                              May 6, 2024 05:32:50.445669889 CEST53611081.1.1.1192.168.2.4
                              May 6, 2024 05:33:02.672772884 CEST53649371.1.1.1192.168.2.4
                              May 6, 2024 05:33:21.665402889 CEST53574601.1.1.1192.168.2.4
                              May 6, 2024 05:33:25.538950920 CEST53496761.1.1.1192.168.2.4
                              May 6, 2024 05:33:49.033978939 CEST53641061.1.1.1192.168.2.4

                              ICMP Packets

                              TimestampSource IPDest IPChecksumCodeType
                              May 6, 2024 05:32:49.461339951 CEST192.168.2.41.1.1.1c21b(Port unreachable)Destination Unreachable
                              May 6, 2024 05:32:50.445738077 CEST192.168.2.41.1.1.1c21b(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              May 6, 2024 05:32:22.275304079 CEST192.168.2.41.1.1.10x8f7cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                              May 6, 2024 05:32:22.275465012 CEST192.168.2.41.1.1.10x76ceStandard query (0)www.google.com65IN (0x0001)false
                              May 6, 2024 05:32:26.128842115 CEST192.168.2.41.1.1.10x9a84Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                              May 6, 2024 05:32:26.129365921 CEST192.168.2.41.1.1.10xeb09Standard query (0)apis.google.com65IN (0x0001)false
                              May 6, 2024 05:32:49.320966005 CEST192.168.2.41.1.1.10x1013Standard query (0)apidevst.comA (IP address)IN (0x0001)false
                              May 6, 2024 05:32:49.322227001 CEST192.168.2.41.1.1.10x1389Standard query (0)apidevst.com65IN (0x0001)false
                              May 6, 2024 05:32:50.095794916 CEST192.168.2.41.1.1.10x7636Standard query (0)apidevst.comA (IP address)IN (0x0001)false
                              May 6, 2024 05:32:50.096278906 CEST192.168.2.41.1.1.10xec6fStandard query (0)apidevst.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              May 6, 2024 05:32:22.385341883 CEST1.1.1.1192.168.2.40x76ceNo error (0)www.google.com65IN (0x0001)false
                              May 6, 2024 05:32:22.385684013 CEST1.1.1.1192.168.2.40x8f7cNo error (0)www.google.com172.217.165.196A (IP address)IN (0x0001)false
                              May 6, 2024 05:32:26.238409996 CEST1.1.1.1192.168.2.40x9a84No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                              May 6, 2024 05:32:26.238409996 CEST1.1.1.1192.168.2.40x9a84No error (0)plus.l.google.com142.250.64.206A (IP address)IN (0x0001)false
                              May 6, 2024 05:32:26.240560055 CEST1.1.1.1192.168.2.40xeb09No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                              May 6, 2024 05:32:49.431621075 CEST1.1.1.1192.168.2.40x1013No error (0)apidevst.com193.124.22.107A (IP address)IN (0x0001)false
                              May 6, 2024 05:32:50.206051111 CEST1.1.1.1192.168.2.40x7636No error (0)apidevst.com193.124.22.107A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • www.google.com
                              • apis.google.com
                              • fs.microsoft.com
                              • apidevst.com
                              • https:

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449753193.124.22.107802700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              May 6, 2024 05:32:49.711574078 CEST427OUTGET / HTTP/1.1
                              Host: apidevst.com
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              May 6, 2024 05:32:50.091866970 CEST344INHTTP/1.1 301 Moved Permanently
                              Server: nginx
                              Date: Mon, 06 May 2024 03:32:49 GMT
                              Content-Type: text/html; charset=utf-8
                              Content-Length: 0
                              Connection: close
                              Cache-Control: no-cache, no-store, must-revalidate
                              Expires: Mon, 06 May 2024 03:32:49 GMT
                              Location: https://apidevst.com/
                              Vary: Accept-Encoding
                              Access-Control-Allow-Origin: *


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449754193.124.22.107802700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              May 6, 2024 05:33:19.967526913 CEST212INHTTP/1.0 408 Request Time-out
                              Cache-Control: no-cache
                              Connection: close
                              Content-Type: text/html
                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                              Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449755193.124.22.107802700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              May 6, 2024 05:33:20.112632990 CEST212INHTTP/1.0 408 Request Time-out
                              Cache-Control: no-cache
                              Connection: close
                              Content-Type: text/html
                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                              Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449733172.217.165.1964432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:22 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:22 UTC1191INHTTP/1.1 200 OK
                              Date: Mon, 06 May 2024 03:32:22 GMT
                              Pragma: no-cache
                              Expires: -1
                              Cache-Control: no-cache, must-revalidate
                              Content-Type: text/javascript; charset=UTF-8
                              Strict-Transport-Security: max-age=31536000
                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kD-tL2Sh9yRzcWyNtLSMpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Content-Disposition: attachment; filename="f.txt"
                              Server: gws
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-05-06 03:32:22 UTC64INData Raw: 35 38 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 66 69 65 73 74 61 20 6c 6f 63 61 20 72 65 77 61 72 64 73 22 2c 22 6e 69 63 6b 20 63 68 75 62 62 22 2c 22 68
                              Data Ascii: 580)]}'["",["monopoly go fiesta loca rewards","nick chubb","h
                              2024-05-06 03:32:22 UTC1255INData Raw: 6f 75 73 74 6f 6e 20 74 65 78 61 73 20 66 6c 6f 6f 64 69 6e 67 22 2c 22 6e 79 63 20 66 69 76 65 20 62 6f 72 6f 20 62 69 6b 65 20 74 6f 75 72 20 72 6f 61 64 20 63 6c 6f 73 75 72 65 73 22 2c 22 6c 61 6e 64 6f 20 6e 6f 72 72 69 73 20 6d 69 61 6d 69 20 67 72 61 6e 64 20 70 72 69 78 22 2c 22 63 6f 73 74 63 6f 20 6d 61 79 20 32 30 32 34 20 63 6f 75 70 6f 6e 20 62 6f 6f 6b 22 2c 22 6c 65 66 74 20 62 65 68 69 6e 64 20 67 72 61 79 20 7a 6f 6e 65 20 77 61 72 66 61 72 65 22 2c 22 63 61 69 74 6c 69 6e 20 63 6c 61 72 6b 20 77 6e 62 61 20 69 6e 64 69 61 6e 61 20 66 65 76 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65
                              Data Ascii: ouston texas flooding","nyc five boro bike tour road closures","lando norris miami grand prix","costco may 2024 coupon book","left behind gray zone warfare","caitlin clark wnba indiana fever"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false
                              2024-05-06 03:32:22 UTC96INData Raw: 76 4d 6d 64 72 4d 79 74 55 4b 33 4a 73 64 31 52 48 5a 46 4e 33 4d 30 6c 4c 56 31 46 35 5a 32 4e 73 53 6c 42 50 56 44 56 42 61 6a 51 77 54 33 70 32 61 58 64 5a 4e 32 4a 68 5a 7a 4a 6c 63 48 6c 52 54 54 67 34 4d 57 70 47 59 30 68 56 5a 6b 70 72 4f 54 45 34 63 55 35 51 59 54 45 7a 51 0d 0a
                              Data Ascii: vMmdrMytUK3Jsd1RHZFN3M0lLV1F5Z2NsSlBPVDVBajQwT3p2aXdZN2JhZzJlcHlRTTg4MWpGY0hVZkprOTE4cU5QYTEzQ
                              2024-05-06 03:32:22 UTC86INData Raw: 35 30 0d 0a 31 52 49 5a 6c 64 58 62 6c 56 30 63 33 42 35 4e 45 5a 4a 4e 43 74 73 53 6d 4a 34 51 6b 31 6f 64 46 52 31 4f 47 52 6c 53 31 70 68 56 48 5a 30 4d 47 68 36 65 54 4e 49 5a 57 4a 42 59 33 64 44 56 6e 4a 44 55 6d 35 36 55 44 55 34 59 56 41 78 52 0d 0a
                              Data Ascii: 501RIZldXblV0c3B5NEZJNCtsSmJ4Qk1odFR1OGRlS1phVHZ0MGh6eTNIZWJBY3dDVnJDUm56UDU4YVAxR
                              2024-05-06 03:32:22 UTC1255INData Raw: 31 34 65 65 0d 0a 33 42 35 56 54 49 32 4b 79 73 77 61 48 51 34 52 6c 46 56 52 57 52 47 4b 7a 68 4c 4e 44 59 78 4e 56 70 4f 4d 45 49 30 63 6c 5a 72 4e 57 6c 4c 59 32 4a 73 63 57 4a 4d 61 45 4e 53 4e 44 45 7a 61 32 39 43 61 30 52 4c 63 32 6c 6e 63 6d 74 75 63 7a 4d 34 62 30 70 43 55 46 64 6f 55 54 67 30 62 46 46 56 63 46 4a 50 53 32 39 6c 61 56 68 31 56 30 68 6b 4d 6a 68 4b 63 44 68 50 62 6b 74 72 51 57 6c 77 56 48 46 4c 54 79 73 78 5a 45 68 54 4e 6d 39 78 53 32 70 72 52 57 31 78 53 48 42 6b 4d 46 4d 35 54 31 4a 30 4e 33 6c 6b 65 56 55 30 53 58 70 36 55 32 35 57 52 6e 56 53 53 57 70 73 59 6c 4e 6a 64 55 34 34 4b 32 52 4d 54 30 78 78 64 33 42 74 57 6e 4e 71 52 79 74 4f 4f 54 5a 75 53 30 45 34 51 31 52 71 63 47 70 48 51 6d 34 30 62 6d 70 36 4e 33 46 4e 64 58
                              Data Ascii: 14ee3B5VTI2KyswaHQ4RlFVRWRGKzhLNDYxNVpOMEI0clZrNWlLY2JscWJMaENSNDEza29Ca0RLc2lncmtuczM4b0pCUFdoUTg0bFFVcFJPS29laVh1V0hkMjhKcDhPbktrQWlwVHFLTysxZEhTNm9xS2prRW1xSHBkMFM5T1J0N3lkeVU0SXp6U25WRnVSSWpsYlNjdU44K2RMT0xxd3BtWnNqRytOOTZuS0E4Q1RqcGpHQm40bmp6N3FNdX
                              2024-05-06 03:32:22 UTC1255INData Raw: 52 4c 56 32 4e 49 53 32 31 35 64 45 6b 30 65 47 74 42 57 6b 46 51 51 58 42 59 53 31 56 57 62 30 74 71 65 45 38 7a 57 56 4a 61 56 32 56 36 64 47 4e 61 55 33 4e 6e 61 47 78 44 55 6d 35 79 4e 30 6c 76 4f 56 4e 47 4e 31 46 55 4e 6e 46 53 4e 33 46 35 4e 6a 6c 52 55 6d 35 79 57 6b 64 31 51 6d 35 76 61 56 45 78 62 31 52 73 56 7a 64 73 53 33 6f 78 55 6a 56 6e 5a 7a 68 6c 5a 6d 52 59 59 55 5a 6d 4e 30 70 4e 61 30 6c 71 55 6e 4a 72 53 6b 56 6f 5a 6e 4e 77 54 48 6c 72 4e 33 5a 75 4f 55 4a 57 54 6d 31 69 4e 54 4a 6b 63 47 70 79 56 57 6b 31 63 33 68 75 4e 45 78 4d 4c 31 6c 31 51 6d 46 49 53 45 4e 44 56 55 78 33 59 30 74 42 55 45 39 52 54 54 67 77 4d 46 4a 6e 4f 55 5a 47 55 54 63 72 59 31 56 4e 65 55 5a 6b 64 58 41 77 55 57 31 6b 4b 7a 4e 48 4f 48 56 6a 4e 48 49 32 4e
                              Data Ascii: RLV2NIS215dEk0eGtBWkFQQXBYS1VWb0tqeE8zWVJaV2V6dGNaU3NnaGxDUm5yN0lvOVNGN1FUNnFSN3F5NjlRUm5yWkd1Qm5vaVExb1RsVzdsS3oxUjVnZzhlZmRYYUZmN0pNa0lqUnJrSkVoZnNwTHlrN3ZuOUJWTm1iNTJkcGpyVWk1c3huNExML1l1QmFISENDVUx3Y0tBUE9RTTgwMFJnOUZGUTcrY1VNeUZkdXAwUW1kKzNHOHVjNHI2N
                              2024-05-06 03:32:22 UTC1255INData Raw: 51 4c 30 56 42 52 45 46 52 51 55 46 46 52 45 46 33 54 55 4a 43 5a 31 6c 44 51 58 64 46 51 55 46 42 51 55 46 42 51 55 56 44 51 58 64 52 51 55 4a 53 52 55 64 4a 56 45 56 54 52 58 6c 4b 51 6c 56 58 52 30 4a 43 65 46 46 71 54 58 42 48 61 47 4e 69 52 6b 4e 56 63 45 6c 36 4c 7a 68 52 51 55 64 52 52 55 46 42 64 30 56 43 51 56 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 6e 54 55 56 42 51 56 56 43 4c 7a 68 52 51 55 70 53 52 55 46 42 5a 30 31 42 51 57 64 42 52 6b 4a 52 52 55 46 42 51 55 46 42 51 55 46 42 51 55 46 52 53 55 46 42 65 45 56 54 53 56 4e 4a 65 46 46 57 52 6d 68 43 53 55 68 43 4d 47 56 46 52 69 38 35 62 30 46 45 51 55 31 43 51 55 46 4a 55 6b 46 34 52 55 46 51 64 30 4a 4d 62 33 6c 42 56 6b 4e 32 61 58 52 53 63 56 4e 31 4e 6a 4e 71 54 6d
                              Data Ascii: QL0VBREFRQUFFREF3TUJCZ1lDQXdFQUFBQUFBQUVDQXdRQUJSRUdJVEVTRXlKQlVXR0JCeFFqTXBHaGNiRkNVcEl6LzhRQUdRRUFBd0VCQVFBQUFBQUFBQUFBQUFBQUFnTUVBQVVCLzhRQUpSRUFBZ01BQWdBRkJRRUFBQUFBQUFBQUFRSUFBeEVTSVNJeFFWRmhCSUhCMGVFRi85b0FEQU1CQUFJUkF4RUFQd0JMb3lBVkN2aXRScVN1NjNqTm
                              2024-05-06 03:32:22 UTC1255INData Raw: 68 6f 57 6c 68 4d 5a 6c 4e 50 65 55 74 31 62 46 4d 79 61 30 73 7a 54 7a 4e 42 56 57 52 78 53 46 6c 71 62 44 52 7a 62 48 68 57 53 58 51 35 63 47 31 53 61 54 46 73 54 48 46 49 56 32 35 49 54 33 42 51 54 30 59 33 51 56 6b 76 5a 30 4e 77 62 48 4a 4f 62 46 70 5a 5a 57 5a 4d 55 6a 6c 6f 61 43 39 56 4f 48 4e 5a 53 6d 46 4e 4f 57 39 34 53 46 64 77 53 6c 4e 50 63 46 4e 48 4d 6a 46 4d 53 31 4e 76 62 6d 78 49 61 56 49 33 5a 56 42 79 55 57 4a 77 59 54 5a 31 55 30 35 5a 57 45 74 56 64 33 4e 77 4b 31 70 6a 56 7a 68 72 61 6d 4a 4a 51 32 70 71 4f 55 74 47 55 58 59 78 4e 33 5a 47 4d 57 6c 48 53 6b 68 30 52 54 5a 50 52 6d 70 45 4e 54 64 4f 59 57 70 71 57 57 78 42 4d 6a 4a 55 64 31 51 31 4e 31 5a 59 63 31 4a 6a 64 44 4a 76 59 6c 64 73 4b 7a 4a 74 52 30 68 46 63 6b 4e 70 55
                              Data Ascii: hoWlhMZlNPeUt1bFMya0szTzNBVWRxSFlqbDRzbHhWSXQ5cG1SaTFsTHFIV25IT3BQT0Y3QVkvZ0NwbHJObFpZZWZMUjloaC9VOHNZSmFNOW94SFdwSlNPcFNHMjFMS1NvbmxIaVI3ZVByUWJwYTZ1U05ZWEtVd3NwK1pjVzhramJJQ2pqOUtGUXYxN3ZGMWlHSkh0RTZPRmpENTdOYWpqWWxBMjJUd1Q1N1ZYc1JjdDJvYldsKzJtR0hFckNpU
                              2024-05-06 03:32:22 UTC346INData Raw: 31 5a 4e 61 6b 31 54 4f 47 78 4e 65 6b 56 30 56 56 4e 46 63 33 52 54 65 54 42 44 51 55 70 45 52 45 56 50 54 58 41 47 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22
                              Data Ascii: 1ZNak1TOGxNekV0VVNFc3RTeTBDQUpEREVPTXAGcAc\u003d","zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"
                              2024-05-06 03:32:22 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449735172.217.165.1964432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:22 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:23 UTC967INHTTP/1.1 200 OK
                              Version: 630032337
                              Content-Type: application/json; charset=UTF-8
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Content-Disposition: attachment; filename="f.txt"
                              Date: Mon, 06 May 2024 03:32:23 GMT
                              Server: gws
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-05-06 03:32:23 UTC288INData Raw: 32 34 32 38 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 61 20 67 62 5f 68 62 20 67 62 5f 54 64 20 67 62 5f 6e 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                              Data Ascii: 2428)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                              2024-05-06 03:32:23 UTC1255INData Raw: 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 72 64 20 67 62 5f 6b 64 20 67 62 5f 78 64 20 67 62 5f 77 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 67 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 71 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30
                              Data Ascii: 03e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u00
                              2024-05-06 03:32:23 UTC1255INData Raw: 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 63 20 67 62 5f 35 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 65 64 20 67 62
                              Data Ascii: label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nc gb_5d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_qd gb_ed gb
                              2024-05-06 03:32:23 UTC1255INData Raw: 22 67 62 5f 55 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 37 63 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 20 67 62 5f 4b 20 67 62 5f 6a 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 66 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74
                              Data Ascii: "gb_Ud\"\u003e\u003cdiv class\u003d\"gb_7c\"\u003e \u003cdiv class\u003d\"gb_x gb_K gb_j\"\u003e \u003cdiv class\u003d\"gb_f\"\u003e \u003ca class\u003d\"gb_d\" aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" t
                              2024-05-06 03:32:23 UTC1255INData Raw: 6d 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 68 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 36 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c
                              Data Ascii: m/intl/en/about/products?tab\u003drh\" aria-expanded\u003d\"false\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg class\u003d\"gb_h\" focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,
                              2024-05-06 03:32:23 UTC1255INData Raw: 75 30 30 33 64 5c 22 67 62 5f 36 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 48 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 49 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 38 64 20 67 62 5f 4a 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 63 20 67 62 5f 35 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c
                              Data Ascii: u003d\"gb_6c\"\u003e\u003cdiv class\u003d\"gb_Hc\"\u003e\u003cdiv class\u003d\"gb_Ic\"\u003e\u003ca class\u003d\"gb_8d gb_Jc gb_6d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nc gb_5d\" aria-hidden\u003d\"true\
                              2024-05-06 03:32:23 UTC1255INData Raw: 6e 28 29 7b 69 66 28 21 5f 2e 71 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 7c 7c 21 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 61 5c 75 30 30 33 64 21 31 2c 62 5c 75 30 30 33 64 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 7b 7d 2c 5c 22 70 61 73 73 69 76 65 5c 22 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 61 5c 75 30 30 33 64 21 30 7d 7d 29 3b 74 72 79 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 28 29 5c 75 30 30 33 64 5c 75 30 30 33 65 7b 7d 3b 5f 2e 71 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 5c 22 74 65 73 74 5c 22 2c 63 2c 62 29 3b 5f 2e 71 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 5c 22 74 65 73 74 5c 22 2c 63 2c 62 29
                              Data Ascii: n(){if(!_.q.addEventListener||!Object.defineProperty)return!1;var a\u003d!1,b\u003dObject.defineProperty({},\"passive\",{get:function(){a\u003d!0}});try{const c\u003d()\u003d\u003e{};_.q.addEventListener(\"test\",c,b);_.q.removeEventListener(\"test\",c,b)
                              2024-05-06 03:32:23 UTC1255INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 30 5c 75 30 30 33 63 62 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 5f 2e 75 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 74 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 44 5c 22 29 3b 7d 3b 77 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 76 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e
                              Data Ascii: nction(a){const b\u003da.length;if(0\u003cb){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};_.ud\u003dfunction(a){if(a instanceof _.td)return a.i;throw Error(\"D\");};wd\u003dfunction(a){return new vd(b\u003d\u003eb.
                              2024-05-06 03:32:23 UTC191INData Raw: 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 61 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 48 64 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 48 64 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 48 64 7d 29 7d 63 61 74 63 68 28 64 29 7b 5f 2e 71 2e 63 6f 6e 73 6f 6c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 71 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 64 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 0d 0a
                              Data Ascii: tedTypes;if(!c||!c.createPolicy)return b;try{b\u003dc.createPolicy(a,{createHTML:Hd,createScript:Hd,createScriptURL:Hd})}catch(d){_.q.console\u0026\u0026_.q.console.error(d.message)}return
                              2024-05-06 03:32:23 UTC344INData Raw: 31 35 31 0d 0a 62 7d 3b 5c 6e 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 2e 63 61 6c 6c 28 61 2c 62 2c 76 6f 69 64 20 30 29 7d 3b 74 72 79 7b 28 6e 65 77 20 73 65 6c 66 2e 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 28 30 2c 30 29 29 2e 67 65 74 43 6f 6e 74 65 78 74 28 5c 22 32 64 5c 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 3b 76 61 72 20 4c 64 3b 5f 2e 4d 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33
                              Data Ascii: 151b};\n_.Jd\u003dfunction(a,b){return 0\u003d\u003da.lastIndexOf(b,0)};_.Kd\u003dfunction(a,b){return Array.prototype.some.call(a,b,void 0)};try{(new self.OffscreenCanvas(0,0)).getContext(\"2d\")}catch(a){};var Ld;_.Md\u003dfunction(){void 0\u003d\u003


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449734172.217.165.1964432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:22 UTC353OUTGET /async/newtab_promos HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:23 UTC922INHTTP/1.1 200 OK
                              Version: 630032337
                              Content-Type: application/json; charset=UTF-8
                              X-Content-Type-Options: nosniff
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Content-Disposition: attachment; filename="f.txt"
                              Date: Mon, 06 May 2024 03:32:23 GMT
                              Server: gws
                              Cache-Control: private
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2024-05-06 03:32:23 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                              2024-05-06 03:32:23 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.449743142.250.64.2064432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:26 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                              Host: apis.google.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              Accept: */*
                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:26 UTC916INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Access-Control-Allow-Origin: *
                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                              Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                              Content-Length: 121628
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Date: Thu, 02 May 2024 09:23:33 GMT
                              Expires: Fri, 02 May 2025 09:23:33 GMT
                              Cache-Control: public, max-age=31536000
                              Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                              Content-Type: text/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Age: 324533
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2024-05-06 03:32:26 UTC339INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                              Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                              2024-05-06 03:32:26 UTC1255INData Raw: 7d 7d 3b 63 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c
                              Data Ascii: }};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,
                              2024-05-06 03:32:26 UTC1255INData Raw: 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64
                              Data Ascii: on"===typeof d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="und
                              2024-05-06 03:32:26 UTC1255INData Raw: 2e 50 66 29 7b 74 68 69 73 2e 50 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d
                              Data Ascii: .Pf){this.Pf=[];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=
                              2024-05-06 03:32:26 UTC1255INData Raw: 74 6f 74 79 70 65 2e 6e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74
                              Data Ascii: totype.nea=function(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)ret
                              2024-05-06 03:32:26 UTC1255INData Raw: 3b 74 68 69 73 2e 73 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63
                              Data Ascii: ;this.sV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c
                              2024-05-06 03:32:26 UTC1255INData Raw: 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b
                              Data Ascii: ct.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)||3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");
                              2024-05-06 03:32:26 UTC1255INData Raw: 20 62 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d
                              Data Ascii: b=new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m
                              2024-05-06 03:32:26 UTC1255INData Raw: 6d 3d 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66
                              Data Ascii: m=b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key||l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(f
                              2024-05-06 03:32:26 UTC1255INData Raw: 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d
                              Data Ascii: urn!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||4!=f.value[0].x||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.44974523.196.177.159443
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-05-06 03:32:31 UTC466INHTTP/1.1 200 OK
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (chd/0758)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-weu-z1
                              Cache-Control: public, max-age=12666
                              Date: Mon, 06 May 2024 03:32:31 GMT
                              Connection: close
                              X-CID: 2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.44974623.196.177.159443
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:32 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                              Range: bytes=0-2147483646
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-05-06 03:32:32 UTC530INHTTP/1.1 200 OK
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Content-Type: application/octet-stream
                              ApiVersion: Distribute 1.1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                              Cache-Control: public, max-age=12699
                              Date: Mon, 06 May 2024 03:32:32 GMT
                              Content-Length: 55
                              Connection: close
                              X-CID: 2
                              2024-05-06 03:32:32 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.449756193.124.22.1074432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:52 UTC655OUTGET / HTTP/1.1
                              Host: apidevst.com
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:52 UTC273INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Mon, 06 May 2024 03:32:52 GMT
                              Content-Type: text/html; charset=utf-8
                              Content-Length: 147
                              Connection: close
                              Cache-Control: no-cache, no-store, must-revalidate
                              Expires: Mon, 06 May 2024 03:32:52 GMT
                              Vary: Accept-Encoding
                              2024-05-06 03:32:52 UTC147INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.449757193.124.22.1074432700C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-05-06 03:32:53 UTC580OUTGET /favicon.ico HTTP/1.1
                              Host: apidevst.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://apidevst.com/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-05-06 03:32:54 UTC143INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Mon, 06 May 2024 03:32:54 GMT
                              Content-Type: text/html
                              Content-Length: 548
                              Connection: close
                              2024-05-06 03:32:54 UTC548INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:05:32:14
                              Start date:06/05/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:1
                              Start time:05:32:19
                              Start date:06/05/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:3
                              Start time:05:32:20
                              Start date:06/05/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,17449975914517360887,1340231660079692741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:4
                              Start time:05:32:21
                              Start date:06/05/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=964,i,7821398057109531615,15787434121257409365,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:9
                              Start time:05:32:47
                              Start date:06/05/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://apidevst.com"
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              No disassembly